mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-11-24 02:25:28 +00:00
signing: fixes for bootimg hdr_v1 and hdr_v2
- increase SignBoot bootimg header version maximum from 4 to 8 (upstream AOSP is already at 3) and make a variable for future ease - hdr read size of 1024 bytes was too small as hdr_v1 and hdr_v2 have increased the used header page areas to 1632 and 1648 bytes, respectively, so raise this to the minimum page size of 2048 and also make a variable for future ease - do not return "not signed" for all caught exceptions, show StackTrace for future debugging then still return false for script purposes - correct "test keys" boot image signing strings (scripts and app) to "verity keys"
This commit is contained in:
parent
6dd34aec47
commit
c85b1c56af
@ -266,7 +266,7 @@ abstract class MagiskInstaller {
|
||||
|
||||
val patched = File(installDir, "new-boot.img")
|
||||
if (isSigned) {
|
||||
console.add("- Signing boot image with test keys")
|
||||
console.add("- Signing boot image with verity keys")
|
||||
val signed = File(installDir, "signed.img")
|
||||
try {
|
||||
withStreams(SuFileInputStream(patched), signed.outputStream().buffered()) {
|
||||
|
@ -256,7 +256,7 @@ flash_image() {
|
||||
esac
|
||||
if $BOOTSIGNED; then
|
||||
CMD2="$BOOTSIGNER -sign"
|
||||
ui_print "- Sign image with test keys"
|
||||
ui_print "- Sign image with verity keys"
|
||||
else
|
||||
CMD2="cat -"
|
||||
fi
|
||||
|
@ -33,6 +33,12 @@ public class SignBoot {
|
||||
private static final int BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET = 1632;
|
||||
private static final int BOOT_IMAGE_HEADER_V2_DTB_SIZE_OFFSET = 1648;
|
||||
|
||||
/* Arbitrary maximum header version value; when greater assume the field is dt/extra size */
|
||||
private static final int BOOT_IMAGE_HEADER_VERSION_MAXIMUM = 8;
|
||||
|
||||
/* Maximum header size byte value to read (bootimg minimum page size) */
|
||||
private static final int BOOT_IMAGE_HEADER_SIZE_MAXIMUM = 2048;
|
||||
|
||||
private static class PushBackRWStream extends FilterInputStream {
|
||||
private OutputStream out;
|
||||
private int pos = 0;
|
||||
@ -82,7 +88,7 @@ public class SignBoot {
|
||||
InputStream cert, InputStream key) {
|
||||
try {
|
||||
PushBackRWStream in = new PushBackRWStream(imgIn, imgOut);
|
||||
byte[] hdr = new byte[1024];
|
||||
byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM];
|
||||
// First read the header
|
||||
in.read(hdr);
|
||||
int signableSize = getSignableImageSize(hdr);
|
||||
@ -113,7 +119,7 @@ public class SignBoot {
|
||||
public static boolean verifySignature(InputStream imgIn, InputStream certIn) {
|
||||
try {
|
||||
// Read the header for size
|
||||
byte[] hdr = new byte[1024];
|
||||
byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM];
|
||||
if (imgIn.read(hdr) != hdr.length)
|
||||
return false;
|
||||
int signableSize = getSignableImageSize(hdr);
|
||||
@ -141,7 +147,8 @@ public class SignBoot {
|
||||
System.err.println("Signature is INVALID");
|
||||
}
|
||||
} catch (Exception e) {
|
||||
System.err.println("Invalid image: not signed");
|
||||
e.printStackTrace();
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
@ -165,8 +172,8 @@ public class SignBoot {
|
||||
+ ((kernelSize + pageSize - 1) / pageSize) * pageSize
|
||||
+ ((ramdskSize + pageSize - 1) / pageSize) * pageSize
|
||||
+ ((secondSize + pageSize - 1) / pageSize) * pageSize;
|
||||
int headerVersion = image.getInt(); // boot image header version or extra size
|
||||
if (headerVersion > 0 && headerVersion < 4) {
|
||||
int headerVersion = image.getInt(); // boot image header version or dt/extra size
|
||||
if (headerVersion > 0 && headerVersion < BOOT_IMAGE_HEADER_VERSION_MAXIMUM) {
|
||||
image.position(BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET);
|
||||
int recoveryDtboLength = image.getInt();
|
||||
length += ((recoveryDtboLength + pageSize - 1) / pageSize) * pageSize;
|
||||
@ -183,7 +190,7 @@ public class SignBoot {
|
||||
"Invalid image header: invalid header length");
|
||||
}
|
||||
} else {
|
||||
// headerVersion is 0 or actually extra size in this case
|
||||
// headerVersion is 0 or actually dt/extra size in this case
|
||||
length += ((headerVersion + pageSize - 1) / pageSize) * pageSize;
|
||||
}
|
||||
length = ((length + pageSize - 1) / pageSize) * pageSize;
|
||||
|
Loading…
Reference in New Issue
Block a user