Android AVB中的几种Descriptor

avbtool info_image查看img信息

./android/external/avb/avbtool info_image --image out/evb/download_images/emmc/vbmeta.img 
Minimum libavb version:   1.0
Header Block:             256 bytes
Authentication Block:     576 bytes
Auxiliary Block:          3456 bytes
Public key (sha1):        xxxx
Algorithm:                SHA256_RSA4096
Rollback Index:           0
Flags:                    0
Release String:           'avbtool 1.1.0'
Descriptors:
    Chain Partition descriptor:
      Partition Name:          vbmeta_system
      Rollback Index Location: 2
      Public key (sha1):       xxxx
    Prop: com.android.build.boot.fingerprint -> 'Android/evb/evb:11/RD2A.211001.002/test:userdebug/test-keys'
    Prop: com.android.build.boot.os_version -> '11'
    Prop: com.android.build.boot.security_patch -> '2022-11-05'
    Prop: com.android.build.vendor_boot.fingerprint -> 'Android/evb/evb:11/RD2A.211001.002/test:userdebug/test-keys'
    Prop: com.android.build.vendor.fingerprint -> 'Android/evb/evb:11/RD2A.211001.002/test:userdebug/test-keys'
    Prop: com.android.build.vendor.os_version -> '11'
    Prop: com.android.build.vendor.security_patch -> '2022-11-05'
    Prop: com.android.build.dtbo.fingerprint -> 'Android/evb/evb:11/RD2A.211001.002/test:userdebug/test-keys'
    Hash descriptor:
      Image Size:            28246016 bytes
      Hash Algorithm:        sha256
      Partition Name:        boot
      Salt:                  xxxx
      Digest:                xxxx
      Flags:                 0
    Hash descriptor:
      Image Size:            1193543 bytes
      Hash Algorithm:        sha256
      Partition Name:        dtbo
      Salt:                  xxxx
      Digest:                xxxx
      Flags:                 0
    Hash descriptor:
      Image Size:            327680 bytes
      Hash Algorithm:        sha256
      Partition Name:        vendor_boot
      Salt:                  xxxx
      Digest:                xxxx
      Flags:                 0
    Hashtree descriptor:
      Version of dm-verity:  1
      Image Size:            611209216 bytes
      Tree Offset:           611209216
      Tree Size:             4820992 bytes
      Data Block Size:       4096 bytes
      Hash Block Size:       4096 bytes
      FEC num roots:         2
      FEC offset:            616030208
      FEC size:              4874240 bytes
      Hash Algorithm:        sha1
      Partition Name:        vendor
      Salt:                  xxxx
      Root Digest:           xxxx
      Flags:                 0

Descriptor的有关说明

在AvbVBMetaImageHeader的注释中，关于descriptor的说明如下：

 * The descriptors starts at |descriptors_offset| from the beginning
 * of the "Auxiliary Data" block and take up |descriptors_size|
 * bytes. Each descriptor is stored as a |AvbDescriptor| with tag and
 * number of bytes following. The number of descriptors can be
 * determined by walking this data until |descriptors_size| is
 * exhausted.

从这里可以看到，descriptor位于vbmeta的Auxiliary Data Block，从descriptors_offset到descriptors_size。

每一个descriptor都是一个AvbDescriptor：tag + bytes。

AvbChainPartitionDescriptor

/* A descriptor containing a pointer to signed integrity data stored
 * on another partition. The descriptor contains the partition name in
 * question (without the A/B suffix), the public key used to sign the
 * integrity data, and rollback index location to use for rollback
 * protection.
 *
 * Following this struct are |partition_name_len| bytes of the
 * partition name (UTF-8 encoded) and |public_key_len| bytes of the
 * public key.
 *
 * The |reserved| field is for future expansion and must be set to NUL
 * bytes.
 */
typedef struct AvbChainPartitionDescriptor {
  AvbDescriptor parent_descriptor;
  uint32_t rollback_index_location;
  uint32_t partition_name_len;
  uint32_t public_key_len;
  uint8_t reserved[64];
} AVB_ATTR_PACKED AvbChainPartitionDescriptor;

AvbDescriptor

/* Well-known descriptor tags.
 *
 * AVB_DESCRIPTOR_TAG_PROPERTY: see |AvbPropertyDescriptor| struct.
 * AVB_DESCRIPTOR_TAG_HASHTREE: see |AvbHashtreeDescriptor| struct.
 * AVB_DESCRIPTOR_TAG_HASH: see |AvbHashDescriptor| struct.
 * AVB_DESCRIPTOR_TAG_KERNEL_CMDLINE: see |AvbKernelCmdlineDescriptor| struct.
 * AVB_DESCRIPTOR_TAG_CHAIN_PARTITION: see |AvbChainPartitionDescriptor| struct.
 */
typedef enum {
  AVB_DESCRIPTOR_TAG_PROPERTY,
  AVB_DESCRIPTOR_TAG_HASHTREE,
  AVB_DESCRIPTOR_TAG_HASH,
  AVB_DESCRIPTOR_TAG_KERNEL_CMDLINE,
  AVB_DESCRIPTOR_TAG_CHAIN_PARTITION,
} AvbDescriptorTag;

/* The header for a serialized descriptor.
 *
 * A descriptor always have two fields, a |tag| (denoting its type,
 * see the |AvbDescriptorTag| enumeration) and the size of the bytes
 * following, |num_bytes_following|.
 *
 * For padding, |num_bytes_following| is always a multiple of 8.
 */
typedef struct AvbDescriptor {
  uint64_t tag;
  uint64_t num_bytes_following;
} AVB_ATTR_PACKED AvbDescriptor;

AvbHashDescriptor

/* A descriptor containing information about hash for an image.
 *
 * This descriptor is typically used for boot partitions to verify the
 * entire kernel+initramfs image before executing it.
 *
 * Following this struct are |partition_name_len| bytes of the
 * partition name (UTF-8 encoded), |salt_len| bytes of salt, and then
 * |digest_len| bytes of the digest.
 *
 * The |reserved| field is for future expansion and must be set to NUL
 * bytes.
 */
typedef struct AvbHashDescriptor {
  AvbDescriptor parent_descriptor;
  uint64_t image_size;
  uint8_t hash_algorithm[32];
  uint32_t partition_name_len;
  uint32_t salt_len;
  uint32_t digest_len;
  uint8_t reserved[64];
} AVB_ATTR_PACKED AvbHashDescriptor;

从HashDescriptor中获取重要信息

    if (!avb_hash_descriptor_validate_and_byteswap(
                (const AvbHashDescriptor *)descriptor, &hash_desc))
    {
        ret = AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA;
        goto out;
    }

    desc_partition_name =
        ((const uint8_t *)descriptor) + sizeof(AvbHashDescriptor);
    desc_salt = desc_partition_name + hash_desc.partition_name_len;
    desc_digest = desc_salt + hash_desc.salt_len;

从上面的代码解读，可以看到hash descriptor大致的布局，先是放一个定长的AvbHashDescriptor，接下来放partition name，再是salt，下面是digest。

 

AvbHashtreeDescriptor

/* A descriptor containing information about a dm-verity hashtree.
 *
 * Hash-trees are used to verify large partitions typically containing
 * file systems. See
 * https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity for more
 * information about dm-verity.
 *
 * Following this struct are |partition_name_len| bytes of the
 * partition name (UTF-8 encoded), |salt_len| bytes of salt, and then
 * |root_digest_len| bytes of the root digest.
 *
 * The |reserved| field is for future expansion and must be set to NUL
 * bytes.
 */
typedef struct AvbHashtreeDescriptor {
  AvbDescriptor parent_descriptor;
  uint32_t dm_verity_version;
  uint64_t image_size;
  uint64_t tree_offset;
  uint64_t tree_size;
  uint32_t data_block_size;
  uint32_t hash_block_size;
  uint32_t fec_num_roots;
  uint64_t fec_offset;
  uint64_t fec_size;
  uint8_t hash_algorithm[32];
  uint32_t partition_name_len;
  uint32_t salt_len;
  uint32_t root_digest_len;
  uint8_t reserved[64];
} AVB_ATTR_PACKED AvbHashtreeDescriptor;