blob: 46e80866e0da6e285dca8ae69dbc3aa54f52d4c2 [file] [log] [blame]
# Copyright 2019 The Fuchsia Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Build arguments used in the context of verified boot.
# See [this document](
# for more information.
declare_args() {
# If true, then a vbmeta image will be generated for provided ZBI
# and the paving script will pave vbmeta images to the target device.
use_vbmeta = false
# a key which will be used to sign VBMETA and images for AVB
avb_key = ""
# AVB metadata which will be used to validate public key
avb_atx_metadata = ""
# Partition name from where image will be verified
zvb_partition_name = "zircon"
# Board level extra vbmeta descriptors to be combined into the top-level
# vbmeta struct (these are in json format)
# see //build/images/vbmeta/ for more information about these.
board_extra_vbmeta_descriptors = []
# DEPRECATED: Remove when no boards set a value for these.
board_extra_vbmeta_images = []
avb_algorithm = "DEPRECATED"
# Template for producing VBMETA image for AVB
# Parameters
# output_name (optional, default: target_name)
# zbi (required)
# [list-of-strings] path to a ZBI image to be included in AVB chain.
# Must only contain a single entry.
# deps (usually required)
# testonly, metadata
# Usual GN meaning.
template("vbmeta") {
if (defined(invoker.output_name)) {
output_file = invoker.output_name
} else {
output_file = target_name
output_file += ".vbmeta"
zbi = invoker.zbi
assert([ zbi[0] ] == zbi, "zbi parameter must contain a single entry")
assert(avb_key != "", "avb_key must be specified")
assert(avb_atx_metadata != "", "avb metadata must be specified")
output_file = "$root_out_dir/$output_file"
ffx_action(target_name) {
args = [
rebase_path(avb_key, root_build_dir),
rebase_path(avb_atx_metadata, root_build_dir),
rebase_path(zbi[0], root_build_dir),
rebase_path(output_file, root_build_dir),
inputs = [
# Add any json-format descriptors to the arguments list directly.
foreach(descriptor_file, board_extra_vbmeta_descriptors) {
args += [
rebase_path(descriptor_file, root_build_dir),
inputs += [ descriptor_file ]
outputs = [ output_file ]
# DEPRECATED: Remove when no boards set a value for this.