Lines Matching +full:avb +full:- +full:algorithm
25 """Command-line tool for working with Android Verified Boot images."""
56 """Application-specific errors.
58 These errors represent issues for which a stack-trace should not be
69 class Algorithm(object): class
70 """Contains details about an algorithm.
74 The constant |ALGORITHMS| is a dictionary from human-readable
98 # The PKC1-v1.5 padding is a blob of binary DER of ASN.1 and is
101 'NONE': Algorithm(
108 'SHA256_RSA2048': Algorithm(
115 # PKCS1-v1_5 padding
122 'SHA256_RSA4096': Algorithm(
129 # PKCS1-v1_5 padding
136 'SHA256_RSA8192': Algorithm(
143 # PKCS1-v1_5 padding
150 'SHA512_RSA2048': Algorithm(
157 # PKCS1-v1_5 padding
164 'SHA512_RSA4096': Algorithm(
171 # PKCS1-v1_5 padding
178 'SHA512_RSA8192': Algorithm(
185 # PKCS1-v1_5 padding
217 return number + size - remainder
231 return 2**((number - 1).bit_length())
237 This number is written big-endian, e.g. with the most significant
250 for bit_pos in range(num_bits, 0, -8):
251 octet = (value >> (bit_pos - 8)) & 0xff
259 This number is expected to be in big-endian, e.g. with the most
281 Euclidian algorithm.
294 return (g, x - (b // a) * y, y)
301 |m|). This number only exists if |a| and |m| are co-prime - |None|
310 these numbers are not co-prime.
321 This is just a short-hand for int(string, 0) suitable for use in the
369 args = ['openssl', 'rsa', '-in', key_path, '-modulus', '-noout']
377 args.append('-pubin')
414 # Calculate n0inv = -1/n[0] (mod 2^32)
416 n0inv = b - modinv(self.modulus, b)
433 algorithm_name: The algorithm name as per the ALGORITHMS dict.
444 # Checks requested algorithm for validity.
445 algorithm = ALGORITHMS.get(algorithm_name)
446 if not algorithm:
447 raise AvbError('Algorithm with name {} is not supported.'
450 if self.num_bits != (algorithm.signature_num_bytes * 8):
452 '({} bits) of given algorithm {}.'
453 .format(self.num_bits, algorithm.signature_num_bytes * 8,
457 hasher = hashlib.new(algorithm.hash_name)
462 padding_and_hash = algorithm.padding + digest
484 ['openssl', 'rsautl', '-sign', '-inkey', self.key_path, '-raw'],
493 if len(signature) != algorithm.signature_num_bytes:
499 """Looks up algorithm by type.
505 A tuple with the algorithm name and an |Algorithm| instance.
508 Exception: If the algorithm cannot be found
514 raise AvbError('Unknown algorithm type {}'.format(alg_type))
527 AvbError: If the algorithm cannot be found.
533 raise AvbError('Unsupported algorithm type {}'.format(alg_type))
606 'algorithm=SEQUENCE:rsa_alg\n'
610 'algorithm=OID:rsaEncryption\n'
624 ['openssl', 'asn1parse', '-genconf', asn1_tmpfile.name, '-out',
625 der_tmpfile.name, '-noout'])
631 ['openssl', 'rsautl', '-verify', '-pubin', '-inkey', der_tmpfile.name,
632 '-keyform', 'DER', '-raw'],
646 def create_avb_hashtree_hasher(algorithm, salt): argument
647 """Create the hasher for AVB hashtree based on the input algorithm."""
649 if algorithm.lower() == 'blake2b-256':
652 return hashlib.new(algorithm, salt)
661 output_offset: Offset in de-sparsified file where output begins.
680 output_offset: Offset in de-sparsified file.
724 For reading, this interface mimics a file object - it has seek(),
750 read_only: True if file is only opened for read-only operations.
816 data_sz = total_sz - struct.calcsize(ImageChunk.FORMAT)
844 raise ValueError('Don\'t care chunk input size is non-zero ({})'.
905 OSError: If ImageHandler was initialized in read-only mode.
910 raise OSError('ImageHandler is in read-only mode.')
942 OSError: If ImageHandler was initialized in read-only mode.
947 raise OSError('ImageHandler is in read-only mode.')
975 fill_data: Fill data to append - must be four bytes.
976 size: Number of chunk - must be a multiple of four and the block size.
979 OSError: If ImageHandler was initialized in read-only mode.
986 raise OSError('ImageHandler is in read-only mode.')
1043 self._file_pos) - 1
1048 chunk_pos_offset = self._file_pos - chunk.output_offset
1049 chunk_pos_to_go = min(chunk.output_size - chunk_pos_offset, to_go)
1062 to_go -= chunk_pos_to_go
1087 OSError: If ImageHandler was initialized in read-only mode.
1090 raise OSError('ImageHandler is in read-only mode.')
1106 chunk_idx = bisect.bisect_right(self._chunk_output_offsets, size) - 1
1109 # Truncation in the middle of a trunk - need to keep the chunk
1112 num_to_keep = size - chunk.output_offset
1147 # We've modified the file so re-read all data.
1150 # Truncating to grow - just add a DONT_CARE section.
1151 self.append_dont_care(size - self.image_size)
1155 """Class for AVB descriptor.
1208 padding_size = nbf_with_padding - num_bytes_following
1216 """Verifies contents of the descriptor - used in verify_image sub-command.
1230 # Deletes unused parameters to prevent pylint warning unused-argument.
1270 self.SIZE - 16 + key_size + 1 + value_size + 1, 8)
1275 self.key = data[self.SIZE:(self.SIZE + key_size)].decode('utf-8')
1277 raise LookupError('Key cannot be decoded as UTF-8: {}.'
1299 o.write(' Prop: {} -> {}\n'.format(self.key, printable_value))
1301 o.write(' Prop: {} -> ({} bytes)\n'.format(self.key, len(self.value)))
1309 key_encoded = self.key.encode('utf-8')
1311 self.SIZE + len(key_encoded) + len(self.value) + 2 - 16)
1313 padding_size = nbf_with_padding - num_bytes_following
1322 """Verifies contents of the descriptor - used in verify_image sub-command.
1346 dm_verity_version: dm-verity version used.
1355 hash_algorithm: Hash algorithm used as string.
1366 'L' # dm-verity version used
1375 '32s' # hash algorithm used
1405 self.SIZE - 16 + partition_name_len + salt_len + root_digest_len, 8)
1409 # Nuke NUL-bytes at the end.
1415 ].decode('utf-8')
1417 raise LookupError('Partition name cannot be decoded as UTF-8: {}.'
1426 raise LookupError('root_digest_len doesn\'t match hash algorithm')
1454 o.write(' Version of dm-verity: {}\n'.format(self.dm_verity_version))
1465 o.write(' Hash Algorithm: {}\n'.format(self.hash_algorithm))
1478 partition_name_encoded = self.partition_name.encode('utf-8')
1480 + len(self.salt) + len(self.root_digest) - 16)
1482 padding_size = nbf_with_padding - num_bytes_following
1496 """Verifies contents of the descriptor - used in verify_image sub-command.
1518 digest_padding = round_to_pow2(digest_size) - digest_size
1532 # ... also check that the on-disk hashtree matches
1538 '--accept_zeroed_hashtree was given'
1562 hash_algorithm: Hash algorithm used as string.
1574 '32s' # hash algorithm used
1599 self.SIZE - 16 + partition_name_len + salt_len + digest_len, 8)
1602 # Nuke NUL-bytes at the end.
1608 ].decode('utf-8')
1610 raise LookupError('Partition name cannot be decoded as UTF-8: {}.'
1618 raise LookupError('digest_len doesn\'t match hash algorithm')
1636 o.write(' Hash Algorithm: {}\n'.format(self.hash_algorithm))
1649 partition_name_encoded = self.partition_name.encode('utf-8')
1651 len(self.salt) + len(self.digest) - 16)
1653 padding_size = nbf_with_padding - num_bytes_following
1664 """Verifies contents of the descriptor - used in verify_image sub-command.
1701 """A class for kernel command-line descriptors.
1707 kernel_cmdline: The kernel command-line as string.
1734 expected_size = round_to_multiple(self.SIZE - 16 + kernel_cmdline_length,
1739 # Nuke NUL-bytes at the end.
1742 self.SIZE:(self.SIZE + kernel_cmdline_length)].decode('utf-8')
1744 raise LookupError('Kernel command-line cannot be decoded as UTF-8: {}.'
1766 kernel_cmd_encoded = self.kernel_cmdline.encode('utf-8')
1767 num_bytes_following = (self.SIZE + len(kernel_cmd_encoded) - 16)
1769 padding_size = nbf_with_padding - num_bytes_following
1777 """Verifies contents of the descriptor - used in verify_image sub-command.
1832 self.SIZE - 16 + partition_name_len + public_key_len, 8)
1840 ].decode('utf-8')
1842 raise LookupError('Partition name cannot be decoded as UTF-8: {}.'
1872 partition_name_encoded = self.partition_name.encode('utf-8')
1874 self.SIZE + len(partition_name_encoded) + len(self.public_key) - 16)
1876 padding_size = nbf_with_padding - num_bytes_following
1886 """Verifies contents of the descriptor - used in verify_image sub-command.
1903 '--expected_chain_partition to specify expected '
1904 'contents or --follow_chain_partitions.\n'.
1962 the image before AVB information was added.
2001 raise LookupError('Given data does not look like a AVB footer.')
2022 """A class for parsing and writing AVB vbmeta images.
2035 algorithm_type: The verification algorithm used, see |AvbAlgorithmType|
2055 zero if the vbmeta image is not a top-level image.
2061 "avbtool 1.0.0 xyz_board Git-234abde89". Is guaranteed to be NUL
2074 'L' # algorithm type
2083 '47sx' + # NUL-terminated release string
2110 # Nuke NUL-bytes at the end of the string.
2113 self.release_string = release_string.rstrip(b'\0').decode('utf-8')
2157 release_string_encoded = self.release_string.encode('utf-8')
2171 class Avb(object): class
2172 """Business logic for avbtool command-line tool."""
2182 # meaningful errors if the value passed in via --partition_size is
2183 # too small and when --calc_max_image_size is used. We use
2228 padding_needed = padded_size - len(vbmeta_blob)
2301 raise AvbError('Hash-tree and FEC data must be adjacent.')
2307 data = image.read(image.image_size - zero_end_offset)
2310 # where a magic marker - ZeroHaSH - is placed. Place these markers in the
2317 data_zeroed_firstblock = b'ZeRoHaSH' + b'\0' * (image.block_size - 8)
2319 image.append_fill(b'\0\0\0\0', zero_ht_num_bytes - image.block_size)
2322 image.append_fill(b'\0\0\0\0', zero_fec_num_bytes - image.block_size)
2349 vbmeta_end_offset += image.block_size - (vbmeta_end_offset
2362 image.append_dont_care(partition_size - vbmeta_end_offset -
2365 # Just reuse the same footer - only difference is that we're
2368 footer_blob_with_padding = (b'\0' * (image.block_size - AvbFooter.SIZE) +
2411 output: Output file to write human-readable information to (file object).
2433 o.write('--\n')
2449 o.write('Algorithm: {}\n'.format(alg_name))
2501 the --expected_chain_partition option
2572 # --expect_chain_partition ... however --follow_chain_partitions was
2581 # Honor --follow_chain_partitions - add '--' to make the output more
2585 print('--')
2596 output: Output file to write human-readable information to (file object).
2618 output: Output file to write human-readable information to (file object).
2657 hash_algorithm: Hash algorithm used.
2658 output: Output file to write human-readable information to (file object).
2701 output: Output file to write human-readable information to (file object).
2751 AvbDescriptor-derived instances, and the fourth argument is the
2759 image.seek(image.image_size - AvbFooter.SIZE)
2794 image.seek(image.image_size - AvbFooter.SIZE)
2815 """Generate kernel cmdline descriptors for dm-verity.
2821 A list with two AvbKernelCmdlineDescriptor with dm-verity kernel cmdline
2862 c += '" root=/dev/dm-0'
2864 # Now that we have the command-line, generate the descriptor.
2871 # simpler - we just set the root to the partition.
2880 """Generate kernel cmdline descriptors for dm-verity.
2886 A list with two AvbKernelCmdlineDescriptor with dm-verity kernel cmdline
2924 algorithm_name: Name of algorithm to use.
2982 padding_needed = padded_size - len(vbmeta_blob)
3008 algorithm_name: The algorithm name as per the ALGORITHMS dict.
3020 dm-verity kernel cmdline from.
3022 generate dm-verity kernel cmdline descriptors from.
3036 been given and the given algorithm requires one, or the key is
3042 raise AvbError('Unknown algorithm with name {}'
3085 if idx == -1:
3087 # pylint: disable=redefined-variable-type
3090 desc.value = prop[(idx + 1):].encode('utf-8')
3095 if idx == -1:
3101 # pylint: disable=attribute-defined-outside-init
3105 # Add AvbKernelCmdline descriptor for dm-verity from an image, if requested.
3113 # Add AvbKernelCmdline descriptor for dm-verity from desc, if requested.
3120 # Add kernel command-lines.
3138 # The --include_descriptors_from_image option is used in some setups
3161 raise AvbError('Key is required for algorithm {}'.format(
3165 raise AvbError('Key is wrong size for algorithm {}'.format(
3194 # Signature offset and size - it's stored right after the hash
3211 padding_bytes = h.auxiliary_data_block_size - len(aux_data_blob)
3233 padding_bytes = h.authentication_data_block_size - len(auth_data_blob)
3272 image.seek(image.image_size - AvbFooter.SIZE)
3284 # If anything goes wrong from here-on, restore the image back to
3294 padding_needed = image.block_size - (image.image_size%image.block_size)
3302 padding_needed = (round_to_multiple(len(vbmeta_blob), image.block_size) -
3312 image.append_dont_care(partition_size - vbmeta_end_offset -
3323 footer_blob_with_padding = (b'\0' * (image.block_size - AvbFooter.SIZE) +
3328 # Truncate back to original size, then re-raise.
3353 hash_algorithm: Hash algorithm to use.
3356 algorithm_name: Name of algorithm to use.
3366 dm-verity kernel cmdline from.
3369 calc_max_image_size: Don't store the footer - instead calculate the
3386 raise AvbError('--dynamic_partition_size required when not specifying a '
3390 raise AvbError('--calc_max_image_size not supported with '
3391 '--dynamic_partition_size')
3415 print('{}'.format(partition_size - max_metadata_size))
3424 image.seek(image.image_size - AvbFooter.SIZE)
3440 max_image_size = partition_size - max_metadata_size
3446 # If anything goes wrong from here-on, restore the image back to
3509 padding_needed = image.block_size - (
3519 round_to_multiple(len(vbmeta_blob), image.block_size) -
3528 image.append_dont_care(partition_size - vbmeta_end_offset -
3540 b'\0' * (image.block_size - AvbFooter.SIZE) + footer_blob)
3543 # Truncate back to original size, then re-raise.
3567 more information about dm-verity and these hashes.
3575 hash_algorithm: Hash algorithm to use.
3579 algorithm_name: Name of algorithm to use.
3589 dm-verity kernel cmdline from.
3590 setup_as_rootfs_from_kernel: If True, generate dm-verity kernel
3594 calc_max_image_size: Don't store the hashtree or footer - instead
3627 digest_padding = round_to_pow2(digest_size) - digest_size
3644 max_image_size = partition_size - max_metadata_size
3669 image.seek(image.image_size - AvbFooter.SIZE)
3681 # If anything goes wrong from here-on, restore the image back to
3687 image.append_raw('\0' * (rounded_image_size - image.image_size))
3718 padding_needed = image.block_size - (image.image_size%image.block_size)
3753 padding_needed = (round_to_multiple(len(hash_tree), image.block_size) -
3765 padding_needed = (round_to_multiple(len(fec_data), image.block_size) -
3790 padding_needed = (round_to_multiple(len(vbmeta_blob), image.block_size) -
3805 image.append_dont_care(partition_size - image.image_size -
3817 b'\0' * (image.block_size - AvbFooter.SIZE) + footer_blob)
3821 # Truncate back to original size, then re-raise.
3833 a fused, permanent root key. These certificates are fixed-length and fixed-
3840 signature. The signature can be created out-of-band
3843 subject_key_version: A 64-bit version value. If this is None, the number
3893 product_id: A 16-byte Product ID.
3898 EXPECTED_PRODUCT_ID_SIZE = 16 # pylint: disable=invalid-name
3925 EXPECTED_CERTIFICATE_SIZE = 1620 # pylint: disable=invalid-name
3940 Android Things unlock credentials can be used to authorize the unlock of AVB
3942 via the fastboot interface in response to a 16-byte challenge. This method
3965 EXPECTED_CERTIFICATE_SIZE = 1620 # pylint: disable=invalid-name
3966 EXPECTED_CHALLENGE_SIZE = 16 # pylint: disable=invalid-name
3989 """Calculate the offsets of all the hash-levels in a Merkle-tree.
3992 image_size: The size of the image to calculate a Merkle-tree for.
3994 digest_size: The size of each hash, e.g. 32 for SHA-256.
4007 num_blocks = (size + block_size - 1) // block_size
4045 ['fec', '--print-fec-size', str(image_size), '--roots', str(num_roots)],
4071 ['fec', '--encode', '--roots', str(num_roots), image_filename,
4080 footer_data = fec_data[-footer_size:]
4090 """Generates a Merkle-tree for a file.
4096 hash_alg_name: The hash algorithm, e.g. 'sha256' or 'sha1'.
4103 A tuple where the first element is the top-level hash as bytes and the
4104 second element is the hash-tree as bytes.
4111 # If there is only one block, returns the top-level hash directly.
4123 # Only read from the file for the first level - for subsequent
4126 image.seek(hash_src_offset + hash_src_size - remaining)
4129 offset = hash_level_offsets[level_num - 1] + hash_src_size - remaining
4133 remaining -= len(data)
4135 hasher.update(b'\0' * (block_size - len(data)))
4143 len(level_output), block_size) - len(level_output))
4146 # Copy level-output into resulting tree.
4160 """Object for avbtool command-line tool."""
4164 self.avb = Avb()
4167 """Adds arguments used by several sub-commands.
4172 sub_parser.add_argument('--algorithm',
4173 help='Algorithm to use (default: NONE)',
4174 metavar='ALGORITHM',
4176 sub_parser.add_argument('--key',
4180 sub_parser.add_argument('--signing_helper',
4185 sub_parser.add_argument('--signing_helper_with_files',
4190 sub_parser.add_argument('--public_key_metadata',
4194 sub_parser.add_argument('--rollback_index',
4198 sub_parser.add_argument('--rollback_index_location',
4202 # This is used internally for unit tests. Do not include in --help output.
4203 sub_parser.add_argument('--internal_release_string',
4205 sub_parser.add_argument('--append_to_release_string',
4208 sub_parser.add_argument('--prop',
4212 sub_parser.add_argument('--prop_from_file',
4216 sub_parser.add_argument('--kernel_cmdline',
4220 # TODO(zeuthen): the --setup_rootfs_from_kernel option used to be called
4221 # --generate_dm_verity_cmdline_from_hashtree. Remove support for the latter
4223 sub_parser.add_argument('--setup_rootfs_from_kernel',
4224 '--generate_dm_verity_cmdline_from_hashtree',
4228 sub_parser.add_argument('--include_descriptors_from_image',
4233 sub_parser.add_argument('--print_required_libavb_version',
4234 help=('Don\'t store the footer - '
4238 # These are only allowed from top-level vbmeta and boot-in-lieu-of-vbmeta.
4239 sub_parser.add_argument('--chain_partition',
4240 help='Allow signed integrity-data for partition',
4243 sub_parser.add_argument('--flags',
4247 sub_parser.add_argument('--set_hashtree_disabled_flag',
4252 """Adds arguments used by add_*_footer sub-commands.
4257 sub_parser.add_argument('--use_persistent_digest',
4261 'with --do_not_use_ab when an A/B suffix is '
4264 sub_parser.add_argument('--do_not_use_ab',
4284 """Command-line processor.
4296 sub_parser.add_argument('--image_size',
4300 sub_parser.add_argument('--start_byte',
4304 sub_parser.add_argument('--output',
4316 sub_parser.add_argument('--key',
4319 sub_parser.add_argument('--output',
4327 sub_parser.add_argument('--output',
4330 sub_parser.add_argument('--padding_size',
4332 help='If non-zero, pads output with NUL bytes so '
4342 sub_parser.add_argument('--image',
4345 sub_parser.add_argument('--partition_size',
4348 sub_parser.add_argument('--dynamic_partition_size',
4351 sub_parser.add_argument('--partition_name',
4354 sub_parser.add_argument('--hash_algorithm',
4355 help='Hash algorithm to use (default: sha256)',
4357 sub_parser.add_argument('--salt',
4359 sub_parser.add_argument('--calc_max_image_size',
4360 help=('Don\'t store the footer - '
4365 sub_parser.add_argument('--output_vbmeta_image',
4368 sub_parser.add_argument('--do_not_append_vbmeta_image',
4378 sub_parser.add_argument('--image',
4381 sub_parser.add_argument('--partition_size',
4385 sub_parser.add_argument('--vbmeta_image',
4393 sub_parser.add_argument('--image',
4396 sub_parser.add_argument('--partition_size',
4400 sub_parser.add_argument('--partition_name',
4403 sub_parser.add_argument('--hash_algorithm',
4404 help='Hash algorithm to use (default: sha1)',
4406 sub_parser.add_argument('--salt',
4408 sub_parser.add_argument('--block_size',
4412 # TODO(zeuthen): The --generate_fec option was removed when we
4417 sub_parser.add_argument('--generate_fec',
4421 '--do_not_generate_fec',
4422 help='Do not generate forward-error-correction codes',
4424 sub_parser.add_argument('--fec_num_roots',
4428 sub_parser.add_argument('--calc_max_image_size',
4429 help=('Don\'t store the hashtree or footer - '
4435 sub_parser.add_argument('--output_vbmeta_image',
4438 sub_parser.add_argument('--do_not_append_vbmeta_image',
4442 # This is different from --setup_rootfs_from_kernel insofar that
4445 sub_parser.add_argument('--setup_as_rootfs_from_kernel',
4448 sub_parser.add_argument('--no_hashtree',
4451 sub_parser.add_argument('--check_at_most_once',
4460 sub_parser.add_argument('--image',
4464 sub_parser.add_argument('--keep_hashtree',
4471 sub_parser.add_argument('--image',
4480 sub_parser.add_argument('--image',
4484 sub_parser.add_argument('--output',
4487 sub_parser.add_argument('--padding_size',
4489 help='If non-zero, pads output with NUL bytes so '
4498 sub_parser.add_argument('--image',
4502 sub_parser.add_argument('--partition_size',
4510 sub_parser.add_argument('--image',
4514 sub_parser.add_argument('--output',
4518 sub_parser.add_argument('--atx',
4527 sub_parser.add_argument('--image',
4531 sub_parser.add_argument('--key',
4535 sub_parser.add_argument('--expected_chain_partition',
4540 '--follow_chain_partitions',
4542 'specified with the --expected_chain_partition option'),
4545 '--accept_zeroed_hashtree',
4553 sub_parser.add_argument('--image',
4557 sub_parser.add_argument('--output',
4561 sub_parser.add_argument('--json',
4569 sub_parser.add_argument('--image',
4573 sub_parser.add_argument('--hash_algorithm',
4574 help='Hash algorithm to use (default: sha256)',
4576 sub_parser.add_argument('--output',
4585 sub_parser.add_argument('--image',
4589 sub_parser.add_argument('--hashtree_disabled',
4592 sub_parser.add_argument('--output',
4600 sub_parser.add_argument('--misc_image',
4605 sub_parser.add_argument('--slot_data',
4617 sub_parser.add_argument('--output',
4621 sub_parser.add_argument('--subject',
4625 sub_parser.add_argument('--subject_key',
4629 sub_parser.add_argument('--subject_key_version',
4633 sub_parser.add_argument('--subject_is_intermediate_authority',
4637 sub_parser.add_argument('--usage',
4641 sub_parser.add_argument('--authority_key',
4644 sub_parser.add_argument('--signing_helper',
4649 sub_parser.add_argument('--signing_helper_with_files',
4659 sub_parser.add_argument('--output',
4663 sub_parser.add_argument('--root_authority_key',
4667 sub_parser.add_argument('--product_id',
4676 sub_parser.add_argument('--output',
4680 sub_parser.add_argument('--intermediate_key_certificate',
4684 sub_parser.add_argument('--product_key_certificate',
4693 sub_parser.add_argument('--output',
4697 sub_parser.add_argument('--intermediate_key_certificate',
4701 sub_parser.add_argument('--unlock_key_certificate',
4705 sub_parser.add_argument('--challenge',
4711 sub_parser.add_argument('--unlock_key',
4713 'provided if using --challenge.',
4715 sub_parser.add_argument('--signing_helper',
4720 sub_parser.add_argument('--signing_helper_with_files',
4741 """Implements the 'version' sub-command."""
4745 """Implements the 'generate_test_image' sub-command."""
4746 self.avb.generate_test_image(args.output, args.image_size, args.start_byte)
4749 """Implements the 'extract_public_key' sub-command."""
4750 self.avb.extract_public_key(args.key, args.output)
4753 """Implements the 'make_vbmeta_image' sub-command."""
4755 self.avb.make_vbmeta_image(args.output, args.chain_partition,
4756 args.algorithm, args.key,
4771 """Implements the 'append_vbmeta_image' sub-command."""
4772 self.avb.append_vbmeta_image(args.image.name, args.vbmeta_image.name,
4776 """Implements the 'add_hash_footer' sub-command."""
4778 self.avb.add_hash_footer(args.image.name if args.image else None,
4781 args.salt, args.chain_partition, args.algorithm,
4801 """Implements the 'add_hashtree_footer' sub-command."""
4804 # '--generate_fec' option above.
4806 sys.stderr.write('The --generate_fec option is deprecated since FEC '
4808 '--do_not_generate_fec to not generate FEC.\n')
4809 self.avb.add_hashtree_footer(
4815 args.salt, args.chain_partition, args.algorithm,
4838 """Implements the 'erase_footer' sub-command."""
4839 self.avb.erase_footer(args.image.name, args.keep_hashtree)
4842 """Implements the 'zero_hashtree' sub-command."""
4843 self.avb.zero_hashtree(args.image.name)
4846 """Implements the 'extract_vbmeta_image' sub-command."""
4847 self.avb.extract_vbmeta_image(args.output, args.image.name,
4851 """Implements the 'resize_image' sub-command."""
4852 self.avb.resize_image(args.image.name, args.partition_size)
4855 """Implements the 'set_ab_metadata' sub-command."""
4856 self.avb.set_ab_metadata(args.misc_image, args.slot_data)
4859 """Implements the 'info_image' sub-command."""
4860 self.avb.info_image(args.image.name, args.output, args.atx)
4863 """Implements the 'verify_image' sub-command."""
4864 self.avb.verify_image(args.image.name, args.key,
4870 """Implements the 'print_partition_digests' sub-command."""
4871 self.avb.print_partition_digests(args.image.name, args.output, args.json)
4874 """Implements the 'calculate_vbmeta_digest' sub-command."""
4875 self.avb.calculate_vbmeta_digest(args.image.name, args.hash_algorithm,
4879 """Implements the 'calculate_kernel_cmdline' sub-command."""
4880 self.avb.calculate_kernel_cmdline(args.image.name, args.hashtree_disabled,
4884 """Implements the 'make_atx_certificate' sub-command."""
4885 self.avb.make_atx_certificate(args.output, args.authority_key,
4895 """Implements the 'make_atx_permanent_attributes' sub-command."""
4896 self.avb.make_atx_permanent_attributes(args.output,
4901 """Implements the 'make_atx_metadata' sub-command."""
4902 self.avb.make_atx_metadata(args.output,
4907 """Implements the 'make_atx_unlock_credential' sub-command."""
4908 self.avb.make_atx_unlock_credential(