1package { 2 default_applicable_licenses: ["Android-Apache-2.0"], 3} 4 5prebuilt_etc { 6 name: "trusty_test_vm_os_elf", 7 system_ext_specific: true, 8 filename: "trusty_test_vm_os.elf", 9 src: select((os(), arch()), { 10 ("android", "arm64"): ":trusty_test_vm_os_signed", 11 ("android", "x86_64"): ":trusty_test_vm_os_unsigned", 12 (default, default): ":empty_file", 13 }), 14} 15 16cc_binary { 17 name: "trusty_test_vm_os_signed", 18 srcs: [ 19 ":trusty_test_vm_os_signed_bin_obj", 20 ], 21 // reuse the common trusty_vm_sections linker script 22 linker_scripts: [ 23 ":trusty_vm_sections.ld", 24 ], 25 ldflags: [ 26 // Prevent the `trusty_test_vm_os_signed_bin_obj` segment from being garbage collected. 27 "-Wl,--no-gc-sections", 28 // Prevent the build ID segments from being added, as it would corrupt the integrity 29 // of the original signed image. 30 "-Wl,--build-id=none", 31 // Use a standard page size of 4096, smaller than the default 16384, to avoid padding 32 // with extra bytes. 33 "-Wl,-z,max-page-size=4096", 34 ], 35 nocrt: true, 36 no_libcrt: true, 37 static_executable: true, 38 system_shared_libs: [], 39 enabled: false, 40 target: { 41 android_arm64: { 42 enabled: true, 43 }, 44 }, 45 strip: { 46 none: true, 47 }, 48} 49 50cc_genrule { 51 name: "test_vm_os.S", 52 enabled: false, 53 arch: { 54 arm64: { 55 srcs: [":trusty_test_vm_os_signed_bin"], 56 enabled: true, 57 }, 58 }, 59 out: ["test_vm_os.S"], 60 cmd: "(" + 61 " echo '.section .vm_payload_signed.bin';" + 62 " echo '.globl vm_payload_signed';" + 63 " echo 'vm_payload_signed:';" + 64 " echo '.incbin \"'$(in)'\"';" + 65 ") > $(out)", 66 visibility: ["//visibility:private"], 67} 68 69cc_object { 70 name: "trusty_test_vm_os_signed_bin_obj", 71 srcs: [ 72 ":test_vm_os.S", 73 ], 74 crt: false, 75 static_libs: ["trusty_test_vm_os_signed_bin"], 76 system_shared_libs: [], 77 enabled: false, 78 target: { 79 android_arm64: { 80 enabled: true, 81 }, 82 }, 83 visibility: ["//visibility:private"], 84} 85 86// python -c "import hashlib; print(hashlib.sha256(b'trusty_test_vm_os_salt').hexdigest())" 87trusty_test_vm_os_salt = "74706b35d927b14539a73e14e6e91a2d3be5d46a12c02cf4084bcef5ffee6e4a" 88 89TRUSTY_TEST_VM_OS_VERSION = 1 90 91avb_add_hash_footer { 92 name: "trusty_test_vm_os_signed_bin", 93 filename: "trusty_test_vm_os_signed.bin", 94 partition_name: "boot", 95 private_key: ":trusty_vm_sign_key", 96 salt: trusty_test_vm_os_salt, 97 rollback_index: TRUSTY_TEST_VM_OS_VERSION, 98 props: [ 99 { 100 name: "com.android.virt.cap", 101 value: "trusty_security_vm", 102 }, 103 { 104 name: "com.android.virt.name", 105 value: "trusty_test_vm_os", 106 }, 107 ], 108 src: ":trusty_test_vm_os_unsigned", 109 enabled: false, 110 arch: { 111 arm64: { 112 enabled: true, 113 }, 114 x86_64: { 115 enabled: true, 116 }, 117 }, 118} 119