Enable DM-Verity failed on imx8evk_mq with android 8.0 sdk

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enable DM-Verity failed on imx8evk_mq with android 8.0 sdk

1,308 Views
chenlifu2015
Contributor I

     I want to enable dm-verity on imx8evk-mq with android sdk:imx-o8.1.0_1.3.0_8m , I compile it successfully, but I find that build_verity_metadata.py is not called by default, so I changed the device/fsl/imx8/evk_8mq.mk. add following lines:

      PRODUCT_SYSTEM_VERITY_PARTITION := /dev/block/by-name/system
      $(call inherit-product, build/target/product/verity.mk)

      then I restart compiling, build_verity_metadata.py has been called this time, but I get the error log:

      

Running: build_verity_tree -A aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7 out/target/product/evk_8mq/obj/PACKAGING/systemimage_intermediates/system.img /tmp/tmpo09JWx_verity_images/verity.img
a7ea8c7228291fb935035f70f070259d967eecb4a95baa73da162df1ada11151 aee087a5be3b982978c923f566a94613496b417f2af592639berror: failed to build out/target/product/evk_8mq/obj/PACKAGING/systemimage_intermediates/system.img from out/target/product/evk_8mq/system
c80d141e34dfe7
Running: system/extras/verity/build_verity_metadata.py build 1572691968 /tmp/tmpo09JWx_verity_images/verity_metadata.img a7ea8c7228291fb935035f70f070259d967eecb4a95baa73da162df1ada11151 aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7 /dev/block/by-name/system verity_signer build/target/product/security/verity.pk8
['verity_signer', '/tmp/tmpbnXVpk.table', 'build/target/product/security/verity.pk8', '/tmp/tmpQcs30V.sig']
1597992960
1572691968
12619776
12681216
appending /tmp/tmpo09JWx_verity_images/verity_metadata.img to /tmp/tmpo09JWx_verity_images/verity.img
in BuildVerifiedImage xxxxxxxxxxxxxxxxxxx

Running: append2simg out/target/product/evk_8mq/obj/PACKAGING/systemimage_intermediates/system.img /tmp/tmpo09JWx_verity_images/verity.img

Running: avbtool add_hashtree_footer --partition_size 1597992960 --partition_name system --image out/target/product/evk_8mq/obj/PACKAGING/systemimage_intermediates/system.img --setup_as_rootfs_from_kernel
out/host/linux-x86/bin/avbtool: Image size of 1585115136 exceeds maximum image size of 1572691968 in order to fit in a partition size of 1597992960.
Out of space? the tree size of out/target/product/evk_8mq/system is (MB):
944 out/target/product/evk_8mq/system
The max is 1536 MB.

   

   I wish to knoe how to resolve this problem, thanks!

0 Kudos
2 Replies

1,003 Views
pratik_manvar
Contributor III

Hello 礼夫 陈 さん

I am also facing same errors on i.MX8MQ device. Please help me out, If you got any solution.

Thanks & Regards,

Pratik Manvar

0 Kudos

1,003 Views
diegoadrian
NXP Employee
NXP Employee

Hello,

Supposedly, it should be enabled from the beginning. However, you can enable it through the menu config. Is the DM_VERITY option.

Hope this information can help you.

Best regards,

Diego.

0 Kudos