zircon/third_party/tools/android/gki/generate_gki_certificate.py - fuchsia - Git at Google

 #!/usr/bin/env fuchsia-vendored-python
 #
 # Copyright 2021, The Android Open Source Project
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
 """Generate a Generic Boot Image certificate suitable for VTS verification."""
 from argparse import ArgumentParser
 import shlex
 import subprocess
 def generate_gki_certificate(image, avbtool, name, algorithm, key, salt,
                              additional_avb_args, output):
     """Shell out to avbtool to generate a GKI certificate."""
     # Need to specify a value of --partition_size for avbtool to work.
     # We use 64 MB below, but avbtool will not resize the boot image to
     # this size because --do_not_append_vbmeta_image is also specified.
     avbtool_cmd = [
         avbtool, 'add_hash_footer',
         '--partition_name', name,
         '--partition_size', str(64 * 1024 * 1024),
         '--image', image,
         '--algorithm', algorithm,
         '--key', key,
         '--do_not_append_vbmeta_image',
         '--output_vbmeta_image', output,
     ]
     if salt is not None:
         avbtool_cmd += ['--salt', salt]
     avbtool_cmd += additional_avb_args
     subprocess.check_call(avbtool_cmd)
 def parse_cmdline():
     parser = ArgumentParser(add_help=True)
     # Required args.
     parser.add_argument('image', help='path to the image')
     parser.add_argument('-o', '--output', required=True,
                         help='output certificate file name')
     parser.add_argument('--name', required=True,
                         choices=['boot', 'generic_kernel'],
                         help='name of the image to be certified')
     parser.add_argument('--algorithm', required=True,
                         help='AVB signing algorithm')
     parser.add_argument('--key', required=True,
                         help='path to the RSA private key')
     # Optional args.
     parser.add_argument('--avbtool', default='avbtool',
                         help='path to the avbtool executable')
     parser.add_argument('--salt', help='salt to use when computing image hash')
     parser.add_argument('--additional_avb_args', default=[], action='append',
                         help='additional arguments to be forwarded to avbtool')
     args = parser.parse_args()
     additional_avb_args = []
     for a in args.additional_avb_args:
         additional_avb_args.extend(shlex.split(a))
     args.additional_avb_args = additional_avb_args
     return args
 def main():
     args = parse_cmdline()
     generate_gki_certificate(
         image=args.image, avbtool=args.avbtool, name=args.name,
         algorithm=args.algorithm, key=args.key, salt=args.salt,
         additional_avb_args=args.additional_avb_args,
         output=args.output,
     )
 if __name__ == '__main__':
     main()
	#!/usr/bin/env fuchsia-vendored-python
	#
	# Copyright 2021, The Android Open Source Project
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#
	"""Generate a Generic Boot Image certificate suitable for VTS verification."""
	from argparse import ArgumentParser
	import shlex
	import subprocess
	def generate_gki_certificate(image, avbtool, name, algorithm, key, salt,
	additional_avb_args, output):
	"""Shell out to avbtool to generate a GKI certificate."""
	# Need to specify a value of --partition_size for avbtool to work.
	# We use 64 MB below, but avbtool will not resize the boot image to
	# this size because --do_not_append_vbmeta_image is also specified.
	avbtool_cmd = [
	avbtool, 'add_hash_footer',
	'--partition_name', name,
	'--partition_size', str(64 * 1024 * 1024),
	'--image', image,
	'--algorithm', algorithm,
	'--key', key,
	'--do_not_append_vbmeta_image',
	'--output_vbmeta_image', output,
	]
	if salt is not None:
	avbtool_cmd += ['--salt', salt]
	avbtool_cmd += additional_avb_args
	subprocess.check_call(avbtool_cmd)
	def parse_cmdline():
	parser = ArgumentParser(add_help=True)
	# Required args.
	parser.add_argument('image', help='path to the image')
	parser.add_argument('-o', '--output', required=True,
	help='output certificate file name')
	parser.add_argument('--name', required=True,
	choices=['boot', 'generic_kernel'],
	help='name of the image to be certified')
	parser.add_argument('--algorithm', required=True,
	help='AVB signing algorithm')
	parser.add_argument('--key', required=True,
	help='path to the RSA private key')
	# Optional args.
	parser.add_argument('--avbtool', default='avbtool',
	help='path to the avbtool executable')
	parser.add_argument('--salt', help='salt to use when computing image hash')
	parser.add_argument('--additional_avb_args', default=[], action='append',
	help='additional arguments to be forwarded to avbtool')
	args = parser.parse_args()
	additional_avb_args = []
	for a in args.additional_avb_args:
	additional_avb_args.extend(shlex.split(a))
	args.additional_avb_args = additional_avb_args
	return args
	def main():
	args = parse_cmdline()
	generate_gki_certificate(
	image=args.image, avbtool=args.avbtool, name=args.name,
	algorithm=args.algorithm, key=args.key, salt=args.salt,
	additional_avb_args=args.additional_avb_args,
	output=args.output,
	)
	if __name__ == '__main__':
	main()