kleaf: Add support to boot custom kernels without wiping

The following is implemented:
* Add hashtree footer to vendor_dlkm.
* Add SPL to boot.img

This allows developers to flash a custom kernel on an unlocked device
without having to wipe the device (based on SPL) or disable verification
(based on AVB hashtree requirement).

Test: verify custom boot.img and system_dlkm.img boots without wiping on C10
Test: verify custom vendor_dlkm.img boots without wiping on C10
Bug: 274825778
Change-Id: I685199eb11bfc5a4bdf545170ec136b327f992ad
Signed-off-by: Will McVicker <willmcvicker@google.com>

1 files changed, 33 insertions, 8 deletions

diff --git a/build_utils.sh b/build_utils.sh
index 662cb57..093a712 100644
--- a/build_utils.sh
+++ b/build_utils.sh
@@ -360,6 +360,11 @@ function build_vendor_dlkm() {
   build_image "${VENDOR_DLKM_STAGING_DIR}" "${vendor_dlkm_props_file}" \
     "${DIST_DIR}/vendor_dlkm.img" /dev/null
 
+  avbtool add_hashtree_footer \
+    --partition_name vendor_dlkm \
+    --hash_algorithm sha256 \
+    --image "${DIST_DIR}/vendor_dlkm.img"
+
   if [ -n "${vendor_dlkm_archive}" ]; then
     # Archive vendor_dlkm_staging_dir
     tar -czf "${DIST_DIR}/vendor_dlkm_staging_archive.tar.gz" -C "${VENDOR_DLKM_STAGING_DIR}" .
@@ -612,30 +617,44 @@ function gki_get_boot_img_size() {
   echo "${!boot_size_var}"
 }
 
-# gki_add_avb_footer <image> <partition_size>
+# gki_add_avb_footer <image> <partition_size> <security_patch_month>
 function gki_add_avb_footer() {
+  local spl_month="$3"
+  local additional_props=""
+  if [ -n "${spl_month}" ]; then
+    additional_props="--prop com.android.build.boot.security_patch:$(date +'%Y')-${spl_month}-05"
+  fi
+
   avbtool add_hash_footer --image "$1" \
-    --partition_name boot --partition_size "$2"
+    --partition_name boot --partition_size "$2" \
+    ${additional_props}
 }
 
-# gki_dry_run_certify_bootimg <boot_image> <gki_artifacts_info_file>
+# gki_dry_run_certify_bootimg <boot_image> <gki_artifacts_info_file> <security_patch_month>
 # The certify_bootimg script will be executed on a server over a GKI
 # boot.img during the official certification process, which embeds
 # a GKI certificate into the boot.img. The certificate is for Android
 # VTS to verify that a GKI boot.img is authentic.
 # Dry running the process here so we can catch related issues early.
 function gki_dry_run_certify_bootimg() {
+  local spl_month="$3"
+  local additional_props=()
+  if [ -n "${spl_month}" ]; then
+    additional_props+=("--extra_footer_args" \
+      "--prop com.android.build.boot.security_patch:$(date +'%Y')-${spl_month}-05")
+  fi
+
   certify_bootimg --boot_img "$1" \
     --algorithm SHA256_RSA4096 \
     --key tools/mkbootimg/gki/testdata/testkey_rsa4096.pem \
     --gki_info "$2" \
-    --output "$1"
+    --output "$1" \
+    "${additional_props[@]}"
 }
 
 # build_gki_artifacts_info <output_gki_artifacts_info_file>
 function build_gki_artifacts_info() {
-  local artifacts_info="certify_bootimg_extra_args=--prop ARCH:${ARCH} \
---prop BRANCH:${BRANCH}"
+  local artifacts_info="certify_bootimg_extra_args=--prop ARCH:${ARCH} --prop BRANCH:${BRANCH}"
 
   if [ -n "${BUILD_NUMBER}" ]; then
     artifacts_info="${artifacts_info} --prop BUILD_NUMBER:${BUILD_NUMBER}"
@@ -694,10 +713,16 @@ function build_gki_boot_images() {
     "${MKBOOTIMG_PATH}" "${GKI_MKBOOTIMG_ARGS[@]}"
 
     if [[ -z "${BUILD_GKI_BOOT_SKIP_AVB}" ]]; then
+      local spl_month=$(date +'%m')
+      if [ $((${spl_month} % 3)) -gt 0 ]; then
+        # Round up to the closest quarterly month
+        spl_month=$((${spl_month} + 3 - (${spl_month} % 3)))
+      fi
+
       gki_add_avb_footer "${boot_image_path}" \
-        "$(gki_get_boot_img_size "${compression}")"
+        "$(gki_get_boot_img_size "${compression}")" "${spl_month}"
       gki_dry_run_certify_bootimg "${boot_image_path}" \
-        "${GKI_ARTIFACTS_INFO_FILE}"
+        "${GKI_ARTIFACTS_INFO_FILE}" "${spl_month}"
     fi
     images_to_pack+=("${boot_image}")
   done