| # Copyright 2019 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # Build arguments used in the context of verified boot. |
| # See [this document](https://android.googlesource.com/platform/external/avb/+/HEAD/README.md) |
| # for more information. |
| |
| import("//build/compiled_action.gni") |
| |
| declare_args() { |
| # If true, then a vbmeta image will be generated for provided ZBI |
| # and the paving script will pave vbmeta images to the target device. |
| use_vbmeta = false |
| |
| # a key which will be used to sign VBMETA and images for AVB |
| avb_key = "" |
| |
| # AVB metadata which will be used to validate public key |
| avb_atx_metadata = "" |
| |
| # Partition name from where image will be verified |
| zvb_partition_name = "zircon" |
| |
| # Additional VBMeta Descriptors to add to the vbmeta image during assembly. |
| # |
| # To add a descriptor, include GN code such as: |
| # |
| # ``` |
| # extra_vbmeta_descriptors = [{ |
| # name = "zircon" # name of the partition |
| # size = 12345 # size of the partition in bytes |
| # flags = 1 # custom vbmeta flags to add |
| # min_avb_version = "1.1" # minimum avb version |
| # }] |
| # ``` |
| extra_vbmeta_descriptors = false |
| |
| # DEPRECATED: Remove when no boards set a value for these. |
| board_extra_vbmeta_images = [] |
| avb_algorithm = "DEPRECATED" |
| } |
| |
| # DEPRECATED: Remove when no boards set a value for this. |
| not_needed([ |
| "board_extra_vbmeta_images", |
| "avb_algorithm", |
| ]) |
| |
| # Creates a VBMeta image from a given ZBI. |
| # |
| # The image is created next to provided ZBI at "${zbi_path}.vbmeta". |
| # |
| # Parameters |
| # |
| # * zbi |
| # - Required: Label of the associated ZBI target. Must be defined within |
| # the same file as the vbmeta() target. |
| # - Type: label |
| # |
| # * testonly, visibility |
| # - Optional: The usual GN meanings. |
| # |
| template("vbmeta") { |
| assert(defined(invoker.zbi), "`zbi` must be defined") |
| |
| zbi_outputs = get_target_outputs(invoker.zbi) |
| zbi_path = zbi_outputs[0] |
| output_vbmeta = zbi_path + ".vbmeta" |
| |
| compiled_action(target_name) { |
| forward_variables_from(invoker, |
| [ |
| "testonly", |
| "visibility", |
| ]) |
| |
| tool = "//src/lib/assembly/vbmeta:bin" |
| tool_output_name = "vbmeta" |
| |
| sources = [ |
| avb_atx_metadata, |
| avb_key, |
| zbi_path, |
| ] |
| outputs = [ output_vbmeta ] |
| |
| args = [ |
| "--zbi", |
| rebase_path(zbi_path, root_build_dir), |
| "--private-key-pem", |
| rebase_path(avb_key, root_build_dir), |
| "--public-key-metadata", |
| rebase_path(avb_atx_metadata, root_build_dir), |
| "--output", |
| rebase_path(output_vbmeta, root_build_dir), |
| ] |
| deps = [ invoker.zbi ] |
| |
| metadata = { |
| images = [ |
| { |
| label = get_label_info(":$target_name", "label_with_toolchain") |
| name = target_name |
| path = rebase_path(output_vbmeta, root_build_dir) |
| type = "vbmeta" |
| cpu = current_cpu |
| if (defined(testonly) && testonly) { |
| testonly = true |
| } |
| forward_variables_from(invoker, [ "tags" ]) |
| }, |
| ] |
| } |
| } |
| } |