vbmeta_system.img

[99degree]

copy from redmi note 9 pro global (dotOS rom), 3 files boot.img, vbmeta.img and vbmeta_system.img to

~/Android_boot_image_editor#

result below: 01:54:10:373 INFO BootV2 - Unpack Summary of boot.img ┌───────────────────────────────────────┬──────────────────────────────────────┐ │What │Where │ └───────────────────────────────────────┴──────────────────────────────────────┘ ┌───────────────────────────────────────┬──────────────────────────────────────┐ │image info │build/unzip_boot/boot.json │ ├───────────────────────────────────────┼──────────────────────────────────────┤ │AVB info [verified] │build/unzip_boot/boot.avb.json │ ├───────────────────────────────────────┼──────────────────────────────────────┤ │kernel │build/unzip_boot/kernel │ │-- version [4.14.234] │build/unzip_boot/kernel_version.txt │ │-- config │build/unzip_boot/kernel_configs.txt │ ├───────────────────────────────────────┼──────────────────────────────────────┤ │ramdisk │build/unzip_boot/ramdisk.img.gz │ │-- extracted ramdisk rootfs │build/unzip_boot/root │ ├───────────────────────────────────────┼──────────────────────────────────────┤ │dtb │build/unzip_boot/dtb │ └───────────────────────────────────────┴──────────────────────────────────────┘ ┌───────────────────────────────────────┬──────────────────────────────────────┐ │vbmeta.img │build/unzip_boot/vbmeta.avb.json │ └───────────────────────────────────────┴──────────────────────────────────────┘ 01:54:10:401 WARN PackableLauncher - 'unpack' sequence completed

looks like vbmeta_system.img is no-op at all. Do this vbmeta_system.img also need repack?

[99degree]

dotos.zip

uploaded zip fyi

[cfig]

to unpack "vbmeta_system.img", you need to clear the directory, and leave "vbmeta_system.img" the only .img file there. The unpack result is: json.zip

As you can see, it contains hashTree descriptor of /system and /product. You do not need to modify vbmeta_system.img if system.img/product.img is not changed.

[99degree]

thx for the update. thumbs up!

I am more interested on phh's gsi for example; so i wanted to update those hash/salted value accordingly. thus had hex dump it a bit. the arch is like below, plz correct me there.

->vbmeta.img hashed (boot, dtbo, vendor, system_ext, vbmeta_system), really strange system_ext is tightly couple with system but it exist on this file. ->vbmeta_system.img hashed (product, system)

if i wanted to use my own gsi/boot/dtbo, I guess I need to update(repack) hashes of product/system in vbmeta_system (for system/product), sign vbmeta_system; then make sure boot.img is signed correctly with your great tool , also dtbo signed in same case, hashed, then update(repack) hash in vbmeta relevant field.

The things seemed missing are:

(1) dtbo hashing and signed (thx again for pointing about dtbo unpack. I don't have concern atm with dtbo.img itself since i compiled kernel, and dtbo.img is built as well. just for fun, i guess dtbo is signed and this is the reason i fastboot Image.gz+dtb ok but same param i made an boot.img.clear and boot fail), then update vbmeta file for the dtbo's new hash. or alternatively make vbmeta ignore the verity by filling a field by 02, kind of thing.

(2) update vbmeta_system about the product/system with private key(instead of google) and do a proper hash with salted. it is also nice to know how to replace key with boot.img.signed2, for example, to use my own key.

so is any chance? I am not keen on crypto thing so could you share a little idea about how to get the desired salted/hash field value in boot.avb.json also vbmeta.avb.json so i can edit it accordingly?

[99degree]

good news is after remove the dtbo entry from vbmeta.avb.json, repack and flash back, the fastboot boot boot.img.signed2 is working. and seemed also recompile/repack newer kernel for boot.img.signed2 does work too. no need to flash a new vbmeta.img

related #64

[cfig]

"really strange system_ext is tightly couple with system" --> It's redmi's choice to put system_ext info to vbmeta.img.

"no need to flash a new vbmeta.img." --> I see vemta.img header flags is 3. It will disable verification.

"dtbo hashing and signed" --> "avbtool add_hash_footer" will do.

"update(repack) hashes of product/system in vbmeta_system" --> "avbtool make_vbmeta_image" will do.

If you need to replace/update more images, you should already have a full copy of AOSP code, then you have everything you need to make any images. More details can be found in AOSP makefiles. I see you already know AVB well, then the issue you listed should not be a problem for you to resolve(by tools like avbtool, mkbootimg, mkdtbo etc). I do not have any plan to re-implement every feature in avbtool in the near future, if the feature still work.

BTW: patches are welcome :)

[cfig]

If there is scenario that you have 3rd party images (dtbo, system, system_ext, vendor ...), but not the full source code, and you want to update vbmeta accordingly, please let me know.

[99degree]

Yes exactly same case I am going to do. I see there is no more all-in-one android tooling (android kitchen, kind of). I found that your project is the only one that getting the job done and filling the technical gap well.

I am not capable/knowledge enough to do full AOSP from ground up. So I planed to make it myself a usable rom from primarily LineageOS. As I succeed and it's working previous Meizu E3 (from Yandex Amber). It should work as 3rd-party LineageOS is more GSI capable and hardware agnostic today. The remaining todo is like copy file a from vendor b based one vender c to form img named d. Funny enough is XiaoMi sdm660 series phone with LOS support happened with getting Nokia's vendor file. https://github.com/LineageOS/android_device_xiaomi_whyred/commit/24249bc2c3807c7ee4be488ac79d2baf5eab9d5a

BTW, I tested with it and the result from LOS davinci rom to this redmi note 9 pro is promising. I will go with that route too as I am more LOS rom fans at all.

So plz keep the great work through the economic hard time.

[cfig]

If the goal is to boot up Android, and AVB verification disabled is accepted: Just disable it by setting flag=3; or remove the relevant entry from vbmeta json, then pack vbmeta image again. If the goal is to boot up with altered images(dtbo, vendor ...), and AVB verification MUST be enabled: That needs more work to do ... Let me have a think~~