| # Copyright 2019 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # Build arguments used in the context of verified boot. |
| # See [this document](https://android.googlesource.com/platform/external/avb/+/HEAD/README.md) |
| # for more information. |
| |
| import("//build/testing/verify_files_match.gni") |
| import("//build/zircon/tools.gni") |
| import("//src/developer/ffx/build/ffx_action.gni") |
| |
| declare_args() { |
| # If true, then a vbmeta image will be generated for provided ZBI |
| # and the paving script will pave vbmeta images to the target device. |
| use_vbmeta = false |
| |
| # a key which will be used to sign VBMETA and images for AVB |
| avb_key = "" |
| |
| # AVB metadata which will be used to validate public key |
| avb_atx_metadata = "" |
| |
| # Partition name from where image will be verified |
| zvb_partition_name = "zircon" |
| |
| # Board level extra vbmeta descriptors to be combined into the top-level |
| # vbmeta struct (these are in json format) |
| # |
| # see //build/images/vbmeta/README.md for more information about these. |
| board_extra_vbmeta_descriptors = [] |
| |
| # DEPRECATED: Remove when no boards set a value for these. |
| board_extra_vbmeta_images = [] |
| avb_algorithm = "DEPRECATED" |
| } |
| |
| # Template for producing VBMETA image for AVB |
| # |
| # Parameters |
| # |
| # output_name (optional, default: target_name) |
| # |
| # zbi (required) |
| # [list-of-strings] path to a ZBI image to be included in AVB chain. |
| # Must only contain a single entry. |
| # |
| # deps (usually required) |
| # testonly, metadata |
| # Usual GN meaning. |
| template("vbmeta") { |
| if (defined(invoker.output_name)) { |
| output_file = invoker.output_name |
| } else { |
| output_file = target_name |
| } |
| |
| output_file += ".vbmeta" |
| salt_file = output_file + ".salt" |
| |
| zbi = invoker.zbi |
| assert([ zbi[0] ] == zbi, "zbi parameter must contain a single entry") |
| assert(avb_key != "", "avb_key must be specified") |
| assert(avb_atx_metadata != "", "avb metadata must be specified") |
| output_file = "$root_out_dir/$output_file" |
| salt_file = "$root_out_dir/$salt_file" |
| |
| ffx_action(target_name) { |
| forward_variables_from(invoker, |
| [ |
| "testonly", |
| "visibility", |
| "deps", |
| "metadata", |
| ]) |
| |
| args = [ |
| "--config", |
| "assembly_enabled=true", |
| "assembly", |
| "vbmeta", |
| "sign", |
| "--key", |
| rebase_path(avb_key, root_build_dir), |
| "--key-metadata", |
| rebase_path(avb_atx_metadata, root_build_dir), |
| "--name", |
| zvb_partition_name, |
| "--image-path", |
| rebase_path(zbi[0], root_build_dir), |
| "--output", |
| rebase_path(output_file, root_build_dir), |
| "--salt-outfile", |
| rebase_path(salt_file, root_build_dir), |
| ] |
| inputs = [ |
| avb_key, |
| avb_atx_metadata, |
| zbi[0], |
| ] |
| |
| # Add any json-format descriptors to the arguments list directly. |
| foreach(descriptor_file, board_extra_vbmeta_descriptors) { |
| args += [ |
| "--additional-descriptor", |
| rebase_path(descriptor_file, root_build_dir), |
| ] |
| inputs += [ descriptor_file ] |
| } |
| |
| outputs = [ |
| output_file, |
| salt_file, |
| ] |
| } |
| } |
| |
| # DEPRECATED: Remove when no boards set a value for this. |
| not_needed([ |
| "board_extra_vbmeta_images", |
| "avb_algorithm", |
| ]) |