Closed andidevi closed 1 month ago
Thanks for the logs!
I have a feeling I know what this is, but I want to confirm first. Can you post the output of this?
adb shell su -c 'ls -l /dev/block/mapper/system_?'
EDIT: Fixed typo in command
Thanks for the quick response!
$ adb shell su -c 'ls -l /dev/block/mapper/system_?'
lrwxrwxrwx 1 root root 15 1971-01-29 14:32 /dev/block/mapper/system_b -> /dev/block/dm-1
Thanks! Could you try one more thing? Can you post the output of this:
avbroot ota extract -i <your patched OTA> -d extracted
avbroot avb info -i extracted/system.img
and also:
adb shell su -c 'dmctl list devices -v'
... here we go
$ avbroot ota extract -i lineage-21.0-20240818-nightly-pdx234-signed.zip.patched -d extracted
0.007s INFO Extracting from the payload: boot, init_boot, recovery, system, vbmeta, vbmeta_system, vendor_boot
3.309s INFO Successfully extracted OTA
for avb info see also avb-info.txt
$ avbroot avb info -i extracted/system.img
AvbInfo {
header: Header {
required_libavb_version_major: 1,
required_libavb_version_minor: 0,
algorithm_type: None,
hash: "",
signature: "",
public_key: "",
public_key_metadata: "",
descriptors: [
HashTree(
HashTreeDescriptor {
dm_verity_version: 1,
image_size: 1028087808,
tree_offset: 1028087808,
tree_size: 8101888,
data_block_size: 4096,
hash_block_size: 4096,
fec_num_roots: 2,
fec_offset: 1036189696,
fec_size: 8192000,
hash_algorithm: "sha256",
partition_name: "system",
salt: "111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe",
root_digest: "d2e78c261b39beec72070bdd22ce1c5abf10bba945b49bcedebff4c72d9d203b",
flags: 0,
reserved: "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
},
),
Property(
PropertyDescriptor {
key: "com.android.build.system.os_version",
value: "14",
},
),
Property(
PropertyDescriptor {
key: "com.android.build.system.fingerprint",
value: "Sony/XQ-DQ72/XQ-DQ72:14/67.1.A.2.264/067001A002026400521143226:user/release-keys",
},
),
Property(
PropertyDescriptor {
key: "com.android.build.system.security_patch",
value: "2024-08-05",
},
),
],
rollback_index: 0,
flags: 0,
rollback_index_location: 0,
release_string: "avbtool 1.3.0",
reserved: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
},
footer: Some(
Footer {
version_major: 1,
version_minor: 0,
original_image_size: 1028087808,
vbmeta_offset: 1044381696,
vbmeta_size: 832,
reserved: "00000000000000000000000000000000000000000000000000000000",
},
),
image_size: 1044660224,
}
for output of dmctl list see also dmctl-list.txt
$ adb shell su -c 'dmctl list devices -v'
Available Device Mapper Devices:
com.android.adbd : 254:32
target#1: 0-15936: verity, 1 7:192 7:192 4096 4096 1992 1992 sha256 296f0da79ccd592092caac8ea7ca0cc4184de40ec5825a160601d5c35cf6e17f 3fcbd1f51e1afdf18ba017e97eaff6df5aeb454c4f1f1674a0763349bc95ced3 2 restart_on_corruption ignore_zero_blocks
com.android.adservices : 254:35
target#1: 0-43120: verity, 1 7:240 7:240 4096 4096 5390 5390 sha256 2289e574f327939ef85f9d2f7b9989d910d27a485caab6289081440f8c0ecae9 6c639517af10724e55685d73f76c0b8a9d992f82523be52430a157364dbbc264 2 restart_on_corruption ignore_zero_blocks
com.android.appsearch : 254:26
target#1: 0-7640: verity, 1 7:272 7:272 4096 4096 955 955 sha256 1007e08b6c68d17f939133eea777c5e41ab6bcfcaf14b9264b1dba1f18f57003 7314ba5714172b2ff68d861693294e802d822e1cbfb2fdd0886db402d1cf3fa5 2 restart_on_corruption ignore_zero_blocks
com.android.art : 254:46
target#1: 0-83168: verity, 1 7:152 7:152 4096 4096 10396 10396 sha256 e5cfdc305738908a3812d0542434a2023957966f3cf96d8eb8a5eff183db5f2a e938e189d4a9ec81b88ea598dc6c7a7250e7ee4a5d4c00a429af174ff37ce2bd 2 restart_on_corruption ignore_zero_blocks
com.android.cellbroadcast : 254:27
target#1: 0-33984: verity, 1 7:216 7:216 4096 4096 4248 4248 sha256 3f40e9d79dd8869de1af84e8e021d9b864f954a221c2ed0fc3360f676e6fd251 6a16cdcdbf2da3cef8d6d92da4790bdb04c10cd920231ed8d6f157a5de6c72b2 2 restart_on_corruption ignore_zero_blocks
com.android.configinfrastructure : 254:25
target#1: 0-1152: verity, 1 7:232 7:232 4096 4096 144 144 sha256 9d329b638a9fdc9286819229d9e9334964a53377d07cad4eb37952c1b07b5943 65c98f0131622536cb94c35a7256e4f157ed7fcfe29e14549b85de4671fd5411 2 restart_on_corruption ignore_zero_blocks
com.android.conscrypt : 254:49
target#1: 0-11824: verity, 1 7:40 7:40 4096 4096 1478 1478 sha256 136062f3d32c4c587fcde9e6da7ce9345440c1c6e0e92e660bf134e3ec136235 ec094bd6a0556fd1f5260688ab8793ad4b9d61cd3d73bd1cbc21951b38969de5 2 restart_on_corruption ignore_zero_blocks
com.android.extservices : 254:48
target#1: 0-47360: verity, 1 7:120 7:120 4096 4096 5920 5920 sha256 24034e3137cc47036a27e99e06bc4485043a4d61408088fabaa0e963b2e10181 73e2246b5c4d0803bceb88870b457877b3999d2fb566190852f5fdbd434edd1c 2 restart_on_corruption ignore_zero_blocks
com.android.ipsec : 254:37
target#1: 0-1560: verity, 1 7:176 7:176 4096 4096 195 195 sha256 f3ab189a6fc64133370c6ce86d6d7984eac9a42e6cec4f1cd93ff4bf35308914 fb58229e22235f1ca8547bb308448ff3acff8653c996f94c1bbec7e01d0b130b 2 restart_on_corruption ignore_zero_blocks
com.android.media : 254:39
target#1: 0-12624: verity, 1 7:248 7:248 4096 4096 1578 1578 sha256 3d6dc30cdc822f6f26cf8022fbc25a890ac77892969ff27330eac0a7afde8ff9 b8c5799af79ad8a3b22ebddf918cac9484b9a9a82875160716ffaa25e97b384d 2 restart_on_corruption ignore_zero_blocks
com.android.media.swcodec : 254:33
target#1: 0-55408: verity, 1 7:200 7:200 4096 4096 6926 6926 sha256 90f96c869f193ca956cf9ecc547ee237c9b92ad61d798b719399e979c6b638cb 7cbdd475f949d5d136b8f08fb1362d4b8c376ea8d29b1d83873c24f6a1c8afb0 2 restart_on_corruption ignore_zero_blocks
com.android.mediaprovider : 254:21
target#1: 0-46944: verity, 1 7:224 7:224 4096 4096 5868 5868 sha256 3564ed2a0a0e4b16dcb854bf2fc3c78380991f388f671ffde67d3d23d05f4dfb b0a22548f0d04cd4551f43e27266ce8d662b0a73fa0ef203a06ff3bb5151a5ab 2 restart_on_corruption ignore_zero_blocks
com.android.neuralnetworks : 254:28
target#1: 0-15104: verity, 1 7:256 7:256 4096 4096 1888 1888 sha256 49bc1604a2bc1f7980ebab3194c8b6fa8cebd9144def6ff2b04f7fe2b9776c97 f4a5b9207407954c6b99ffee4950d77dbeef32e8f449b66e501feee7ab4d5f3f 2 restart_on_corruption ignore_zero_blocks
com.android.ondevicepersonalization : 254:43
target#1: 0-26288: verity, 1 7:168 7:168 4096 4096 3286 3286 sha256 6ec26eda24917da62d133321fb6f8d5a5661cd2532e41909a1457506987221d1 96d48987e39c5d49c03419818a42efcff9c306dfb9a51517c8f5fba5cc49e9fc 2 restart_on_corruption ignore_zero_blocks
com.android.permission : 254:45
target#1: 0-44168: verity, 1 7:48 7:48 4096 4096 5521 5521 sha256 a21eb7719905f4f76f952c701eeb9ec58f621d186b1f36e1ef9a171217082eab 986906fa21ccb19d7539bc89b2ab7d57f165541340e87af8a19dba9f24cf4243 2 restart_on_corruption ignore_zero_blocks
com.android.resolv : 254:34
target#1: 0-8248: verity, 1 7:184 7:184 4096 4096 1031 1031 sha256 74be4cb5638c8663ef4d25594bd5285a2c3909b6205b49d882bbb2d04b27273f 1d27af8d695a47a68d3416fec2e52d8fc0777732a0e3346b5cc9c3d8ce0375ff 2 restart_on_corruption ignore_zero_blocks
com.android.scheduling : 254:23
target#1: 0-512: verity, 1 7:264 7:264 4096 4096 64 64 sha256 f70591734d727000f78eeb71ad1b855e3d571119bdc7e37ffcee34257f797e6a 87b834de9f561b60d64f6d30b3db96959b30cf42f312ece0a3358a0dedb6f5cb 2 restart_on_corruption ignore_zero_blocks
com.android.tethering : 254:44
target#1: 0-41712: verity, 1 7:160 7:160 4096 4096 5214 5214 sha256 f273625db9f20fce8620ecf94887b1f5ef6126ccef2b4b72c1443366fb50064b ca8de858215ffb24d2eeef028630af2c8e8079ab7a3772a05563988c304b11f5 2 restart_on_corruption ignore_zero_blocks
com.android.uwb : 254:47
target#1: 0-8112: verity, 1 7:136 7:136 4096 4096 1014 1014 sha256 3ee89410556c80947720ae94346820123735dd10309cdd020cbcbdb51bd1ded7 743d79c7374d42501a9e8cdd5264bbc58b36077fa6d3aac38ae0504c83ecebb5 2 restart_on_corruption ignore_zero_blocks
com.android.wifi : 254:31
target#1: 0-17624: verity, 1 7:208 7:208 4096 4096 2203 2203 sha256 9d54c7ea837f92c69b86ad4d9600235eeaae058e0f7df092dba199f674b0ca9c 2d0177fd52a04baa30181843ea595874bc9bb9051bc6ff002b5f50064712a438 2 restart_on_corruption ignore_zero_blocks
odm-verity : 254:20
target#1: 0-23624: verity, 1 254:4 254:4 4096 4096 2953 2953 sha256 86f0d73ba2d18ebc7caf2eaaf223c612ebb58029985c77efc3db7364a6bfc241 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:4 fec_blocks 2978 fec_start 2978 fec_roots 2
odm_b : 254:4
target#1: 0-24232: linear, 259:79 5833120
odm_b-cow : 254:11
target#1: 0-24336: linear, 259:79 19562352
product-verity : 254:16
target#1: 0-4859144: verity, 1 254:0 254:0 4096 4096 607393 607393 sha1 14d6cb8080d32d0729c6c014dbfcd32ffa902f60 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:0 fec_blocks 612178 fec_start 612178 fec_roots 2
product_b : 254:0
target#1: 0-885088: linear, 259:79 2048
target#2: 885088-1563936: linear, 259:79 2927488
target#3: 1563936-4937216: linear, 259:79 6948720
product_b-cow : 254:7
target#1: 0-4956512: linear, 259:79 10322000
system-verity : 254:14
target#1: 0-2007984: verity, 1 254:1 254:1 4096 4096 250998 250998 sha256 d2e78c261b39beec72070bdd22ce1c5abf10bba945b49bcedebff4c72d9d203b 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:1 fec_blocks 252976 fec_start 252976 fec_roots 2
system_b : 254:1
target#1: 0-2040352: linear, 259:79 887136
system_b-cow : 254:8
target#1: 0-2048336: linear, 259:79 15278512
system_dlkm-verity : 254:19
target#1: 0-592: verity, 1 254:2 254:2 4096 4096 74 74 sha256 3f9935abf3dece27ca208f0263e6aa9351a170aa4cdc82a80fef41aaa15f3e01 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:2 fec_blocks 75 fec_start 75 fec_roots 2
system_dlkm_b : 254:2
target#1: 0-760: linear, 259:79 3606336
system_dlkm_b-cow : 254:9
target#1: 0-776: linear, 259:79 17326848
system_ext-verity : 254:15
target#1: 0-1010008: verity, 1 254:5 254:5 4096 4096 126251 126251 sha1 ca01a3559d54396753625a441a778c2205eb319b 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:5 fec_blocks 127247 fec_start 127247 fec_roots 2
system_ext_b : 254:5
target#1: 0-1026376: linear, 259:79 5857352
system_ext_b-cow : 254:12
target#1: 0-1030400: linear, 259:79 19586688
userdata : 254:53
target#1: 0-452187432: default-key, aes-xts-plain64 - 0 259:80 0 4 allow_discards sector_size:4096 iv_large_sectors wrappedkey_v0
vendor-verity : 254:17
target#1: 0-2184184: verity, 1 254:3 254:3 4096 4096 273023 273023 sha256 9ef07e74271c21370a93b1d4e2a9042e6b60dd2cb157a31e13e7ec873608d525 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:3 fec_blocks 275174 fec_start 275174 fec_roots 2
vendor_b : 254:3
target#1: 0-2226024: linear, 259:79 3607096
vendor_b-cow : 254:10
target#1: 0-2234728: linear, 259:79 17327624
vendor_dlkm-verity : 254:18
target#1: 0-63608: verity, 1 254:6 254:6 4096 4096 7951 7951 sha256 ba5413c500f6306d83857a31cf3ed269916993ec5429238e0f778dc9d4c6705a 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:6 fec_blocks 8015 fec_start 8015 fec_roots 2
vendor_dlkm_b : 254:6
target#1: 0-64992: linear, 259:79 6883728
vendor_dlkm_b-cow : 254:13
target#1: 0-65256: linear, 259:79 20617088
Perfect! So this is https://github.com/chenxiaolong/avbroot/issues/282#issuecomment-2101022071 then.
Your setup is perfectly fine and you can move forward with setting up avbroot. The only "issue" here is that Android has terrible log messages.
Details:
If you extract the fstab file from the vendor_boot
partition, you'll find this line for the system
partition:
system /system ext4 ro,barrier=1,discard wait,slotselect,avb=vbmeta_system,logical,first_stage_mount,avb_keys=/avb/q-gsi.avbpubkey:/avb/r-gsi.avbpubkey:/avb/s-gsi.avbpubkey:/avb/t-gsi.avbpubkey
Notably, it specifies 2 ways of verifying the system partition:
avb=vbmeta_system
avb_keys=/avb/q-gsi.avbpubkey:/avb/r-gsi.avbpubkey:/avb/s-gsi.avbpubkey:/avb/t-gsi.avbpubkey
The avb=vbmeta_system
is the normal way. The issue is that Android is attempting to verify with avb_keys=...
first. That's what results in these logs:
[ 0.838560] init: [libfs_avb] public key data shouldn't be empty for /system
[ 0.838563] init: [libfs_avb] Found unknown public key used to sign /system
[ 0.838566] init: [libfs_avb] Returning avb_handle for '/system' with status: VerificationError
After that fails, it retries with avb=vbmeta_system
, which succeeds:
[ 0.838593] init: [libfs_avb] Built verity table: '1 /dev/block/dm-5 /dev/block/dm-5 4096 4096 250998 250998 sha256 d2e78c261b39beec72070bdd22ce1c5abf10bba945b49bcedebff4c72d9d203b 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 10 use_fec_from_device /dev/block/dm-5 fec_roots 2 fec_blocks 252976 fec_start 252976 restart_on_corruption ignore_zero_blocks'
That log message doesn't say system
, but here's how you know it's for system
. In the log message, the value right after sha256
is the root digest. This same root digest shows up for system
in your avbroot avb info
and dmctl
outputs:
avb-info.txt:
partition_name: "system",
salt: "111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe",
root_digest: "d2e78c261b39beec72070bdd22ce1c5abf10bba945b49bcedebff4c72d9d203b",
dmctl-list.txt:
system-verity : 254:14
target#1: 0-2007984: verity, 1 254:1 254:1 4096 4096 250998 250998 sha256 d2e78c261b39beec72070bdd22ce1c5abf10bba945b49bcedebff4c72d9d203b 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 ignore_zero_blocks use_fec_from_device 254:1 fec_blocks 252976 fec_start 252976 fec_roots 2
Thank you very much!
After patching fstab in my copy of my-avbroot-setup the VerifyError went away. https://github.com/andidevi/my-avbroot-setup/commit/eea8a30ba723e88ef29ae3e2e2d3f04619f1a21d
$ adb shell su -c 'dmesg | grep libfs_avb'
[ 0.832828] init: [libfs_avb] Returning avb_handle with status: Success
[ 0.832857] init: [libfs_avb] Built verity table: '1 /dev/block/dm-5 /dev/block/dm-5 4096 4096 334595 334595 sha256 551689db67496418140084256c9851d45605f7945a394cedec97cf3ae8413e33 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-5 fec_roots 2 fec_blocks 337232 fec_start 337232 ignore_zero_blocks'
[ 0.838656] init: [libfs_avb] Built verity table: '1 /dev/block/dm-17 /dev/block/dm-17 4096 4096 126251 126251 sha1 ca01a3559d54396753625a441a778c2205eb319b 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-17 fec_roots 2 fec_blocks 127247 fec_start 127247 ignore_zero_blocks'
[ 0.841695] init: [libfs_avb] Built verity table: '1 /dev/block/dm-2 /dev/block/dm-2 4096 4096 108907 108907 sha256 d618810a94dc2c0b0e40a012f686347917432ca62a382b20c43633fea51b5bb5 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-2 fec_roots 2 fec_blocks 109766 fec_start 109766 ignore_zero_blocks'
[ 0.844122] init: [libfs_avb] Built verity table: '1 /dev/block/dm-11 /dev/block/dm-11 4096 4096 273023 273023 sha256 9ef07e74271c21370a93b1d4e2a9042e6b60dd2cb157a31e13e7ec873608d525 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-11 fec_roots 2 fec_blocks 275174 fec_start 275174 ignore_zero_blocks'
[ 0.845499] init: [libfs_avb] Built verity table: '1 /dev/block/dm-20 /dev/block/dm-20 4096 4096 7951 7951 sha256 ba5413c500f6306d83857a31cf3ed269916993ec5429238e0f778dc9d4c6705a 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-20 fec_roots 2 fec_blocks 8015 fec_start 8015 ignore_zero_blocks'
[ 0.846656] init: [libfs_avb] Built verity table: '1 /dev/block/dm-8 /dev/block/dm-8 4096 4096 74 74 sha256 3f9935abf3dece27ca208f0263e6aa9351a170aa4cdc82a80fef41aaa15f3e01 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-8 fec_roots 2 fec_blocks 75 fec_start 75 ignore_zero_blocks'
[ 0.849555] init: [libfs_avb] Built verity table: '1 /dev/block/dm-14 /dev/block/dm-14 4096 4096 2953 2953 sha256 86f0d73ba2d18ebc7caf2eaaf223c612ebb58029985c77efc3db7364a6bfc241 111643f3b4f11a7f75d7d8e6e250347102667c9d1a0552d29e85f4c92cb38ffe 9 use_fec_from_device /dev/block/dm-14 fec_roots 2 fec_blocks 2978 fec_start 2978 ignore_zero_blocks'
in step
avbroot ota verify
says "Signatures are all valid!", see ota-verify.txtsteps to reproduce: