10 MAGIC_NUMBER = 0xb001b001
12 METADATA_SIZE = BLOCK_SIZE * 8
15 status, output = commands.getstatusoutput(cmd)
20 def get_verity_metadata_size(data_size):
23 def build_metadata_block(verity_table, signature):
24 table_len = len(verity_table)
25 block = struct.pack("II256sI", MAGIC_NUMBER, VERSION, signature, table_len)
27 block = block.ljust(METADATA_SIZE, '\x00')
30 def sign_verity_table(table, signer_path, key_path):
31 with tempfile.NamedTemporaryFile(suffix='.table') as table_file:
32 with tempfile.NamedTemporaryFile(suffix='.sig') as signature_file:
33 table_file.write(table)
35 cmd = " ".join((signer_path, table_file.name, key_path, signature_file.name))
38 return signature_file.read()
40 def build_verity_table(block_device, data_blocks, root_hash, salt):
41 table = "1 %s %s %s %s %s %s sha256 %s %s"
42 table %= ( block_device,
52 def build_verity_metadata(data_blocks, metadata_image, root_hash,
53 salt, block_device, signer_path, signing_key):
54 # build the verity table
55 verity_table = build_verity_table(block_device, data_blocks, root_hash, salt)
56 # build the verity table signature
57 signature = sign_verity_table(verity_table, signer_path, signing_key)
58 # build the metadata block
59 metadata_block = build_metadata_block(verity_table, signature)
60 # write it to the outfile
61 with open(metadata_image, "wb") as f:
62 f.write(metadata_block)
64 if __name__ == "__main__":
65 if len(sys.argv) == 3 and sys.argv[1] == "-s":
66 print get_verity_metadata_size(int(sys.argv[2]))
67 elif len(sys.argv) == 8:
68 data_image_blocks = int(sys.argv[1]) / 4096
69 metadata_image = sys.argv[2]
70 root_hash = sys.argv[3]
72 block_device = sys.argv[5]
73 signer_path = sys.argv[6]
74 signing_key = sys.argv[7]
75 build_verity_metadata(data_image_blocks, metadata_image, root_hash,
76 salt, block_device, signer_path, signing_key)