We have already switched to the protobuf format for new builds, and
the downgrade packages will require a data wipe. So it should be safe
to drop the support for text format.
This also helps to save the issue when users sideload a package with a
pending OTA, because the new CareMap contains the fingerprint of the
intended build.
Bug: 128536706
Test: unit tests pass, run update_verifier with legacy CareMap
Change-Id: I1c4d0e54ec591f16cc0a65dac76767725ff9e7c4
(cherry picked from commit aaa6103ae7)
The update_verifier now compares the fingerprint of a partition before
performing the blocks read. If the fingerprint of the current system property
mismatches the one embedded in the care_map, verification of this partition
will be skipped. This is useful for the possible system only updates in the
future.
Bug: 114778109
Test: unit tests pass
Change-Id: Iea309148a05109b5810dfb533d94260d77ab8540
The refactor separates out the parsing of care_map and the actual
verification of the partitions. Moreover, it skips the verification in case
of a format error in the care map.
Also, the parsing of care_map now uses the suffix of the file to
tell if it has the protobuf format or the plain text format.
Bug: 115740187
Test: unit test pass
Change-Id: I7aa32004db02af1deb7bfdc6f5bd7921eb7883e5
Switching to the protobuf format helps to make the care_map more
extensible. As we have such plans in the future, add the support to
parse the protobuf message in the update_verifier.
Bug: 77867897
Test: unit tests pass, update_verifier successfully verifies a care_map.pb
Change-Id: I9fe83cb4dd3cc8d6fd0260f2a47338fe142d3938
This allows the update_verifier in a general system image to work across
devices that have different verified boot versions (i.e. not supported /
verified boot 1.0 / verified boot 2.0 / disabled).
Bug: 78283982
Test: Run recovery_component_test on both of marlin and walleye.
Test: Generate an OTA that has this CL. Install this OTA and check the
update_verifier log during the post-reboot verification, on both
of marlin (VB 1.0) and walleye (VB 2.0).
Test: Build and flash walleye image with verified boot disabled. Check
that update_verifier marks the slot as successfully booted.
Change-Id: I828d87d59f911786531f774ffcf9b2ad7c2ca007
We have added the support for building /product partition in build
system (the CL in [1]), where /product is an optional partition that
contains system files. This CL adds the matching support if /product
needs to be verified during A/B OTA (i.e. listed in care_map file).
[1]: commit b7735d81054002961b681f4bdf296d4de2701135,
https://android-review.googlesource.com/c/platform/build/+/598454
Bug: 63974895
Test: Run update_verifier test on walleye.
Change-Id: Ia1c35e9583b8e66c98a4495b1f81a5ea7e65036f
This is to cover the code added by commit
5a1dee01df, where an O update_verifier
should not reject N care_map.txt.
Bug: 63544345
Test: recovery_component_test passes on marlin.
Change-Id: Ia944e16cba3cc635098b3ffd92842d725b570fec
When using AVB, PRODUCT_SUPPORTS_VERITY is not set so check for
BOARD_ENABLE_AVB as well. Also AVB sets up the root filesystem as
'vroot' so map that to 'system' since this is what is
expected. Managed to test at least that the code is at least compiled
in:
$ fastboot --set-active=_a
Setting current slot to 'a'...
OKAY [ 0.023s]
finished. total time: 0.023s
$ fastboot reboot
rebooting...
finished. total time: 0.050s
$ adb wait-for-device
$ adb logcat |grep update_verifier
03-04 05:28:56.773 630 630 I /system/bin/update_verifier: Started with arg 1: nonencrypted
03-04 05:28:56.776 630 630 I /system/bin/update_verifier: Booting slot 0: isSlotMarkedSuccessful=0
03-04 05:28:56.776 630 630 W /system/bin/update_verifier: Failed to open /data/ota_package/care_map.txt: No such file or directory
03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Marked slot 0 as booted successfully.
03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Leaving update_verifier.
Bug: None
Test: Manually tested on device using AVB bootloader.
Change-Id: I13c0fe1cc5d0f397e36f5e62fcc05c8dfee5fd85
