Closed andidevi closed 1 month ago
chenxiaolong
commented
1 month ago Thanks for the logs!
I have a feeling I know what this is, but I want to confirm first. Can you post the output of this?
adb shell su -c 'ls -l /dev/block/mapper/system_?'EDIT: Fixed typo in command
andidevi
commented
1 month ago Thanks for the quick response!
$ adb shell su -c 'ls -l /dev/block/mapper/system_?'
lrwxrwxrwx 1 root root 15 1971-01-29 14:32 /dev/block/mapper/system_b -> /dev/block/dm-1Thanks! Could you try one more thing? Can you post the output of this:
avbroot ota extract -i <your patched OTA> -d extracted
avbroot avb info -i extracted/system.imgand also:
adb shell su -c 'dmctl list devices -v'... here we go
$ avbroot ota extract -i lineage-21.0-20240818-nightly-pdx234-signed.zip.patched -d extracted
0.007s INFO Extracting from the payload: boot, init_boot, recovery, system, vbmeta, vbmeta_system, vendor_boot
3.309s INFO Successfully extracted OTAfor avb info see also avb-info.txt
$ avbroot avb info -i extracted/system.img
AvbInfo {
header: Header {
required_libavb_version_major: 1,
required_libavb_version_minor: 0,
algorithm_type: None,
hash: "",
signature: "",
public_key: "",
public_key_metadata: "",
descriptors: [
HashTree(
HashTreeDescriptor {
dm_verity_version: 1,
image_size: 1028087808,
tree_offset: 1028087808,
tree_size: 8101888,
data_block_size: 4096,
hash_block_size: 4096,
fec_num_roots: 2,
fec_offset: 1036189696,
fec_size: 8192000,
hash_algorithm: "sha256",
partition_name: "system",
salt: "111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe",
root_digest: "d2e78c261b39beec72070bdd22ce1c5abf10bba945b49bcedebff4c72d9d203b",
flags: 0,
reserved: "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
},
),
Property(
PropertyDescriptor {
key: "com.android.build.system.os_version",
value: "14",
},
),
Property(
PropertyDescriptor {
key: "com.android.build.system.fingerprint",
value: "Sony/XQ-DQ72/XQ-DQ72:14/67.1.A.2.264/067001A002026400521143226:user/release-keys",
},
),
Property(
PropertyDescriptor {
key: "com.android.build.system.security_patch",
value: "2024-08-05",
},
),
],
rollback_index: 0,
flags: 0,
rollback_index_location: 0,
release_string: "avbtool 1.3.0",
reserved: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
},
footer: Some(
Footer {
version_major: 1,
version_minor: 0,
original_image_size: 1028087808,
vbmeta_offset: 1044381696,
vbmeta_size: 832,
reserved: "00000000000000000000000000000000000000000000000000000000",
},
),
image_size: 1044660224,
}for output of dmctl list see also dmctl-list.txt
$ adb shell su -c 'dmctl list devices -v'
Available Device Mapper Devices:
com.android.adbd : 254:32
target#1: 0-15936: verity, 1 7:192 7:192 4096 4096 1992 1992 sha256 296f0da79ccd592092caac8ea7ca0cc4184de40ec5825a160601d5c35cf6e17f 3fcbd1f51e1afdf18ba017e97eaff6df5aeb454c4f1f1674a0763349bc95ced3 2 restart_on_corruption ignore_zero_blocks
com.android.adservices : 254:35
target#1: 0-43120: verity, 1 7:240 7:240 4096 4096 5390 5390 sha256 2289e574f327939ef85f9d2f7b9989d910d27a485caab6289081440f8c0ecae9 6c639517af10724e55685d73f76c0b8a9d992f82523be52430a157364dbbc264 2 restart_on_corruption ignore_zero_blocks
com.android.appsearch : 254:26
target#1: 0-7640: verity, 1 7:272 7:272 4096 4096 955 955 sha256 1007e08b6c68d17f939133eea777c5e41ab6bcfcaf14b9264b1dba1f18f57003 7314ba5714172b2ff68d861693294e802d822e1cbfb2fdd0886db402d1cf3fa5 2 restart_on_corruption ignore_zero_blocks
com.android.art : 254:46
target#1: 0-83168: verity, 1 7:152 7:152 4096 4096 10396 10396 sha256 e5cfdc305738908a3812d0542434a2023957966f3cf96d8eb8a5eff183db5f2a e938e189d4a9ec81b88ea598dc6c7a7250e7ee4a5d4c00a429af174ff37ce2bd 2 restart_on_corruption ignore_zero_blocks
com.android.cellbroadcast : 254:27
target#1: 0-33984: verity, 1 7:216 7:216 4096 4096 4248 4248 sha256 3f40e9d79dd8869de1af84e8e021d9b864f954a221c2ed0fc3360f676e6fd251 6a16cdcdbf2da3cef8d6d92da4790bdb04c10cd920231ed8d6f157a5de6c72b2 2 restart_on_corruption ignore_zero_blocks
com.android.configinfrastructure : 254:25
target#1: 0-1152: verity, 1 7:232 7:232 4096 4096 144 144 sha256 9d329b638a9fdc9286819229d9e9334964a53377d07cad4eb37952c1b07b5943 65c98f0131622536cb94c35a7256e4f157ed7fcfe29e14549b85de4671fd5411 2 restart_on_corruption ignore_zero_blocks
com.android.conscrypt : 254:49
target#1: 0-11824: verity, 1 7:40 7:40 4096 4096 1478 1478 sha256 136062f3d32c4c587fcde9e6da7ce9345440c1c6e0e92e660bf134e3ec136235 ec094bd6a0556fd1f5260688ab8793ad4b9d61cd3d73bd1cbc21951b38969de5 2 restart_on_corruption ignore_zero_blocks
com.android.extservices : 254:48
target#1: 0-47360: verity, 1 7:120 7:120 4096 4096 5920 5920 sha256 24034e3137cc47036a27e99e06bc4485043a4d61408088fabaa0e963b2e10181 73e2246b5c4d0803bceb88870b457877b3999d2fb566190852f5fdbd434edd1c 2 restart_on_corruption ignore_zero_blocks
com.android.ipsec : 254:37
target#1: 0-1560: verity, 1 7:176 7:176 4096 4096 195 195 sha256 f3ab189a6fc64133370c6ce86d6d7984eac9a42e6cec4f1cd93ff4bf35308914 fb58229e22235f1ca8547bb308448ff3acff8653c996f94c1bbec7e01d0b130b 2 restart_on_corruption ignore_zero_blocks
com.android.media : 254:39
target#1: 0-12624: verity, 1 7:248 7:248 4096 4096 1578 1578 sha256 3d6dc30cdc822f6f26cf8022fbc25a890ac77892969ff27330eac0a7afde8ff9 b8c5799af79ad8a3b22ebddf918cac9484b9a9a82875160716ffaa25e97b384d 2 restart_on_corruption ignore_zero_blocks
com.android.media.swcodec : 254:33
target#1: 0-55408: verity, 1 7:200 7:200 4096 4096 6926 6926 sha256 90f96c869f193ca956cf9ecc547ee237c9b92ad61d798b719399e979c6b638cb 7cbdd475f949d5d136b8f08fb1362d4b8c376ea8d29b1d83873c24f6a1c8afb0 2 restart_on_corruption ignore_zero_blocks
com.android.mediaprovider : 254:21
target#1: 0-46944: verity, 1 7:224 7:224 4096 4096 5868 5868 sha256 3564ed2a0a0e4b16dcb854bf2fc3c78380991f388f671ffde67d3d23d05f4dfb b0a22548f0d04cd4551f43e27266ce8d662b0a73fa0ef203a06ff3bb5151a5ab 2 restart_on_corruption ignore_zero_blocks
com.android.neuralnetworks : 254:28
target#1: 0-15104: verity, 1 7:256 7:256 4096 4096 1888 1888 sha256 49bc1604a2bc1f7980ebab3194c8b6fa8cebd9144def6ff2b04f7fe2b9776c97 f4a5b9207407954c6b99ffee4950d77dbeef32e8f449b66e501feee7ab4d5f3f 2 restart_on_corruption ignore_zero_blocks
com.android.ondevicepersonalization : 254:43
target#1: 0-26288: verity, 1 7:168 7:168 4096 4096 3286 3286 sha256 6ec26eda24917da62d133321fb6f8d5a5661cd2532e41909a1457506987221d1 96d48987e39c5d49c03419818a42efcff9c306dfb9a51517c8f5fba5cc49e9fc 2 restart_on_corruption ignore_zero_blocks
com.android.permission : 254:45
target#1: 0-44168: verity, 1 7:48 7:48 4096 4096 5521 5521 sha256 a21eb7719905f4f76f952c701eeb9ec58f621d186b1f36e1ef9a171217082eab 986906fa21ccb19d7539bc89b2ab7d57f165541340e87af8a19dba9f24cf4243 2 restart_on_corruption ignore_zero_blocks
com.android.resolv : 254:34
target#1: 0-8248: verity, 1 7:184 7:184 4096 4096 1031 1031 sha256 74be4cb5638c8663ef4d25594bd5285a2c3909b6205b49d882bbb2d04b27273f 1d27af8d695a47a68d3416fec2e52d8fc0777732a0e3346b5cc9c3d8ce0375ff 2 restart_on_corruption ignore_zero_blocks
com.android.scheduling : 254:23
target#1: 0-512: verity, 1 7:264 7:264 4096 4096 64 64 sha256 f70591734d727000f78eeb71ad1b855e3d571119bdc7e37ffcee34257f797e6a 87b834de9f561b60d64f6d30b3db96959b30cf42f312ece0a3358a0dedb6f5cb 2 restart_on_corruption ignore_zero_blocks
com.android.tethering : 254:44
target#1: 0-41712: verity, 1 7:160 7:160 4096 4096 5214 5214 sha256 f273625db9f20fce8620ecf94887b1f5ef6126ccef2b4b72c1443366fb50064b ca8de858215ffb24d2eeef028630af2c8e8079ab7a3772a05563988c304b11f5 2 restart_on_corruption ignore_zero_blocks
com.android.uwb : 254:47
target#1: 0-8112: verity, 1 7:136 7:136 4096 4096 1014 1014 sha256 3ee89410556c80947720ae94346820123735dd10309cdd020cbcbdb51bd1ded7 743d79c7374d42501a9e8cdd5264bbc58b36077fa6d3aac38ae0504c83ecebb5 2 restart_on_corruption ignore_zero_blocks
com.android.wifi : 254:31
target#1: 0-17624: verity, 1 7:208 7:208 4096 4096 2203 2203 sha256 9d54c7ea837f92c69b86ad4d9600235eeaae058e0f7df092dba199f674b0ca9c 2d0177fd52a04baa30181843ea595874bc9bb9051bc6ff002b5f50064712a438 2 restart_on_corruption ignore_zero_blocks
odm-verity : 254:20
target#1: 0-23624: verity, 1 254:4 254:4 4096 4096 2953 2953 sha256 86f0d73ba2d18ebc7caf2eaaf223c612ebb58029985c77efc3db7364a6bfc241 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:4 fec_blocks 2978 fec_start 2978 fec_roots 2
odm_b : 254:4
target#1: 0-24232: linear, 259:79 5833120
odm_b-cow : 254:11
target#1: 0-24336: linear, 259:79 19562352
product-verity : 254:16
target#1: 0-4859144: verity, 1 254:0 254:0 4096 4096 607393 607393 sha1 14d6cb8080d32d0729c6c014dbfcd32ffa902f60 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:0 fec_blocks 612178 fec_start 612178 fec_roots 2
product_b : 254:0
target#1: 0-885088: linear, 259:79 2048
target#2: 885088-1563936: linear, 259:79 2927488
target#3: 1563936-4937216: linear, 259:79 6948720
product_b-cow : 254:7
target#1: 0-4956512: linear, 259:79 10322000
system-verity : 254:14
target#1: 0-2007984: verity, 1 254:1 254:1 4096 4096 250998 250998 sha256 d2e78c261b39beec72070bdd22ce1c5abf10bba945b49bcedebff4c72d9d203b 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:1 fec_blocks 252976 fec_start 252976 fec_roots 2
system_b : 254:1
target#1: 0-2040352: linear, 259:79 887136
system_b-cow : 254:8
target#1: 0-2048336: linear, 259:79 15278512
system_dlkm-verity : 254:19
target#1: 0-592: verity, 1 254:2 254:2 4096 4096 74 74 sha256 3f9935abf3dece27ca208f0263e6aa9351a170aa4cdc82a80fef41aaa15f3e01 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:2 fec_blocks 75 fec_start 75 fec_roots 2
system_dlkm_b : 254:2
target#1: 0-760: linear, 259:79 3606336
system_dlkm_b-cow : 254:9
target#1: 0-776: linear, 259:79 17326848
system_ext-verity : 254:15
target#1: 0-1010008: verity, 1 254:5 254:5 4096 4096 126251 126251 sha1 ca01a3559d54396753625a441a778c2205eb319b 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:5 fec_blocks 127247 fec_start 127247 fec_roots 2
system_ext_b : 254:5
target#1: 0-1026376: linear, 259:79 5857352
system_ext_b-cow : 254:12
target#1: 0-1030400: linear, 259:79 19586688
userdata : 254:53
target#1: 0-452187432: default-key, aes-xts-plain64 - 0 259:80 0 4 allow_discards sector_size:4096 iv_large_sectors wrappedkey_v0
vendor-verity : 254:17
target#1: 0-2184184: verity, 1 254:3 254:3 4096 4096 273023 273023 sha256 9ef07e74271c21370a93b1d4e2a9042e6b60dd2cb157a31e13e7ec873608d525 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:3 fec_blocks 275174 fec_start 275174 fec_roots 2
vendor_b : 254:3
target#1: 0-2226024: linear, 259:79 3607096
vendor_b-cow : 254:10
target#1: 0-2234728: linear, 259:79 17327624
vendor_dlkm-verity : 254:18
target#1: 0-63608: verity, 1 254:6 254:6 4096 4096 7951 7951 sha256 ba5413c500f6306d83857a31cf3ed269916993ec5429238e0f778dc9d4c6705a 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:6 fec_blocks 8015 fec_start 8015 fec_roots 2
vendor_dlkm_b : 254:6
target#1: 0-64992: linear, 259:79 6883728
vendor_dlkm_b-cow : 254:13
target#1: 0-65256: linear, 259:79 20617088Perfect! So this is https://github.com/chenxiaolong/avbroot/issues/282#issuecomment-2101022071 then.
Your setup is perfectly fine and you can move forward with setting up avbroot. The only "issue" here is that Android has terrible log messages.
Details:
If you extract the fstab file from the vendor_boot partition, you'll find this line for the system partition:
system /system ext4 ro,barrier=1,discard wait,slotselect,avb=vbmeta_system,logical,first_stage_mount,avb_keys=/avb/q-gsi.avbpubkey:/avb/r-gsi.avbpubkey:/avb/s-gsi.avbpubkey:/avb/t-gsi.avbpubkeyNotably, it specifies 2 ways of verifying the system partition:
avb=vbmeta_systemavb_keys=/avb/q-gsi.avbpubkey:/avb/r-gsi.avbpubkey:/avb/s-gsi.avbpubkey:/avb/t-gsi.avbpubkeyThe avb=vbmeta_system is the normal way. The issue is that Android is attempting to verify with avb_keys=... first. That's what results in these logs:
[ 0.838560] init: [libfs_avb] public key data shouldn't be empty for /system
[ 0.838563] init: [libfs_avb] Found unknown public key used to sign /system
[ 0.838566] init: [libfs_avb] Returning avb_handle for '/system' with status: VerificationErrorAfter that fails, it retries with avb=vbmeta_system, which succeeds:
[ 0.838593] init: [libfs_avb] Built verity table: '1 /dev/block/dm-5 /dev/block/dm-5 4096 4096 250998 250998 sha256 d2e78c261b39beec72070bdd22ce1c5abf10bba945b49bcedebff4c72d9d203b 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 10 use_fec_from_device /dev/block/dm-5 fec_roots 2 fec_blocks 252976 fec_start 252976 restart_on_corruption ignore_zero_blocks'That log message doesn't say system, but here's how you know it's for system. In the log message, the value right after sha256 is the root digest. This same root digest shows up for system in your avbroot avb info and dmctl outputs:
avb-info.txt:
partition_name: "system",
salt: "111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe",
root_digest: "d2e78c261b39beec72070bdd22ce1c5abf10bba945b49bcedebff4c72d9d203b",dmctl-list.txt:
system-verity : 254:14
target#1: 0-2007984: verity, 1 254:1 254:1 4096 4096 250998 250998 sha256 d2e78c261b39beec72070bdd22ce1c5abf10bba945b49bcedebff4c72d9d203b 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:1 fec_blocks 252976 fec_start 252976 fec_roots 2Thank you very much!
After patching fstab in my copy of my-avbroot-setup the VerifyError went away. https://github.com/andidevi/my-avbroot-setup/commit/eea8a30ba723e88ef29ae3e2e2d3f04619f1a21d
$ adb shell su -c 'dmesg | grep libfs_avb'
[ 0.832828] init: [libfs_avb] Returning avb_handle with status: Success
[ 0.832857] init: [libfs_avb] Built verity table: '1 /dev/block/dm-5 /dev/block/dm-5 4096 4096 334595 334595 sha256 551689db67496418140084256c9851d45605f7945a394cedec97cf3ae8413e33 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-5 fec_roots 2 fec_blocks 337232 fec_start 337232 ignore_zero_blocks'
[ 0.838656] init: [libfs_avb] Built verity table: '1 /dev/block/dm-17 /dev/block/dm-17 4096 4096 126251 126251 sha1 ca01a3559d54396753625a441a778c2205eb319b 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-17 fec_roots 2 fec_blocks 127247 fec_start 127247 ignore_zero_blocks'
[ 0.841695] init: [libfs_avb] Built verity table: '1 /dev/block/dm-2 /dev/block/dm-2 4096 4096 108907 108907 sha256 d618810a94dc2c0b0e40a012f686347917432ca62a382b20c43633fea51b5bb5 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-2 fec_roots 2 fec_blocks 109766 fec_start 109766 ignore_zero_blocks'
[ 0.844122] init: [libfs_avb] Built verity table: '1 /dev/block/dm-11 /dev/block/dm-11 4096 4096 273023 273023 sha256 9ef07e74271c21370a93b1d4e2a9042e6b60dd2cb157a31e13e7ec873608d525 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-11 fec_roots 2 fec_blocks 275174 fec_start 275174 ignore_zero_blocks'
[ 0.845499] init: [libfs_avb] Built verity table: '1 /dev/block/dm-20 /dev/block/dm-20 4096 4096 7951 7951 sha256 ba5413c500f6306d83857a31cf3ed269916993ec5429238e0f778dc9d4c6705a 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-20 fec_roots 2 fec_blocks 8015 fec_start 8015 ignore_zero_blocks'
[ 0.846656] init: [libfs_avb] Built verity table: '1 /dev/block/dm-8 /dev/block/dm-8 4096 4096 74 74 sha256 3f9935abf3dece27ca208f0263e6aa9351a170aa4cdc82a80fef41aaa15f3e01 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-8 fec_roots 2 fec_blocks 75 fec_start 75 ignore_zero_blocks'
[ 0.849555] init: [libfs_avb] Built verity table: '1 /dev/block/dm-14 /dev/block/dm-14 4096 4096 2953 2953 sha256 86f0d73ba2d18ebc7caf2eaaf223c612ebb58029985c77efc3db7364a6bfc241 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-14 fec_roots 2 fec_blocks 2978 fec_start 2978 ignore_zero_blocks'
in step
avbroot ota verifysays "Signatures are all valid!", see ota-verify.txtsteps to reproduce: