1package { 2 default_applicable_licenses: ["Android-Apache-2.0"], 3} 4 5prebuilt_etc { 6 name: "trusty_test_vm_elf", 7 system_ext_specific: true, 8 relative_install_path: "vm/trusty_vm", 9 filename: "trusty_test_vm.elf", 10 src: select((os(), arch()), { 11 ("android", "arm64"): ":trusty_test_vm_signed", 12 ("android", "x86_64"): ":trusty_test_vm_unsigned", 13 (default, default): ":empty_file", 14 }), 15} 16 17cc_binary { 18 name: "trusty_test_vm_signed", 19 srcs: [ 20 ":trusty_test_vm_signed_bin_obj", 21 ], 22 // reuse the common trusty_vm_sections linker script 23 linker_scripts: [ 24 ":trusty_vm_sections.ld", 25 ], 26 ldflags: [ 27 // Prevent the `trusty_test_vm_signed_bin_obj` segment from being garbage collected. 28 "-Wl,--no-gc-sections", 29 // Prevent the build ID segments from being added, as it would corrupt the integrity 30 // of the original signed image. 31 "-Wl,--build-id=none", 32 // Use a standard page size of 4096, smaller than the default 16384, to avoid padding 33 // with extra bytes. 34 "-Wl,-z,max-page-size=4096", 35 ], 36 nocrt: true, 37 no_libcrt: true, 38 static_executable: true, 39 system_shared_libs: [], 40 enabled: false, 41 target: { 42 android_arm64: { 43 enabled: true, 44 }, 45 }, 46 strip: { 47 none: true, 48 }, 49} 50 51cc_genrule { 52 name: "test_vm.S", 53 enabled: false, 54 arch: { 55 arm64: { 56 srcs: [":trusty_test_vm_signed_bin"], 57 enabled: true, 58 }, 59 }, 60 out: ["test_vm.S"], 61 cmd: "(" + 62 " echo '.section .vm_payload_signed.bin';" + 63 " echo '.globl vm_payload_signed';" + 64 " echo 'vm_payload_signed:';" + 65 " echo '.incbin \"'$(in)'\"';" + 66 ") > $(out)", 67 visibility: ["//visibility:private"], 68} 69 70cc_object { 71 name: "trusty_test_vm_signed_bin_obj", 72 srcs: [ 73 ":test_vm.S", 74 ], 75 crt: false, 76 static_libs: ["trusty_test_vm_signed_bin"], 77 system_shared_libs: [], 78 enabled: false, 79 target: { 80 android_arm64: { 81 enabled: true, 82 }, 83 }, 84 visibility: ["//visibility:private"], 85} 86 87// python -c "import hashlib; print(hashlib.sha256(b'trusty_test_vm_salt').hexdigest())" 88trusty_test_vm_salt = "5ce3eab1a08540e1334c83f54b8608aa6c23feee6939693cac41441449c5a51f" 89 90TRUSTY_TEST_VM_VERSION = 1 91 92avb_add_hash_footer { 93 name: "trusty_test_vm_signed_bin", 94 filename: "trusty_test_vm_signed.bin", 95 partition_name: "boot", 96 private_key: ":trusty_vm_sign_key", 97 salt: trusty_test_vm_salt, 98 rollback_index: TRUSTY_TEST_VM_VERSION, 99 props: [ 100 { 101 name: "com.android.virt.cap", 102 value: "trusty_security_vm", 103 }, 104 { 105 name: "com.android.virt.name", 106 value: "trusty_test_vm", 107 }, 108 ], 109 src: ":trusty_test_vm_unsigned", 110 enabled: false, 111 arch: { 112 arm64: { 113 enabled: true, 114 }, 115 x86_64: { 116 enabled: true, 117 }, 118 }, 119} 120