avb_boot_img.bzl 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. load("//build/kernel/kleaf:hermetic_tools.bzl", "hermetic_toolchain")
  2. def sign_boot_img(ctx):
  3. inputs = []
  4. inputs += ctx.files.artifacts
  5. inputs += ctx.files.avbtool
  6. inputs += ctx.files.key
  7. outputs = ctx.actions.declare_file("{}/boot.img".format(ctx.label.name))
  8. hermetic_tools = hermetic_toolchain.get(ctx)
  9. for artifact in ctx.files.artifacts:
  10. if artifact.basename == "boot.img":
  11. boot_img = artifact
  12. break
  13. if not boot_img:
  14. fail("artifacts must include file named \"boot.img\"")
  15. proplist = " ".join(["--prop {}".format(x) for x in ctx.attr.props])
  16. command = hermetic_tools.setup
  17. command += """
  18. cp {boot_img} {boot_dir}/{boot_name}
  19. {tool} add_hash_footer --image {boot_dir}/{boot_name} --algorithm SHA256_RSA4096 \
  20. --key {key} --partition_size {boot_partition_size} --partition_name boot \
  21. {proplist}
  22. """.format(
  23. boot_img = boot_img.path,
  24. tool = ctx.file.avbtool.path,
  25. key = ctx.file.key.path,
  26. boot_dir = outputs.dirname,
  27. boot_name = outputs.basename,
  28. boot_partition_size = ctx.attr.boot_partition_size,
  29. proplist = proplist,
  30. )
  31. ctx.actions.run_shell(
  32. mnemonic = "SignBootImg",
  33. inputs = inputs,
  34. outputs = [outputs],
  35. command = command,
  36. tools = hermetic_tools.deps,
  37. progress_message = "Signing boot image from artifacts",
  38. )
  39. return [
  40. DefaultInfo(
  41. files = depset([outputs]),
  42. ),
  43. ]
  44. avb_sign_boot_image = rule(
  45. implementation = sign_boot_img,
  46. doc = "Sign the boot image present in artifacts",
  47. attrs = {
  48. "artifacts": attr.label(
  49. mandatory = True,
  50. allow_files = True,
  51. ),
  52. "avbtool": attr.label(
  53. mandatory = True,
  54. allow_single_file = True,
  55. ),
  56. "key": attr.label(
  57. mandatory = True,
  58. allow_single_file = True,
  59. ),
  60. "boot_partition_size": attr.int(
  61. mandatory = False,
  62. default = 0x6000000, # bytes, = 98304 kb
  63. doc = "Final size of boot.img desired",
  64. ),
  65. "props": attr.string_list(
  66. mandatory = True,
  67. allow_empty = False,
  68. doc = "List of key:value pairs",
  69. ),
  70. },
  71. toolchains = [
  72. hermetic_toolchain.type,
  73. ],
  74. )