signing: fixes for bootimg hdr_v1 and hdr_v2
- increase SignBoot bootimg header version maximum from 4 to 8 (upstream AOSP is already at 3) and make a variable for future ease - hdr read size of 1024 bytes was too small as hdr_v1 and hdr_v2 have increased the used header page areas to 1632 and 1648 bytes, respectively, so raise this to the minimum page size of 2048 and also make a variable for future ease - do not return "not signed" for all caught exceptions, show StackTrace for future debugging then still return false for script purposes - correct "test keys" boot image signing strings (scripts and app) to "verity keys"
This commit is contained in:
parent
6dd34aec47
commit
c85b1c56af
@ -266,7 +266,7 @@ abstract class MagiskInstaller {
|
|||||||
|
|
||||||
val patched = File(installDir, "new-boot.img")
|
val patched = File(installDir, "new-boot.img")
|
||||||
if (isSigned) {
|
if (isSigned) {
|
||||||
console.add("- Signing boot image with test keys")
|
console.add("- Signing boot image with verity keys")
|
||||||
val signed = File(installDir, "signed.img")
|
val signed = File(installDir, "signed.img")
|
||||||
try {
|
try {
|
||||||
withStreams(SuFileInputStream(patched), signed.outputStream().buffered()) {
|
withStreams(SuFileInputStream(patched), signed.outputStream().buffered()) {
|
||||||
|
@ -256,7 +256,7 @@ flash_image() {
|
|||||||
esac
|
esac
|
||||||
if $BOOTSIGNED; then
|
if $BOOTSIGNED; then
|
||||||
CMD2="$BOOTSIGNER -sign"
|
CMD2="$BOOTSIGNER -sign"
|
||||||
ui_print "- Sign image with test keys"
|
ui_print "- Sign image with verity keys"
|
||||||
else
|
else
|
||||||
CMD2="cat -"
|
CMD2="cat -"
|
||||||
fi
|
fi
|
||||||
|
@ -33,6 +33,12 @@ public class SignBoot {
|
|||||||
private static final int BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET = 1632;
|
private static final int BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET = 1632;
|
||||||
private static final int BOOT_IMAGE_HEADER_V2_DTB_SIZE_OFFSET = 1648;
|
private static final int BOOT_IMAGE_HEADER_V2_DTB_SIZE_OFFSET = 1648;
|
||||||
|
|
||||||
|
/* Arbitrary maximum header version value; when greater assume the field is dt/extra size */
|
||||||
|
private static final int BOOT_IMAGE_HEADER_VERSION_MAXIMUM = 8;
|
||||||
|
|
||||||
|
/* Maximum header size byte value to read (bootimg minimum page size) */
|
||||||
|
private static final int BOOT_IMAGE_HEADER_SIZE_MAXIMUM = 2048;
|
||||||
|
|
||||||
private static class PushBackRWStream extends FilterInputStream {
|
private static class PushBackRWStream extends FilterInputStream {
|
||||||
private OutputStream out;
|
private OutputStream out;
|
||||||
private int pos = 0;
|
private int pos = 0;
|
||||||
@ -82,7 +88,7 @@ public class SignBoot {
|
|||||||
InputStream cert, InputStream key) {
|
InputStream cert, InputStream key) {
|
||||||
try {
|
try {
|
||||||
PushBackRWStream in = new PushBackRWStream(imgIn, imgOut);
|
PushBackRWStream in = new PushBackRWStream(imgIn, imgOut);
|
||||||
byte[] hdr = new byte[1024];
|
byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM];
|
||||||
// First read the header
|
// First read the header
|
||||||
in.read(hdr);
|
in.read(hdr);
|
||||||
int signableSize = getSignableImageSize(hdr);
|
int signableSize = getSignableImageSize(hdr);
|
||||||
@ -113,7 +119,7 @@ public class SignBoot {
|
|||||||
public static boolean verifySignature(InputStream imgIn, InputStream certIn) {
|
public static boolean verifySignature(InputStream imgIn, InputStream certIn) {
|
||||||
try {
|
try {
|
||||||
// Read the header for size
|
// Read the header for size
|
||||||
byte[] hdr = new byte[1024];
|
byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM];
|
||||||
if (imgIn.read(hdr) != hdr.length)
|
if (imgIn.read(hdr) != hdr.length)
|
||||||
return false;
|
return false;
|
||||||
int signableSize = getSignableImageSize(hdr);
|
int signableSize = getSignableImageSize(hdr);
|
||||||
@ -141,7 +147,8 @@ public class SignBoot {
|
|||||||
System.err.println("Signature is INVALID");
|
System.err.println("Signature is INVALID");
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
System.err.println("Invalid image: not signed");
|
e.printStackTrace();
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -165,8 +172,8 @@ public class SignBoot {
|
|||||||
+ ((kernelSize + pageSize - 1) / pageSize) * pageSize
|
+ ((kernelSize + pageSize - 1) / pageSize) * pageSize
|
||||||
+ ((ramdskSize + pageSize - 1) / pageSize) * pageSize
|
+ ((ramdskSize + pageSize - 1) / pageSize) * pageSize
|
||||||
+ ((secondSize + pageSize - 1) / pageSize) * pageSize;
|
+ ((secondSize + pageSize - 1) / pageSize) * pageSize;
|
||||||
int headerVersion = image.getInt(); // boot image header version or extra size
|
int headerVersion = image.getInt(); // boot image header version or dt/extra size
|
||||||
if (headerVersion > 0 && headerVersion < 4) {
|
if (headerVersion > 0 && headerVersion < BOOT_IMAGE_HEADER_VERSION_MAXIMUM) {
|
||||||
image.position(BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET);
|
image.position(BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET);
|
||||||
int recoveryDtboLength = image.getInt();
|
int recoveryDtboLength = image.getInt();
|
||||||
length += ((recoveryDtboLength + pageSize - 1) / pageSize) * pageSize;
|
length += ((recoveryDtboLength + pageSize - 1) / pageSize) * pageSize;
|
||||||
@ -183,7 +190,7 @@ public class SignBoot {
|
|||||||
"Invalid image header: invalid header length");
|
"Invalid image header: invalid header length");
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// headerVersion is 0 or actually extra size in this case
|
// headerVersion is 0 or actually dt/extra size in this case
|
||||||
length += ((headerVersion + pageSize - 1) / pageSize) * pageSize;
|
length += ((headerVersion + pageSize - 1) / pageSize) * pageSize;
|
||||||
}
|
}
|
||||||
length = ((length + pageSize - 1) / pageSize) * pageSize;
|
length = ((length + pageSize - 1) / pageSize) * pageSize;
|
||||||
|
Loading…
Reference in New Issue
Block a user