From e3ca398a1ecadb18ff491b33066100d3f1ab5963 Mon Sep 17 00:00:00 2001
From: hungweichen <hungweichen@google.com>
Date: Mon, 8 Aug 2022 09:49:14 +0000
Subject: [PATCH] Remove verity.mk, verity_key, PRODUCT_VERITY_SIGNING_KEY

verity.mk is used to set the related variable for VB 1.0 support, but
we already removed VB 1.0. This change removes the unused code. We also
remove and block PRODUCT_VERITY_SIGNING_KEY in this change.

Bug: 241044073
Test: atest under build/make
Change-Id: Ifbcde7da27a931ef3b9d746b1c5a279d88c0ec85
---
 core/config.mk                          |   1 +
 core/product.mk                         |   1 -
 core/tasks/tools/build_custom_image.mk  |   1 -
 target/product/security/Android.mk      |  37 ------------------------
 target/product/security/verity.pk8      | Bin 1219 -> 0 bytes
 target/product/security/verity.x509.pem |  24 ---------------
 target/product/security/verity_key      | Bin 524 -> 0 bytes
 target/product/verity.mk                |  25 ----------------
 8 files changed, 1 insertion(+), 88 deletions(-)
 delete mode 100644 target/product/security/verity.pk8
 delete mode 100644 target/product/security/verity.x509.pem
 delete mode 100644 target/product/security/verity_key
 delete mode 100644 target/product/verity.mk

diff --git a/core/config.mk b/core/config.mk
index ad4491cf24..181bdcfb07 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -164,6 +164,7 @@ $(KATI_obsolete_var ALL_ORIGINAL_DYNAMIC_BINARIES,ALL_ORIGINAL_DYNAMIC_BINARIES
 $(KATI_obsolete_var PRODUCT_SUPPORTS_VERITY,VB 1.0 and related variables are no longer supported)
 $(KATI_obsolete_var PRODUCT_SUPPORTS_VERITY_FEC,VB 1.0 and related variables are no longer supported)
 $(KATI_obsolete_var PRODUCT_SUPPORTS_BOOT_SIGNER,VB 1.0 and related variables are no longer supported)
+$(KATI_obsolete_var PRODUCT_VERITY_SIGNING_KEY,VB 1.0 and related variables are no longer supported)
 # Used to force goals to build.  Only use for conditionally defined goals.
 .PHONY: FORCE
 FORCE:
diff --git a/core/product.mk b/core/product.mk
index fcfe891ac1..ee2fa5a4b8 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -165,7 +165,6 @@ _product_list_vars += PRODUCT_DEXPREOPT_SPEED_APPS
 _product_list_vars += PRODUCT_LOADED_BY_PRIVILEGED_MODULES
 _product_single_value_vars += PRODUCT_VBOOT_SIGNING_KEY
 _product_single_value_vars += PRODUCT_VBOOT_SIGNING_SUBKEY
-_product_single_value_vars += PRODUCT_VERITY_SIGNING_KEY
 _product_single_value_vars += PRODUCT_SYSTEM_VERITY_PARTITION
 _product_single_value_vars += PRODUCT_VENDOR_VERITY_PARTITION
 _product_single_value_vars += PRODUCT_PRODUCT_VERITY_PARTITION
diff --git a/core/tasks/tools/build_custom_image.mk b/core/tasks/tools/build_custom_image.mk
index b89b23ce63..2626120eb0 100644
--- a/core/tasks/tools/build_custom_image.mk
+++ b/core/tasks/tools/build_custom_image.mk
@@ -91,7 +91,6 @@ $(my_built_custom_image): PRIVATE_STAGING_DIR := $(my_staging_dir)
 $(my_built_custom_image): PRIVATE_COPY_PAIRS := $(my_copy_pairs)
 $(my_built_custom_image): PRIVATE_PICKUP_FILES := $(my_pickup_files)
 $(my_built_custom_image): PRIVATE_SELINUX := $(CUSTOM_IMAGE_SELINUX)
-$(my_built_custom_image): PRIVATE_VERITY_KEY := $(PRODUCT_VERITY_SIGNING_KEY)
 $(my_built_custom_image): PRIVATE_VERITY_BLOCK_DEVICE := $(CUSTOM_IMAGE_VERITY_BLOCK_DEVICE)
 $(my_built_custom_image): PRIVATE_DICT_FILE := $(CUSTOM_IMAGE_DICT_FILE)
 $(my_built_custom_image): PRIVATE_AVB_AVBTOOL := $(AVBTOOL)
diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk
index ad25a9261c..4bd8efc0fe 100644
--- a/target/product/security/Android.mk
+++ b/target/product/security/Android.mk
@@ -1,42 +1,5 @@
 LOCAL_PATH:= $(call my-dir)
 
-#######################################
-# verity_key (installed to /, i.e. part of system.img)
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := verity_key
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
-LOCAL_LICENSE_CONDITIONS := notice
-LOCAL_NOTICE_FILE := build/soong/licenses/LICENSE
-LOCAL_SRC_FILES := $(LOCAL_MODULE)
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
-
-# For devices using a separate ramdisk, we need a copy there to establish the chain of trust.
-ifneq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true)
-LOCAL_REQUIRED_MODULES := verity_key_ramdisk
-endif
-
-include $(BUILD_PREBUILT)
-
-#######################################
-# verity_key (installed to ramdisk)
-#
-# Enabling the target when using system-as-root would cause build failure, as TARGET_RAMDISK_OUT
-# points to the same location as TARGET_ROOT_OUT.
-ifneq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true)
-  include $(CLEAR_VARS)
-  LOCAL_MODULE := verity_key_ramdisk
-  LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
-  LOCAL_LICENSE_CONDITIONS := notice
-  LOCAL_NOTICE_FILE := build/soong/licenses/LICENSE
-  LOCAL_MODULE_CLASS := ETC
-  LOCAL_SRC_FILES := verity_key
-  LOCAL_MODULE_STEM := verity_key
-  LOCAL_MODULE_PATH := $(TARGET_RAMDISK_OUT)
-  include $(BUILD_PREBUILT)
-endif
-
 #######################################
 # adb key, if configured via PRODUCT_ADB_KEYS
 ifdef PRODUCT_ADB_KEYS
diff --git a/target/product/security/verity.pk8 b/target/product/security/verity.pk8
deleted file mode 100644
index bebf216cb6004b5c6665d044916c8a5a70f4a12b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1219
zcmV;!1U&mNf&{+;0RS)!1_>&LNQU<f0RaI800e>rsW5^Br2+u}0)hbn0O;#@O)pJU
zk$QWxJKN`JXXMf3GhwFmf~sQc5HpLXW)JJ2phAh6v*Nf;L&5#EipG7q6%@NiP&1C5
zD~cQ|6A`V+<{KQH7JjIH&CU#y7dlJ!fThd)S6dMGLvI}2yUh2>PnPSuoiq2=?Pl6T
zaL&?6?)ogsYESo1ja=sH7nu(=P}@Mw5wjV{O;vLyTI9w$NIFyP2-!D#E6lG@#i0RX
z&!nR5RDWv#zEjRN4M*Lg&C;CDa3e;-HwifHrX@fGXP418BSkBj2eQ2ou6i9`juh0o
zBU4X}(EAjGp~z`!sh3nbKon($r*4=YPm_B<zOK5b2Bw70k*RL#Ndf}_009Dm0RVXP
zHow+Qks1#I2i%b0##07&oXWNCPEkONC&zsa3%o0iP!@?74YOs85>ShO<@1mVAVlm$
zD9=<zz6Gl--;9EUzA*V|O@=M?@C%Lc=e&zBfo$U}U->yWK|e}|G5TSFSQRFzdH*xY
zgIPN*BNBwfol-TXX5#p5)M)dPl7jmJQ2Gv(*Ym!j$FB{5swvIpd-Slm)`GxcHM>N<
z=qwC5ks5erFMHPzIEXs4156qVPhcaHx|jz4_eld#x|4N6g;ISU`V^mclfpv-O5-}s
zCDaLL1Up}63MrecTJ4u}ku{vxgXcqjtWUEC09s5Q2)zY>lWfc=X<iiXu7Lu9fdKUn
zA`iZwh1pY`mDQeVj7lNMB*j}Np&9^pBR)8iDtV_z#5St;_6y1Ut6{dlB>uX&<h2Pb
zM?I<Ieha_sE#`3!iB4v+ruv`VAL6FxOo<!9O4D>M^1V3`QYB$9*s{u3$!abr0$fUJ
z-12GL=T3KRPhSrASRWx<uDkhaUs(cyfdKPSm#ND5fF_VolJbtCY>C4Q0urGV;N^XA
z(~i%%tC+CGVzR;ACxiZOzztALDPz}*l?T220d|ALu*L%VKTw`qR9YCy6s^XC;N|^x
zul<D1RD3IO_Bw;Uz-nlL$S5o|Qz*!=0rO4SiFnw#z?9tOb-zj3Fv?-{p^%y?^l<`#
zfdH(+z-EmibpRt=gBKVXQBkSGDS05QEqviS98+%^Olx~Avi(0sljQfl^DAxS!>{=N
zxMq-2@ZMecjS<Irzgj2t@q(TY@O#@^&Tzo(YaMmIVRiKYYz$685yD(#O+c<Wc{?l8
z^yd#}ir_O8-dc$RJmYNdp5{Yj87WuFPw@hQfdJ#%>-do1NIF#cZ?k}jaJ5br_xSWG
zb~V#f9(rZtO=Is~*?;GDu(P&EhR3l3vD*_CUl`&1rfw4z)+vb2OAfb9b>HpD2)1|X
zHff6lW9d0QbM@FopS{X-j{?^ndXUUrpQG5+qVDrwoszQpxbtr<-zTL5q~cNgVs+&@
z2C)KxfdHOmL!fWm!wfP<2Mlq=g8;nS3Mq#2s_*R^>nR|;8&bwy?9T|Fo6wYa_|xdV
zOUs<Zu1zJwZK;-5aUT>Z*;cW!aem(yO0-@)ToG{KSNO$)g^D87t%DobVP%fxxWmfP
hk4vOBJnVsAiAcI)+4Ln>*X%OBo25xJ{%5YX31a)eQE>nO

diff --git a/target/product/security/verity.x509.pem b/target/product/security/verity.x509.pem
deleted file mode 100644
index 86399c3c1d..0000000000
--- a/target/product/security/verity.x509.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID/TCCAuWgAwIBAgIJAJcPmDkJqolJMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
-VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g
-VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE
-AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
-Fw0xNDExMDYxOTA3NDBaFw00MjAzMjQxOTA3NDBaMIGUMQswCQYDVQQGEwJVUzET
-MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G
-A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p
-ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAOjreE0vTVSRenuzO9vnaWfk0eQzYab0gqpi
-6xAzi6dmD+ugoEKJmbPiuE5Dwf21isZ9uhUUu0dQM46dK4ocKxMRrcnmGxydFn6o
-fs3ODJMXOkv2gKXL/FdbEPdDbxzdu8z3yk+W67udM/fW7WbaQ3DO0knu+izKak/3
-T41c5uoXmQ81UNtAzRGzGchNVXMmWuTGOkg6U+0I2Td7K8yvUMWhAWPPpKLtVH9r
-AL5TzjYNR92izdKcz3AjRsI3CTjtpiVABGeX0TcjRSuZB7K9EK56HV+OFNS6I1NP
-jdD7FIShyGlqqZdUOkAUZYanbpgeT5N7QL6uuqcGpoTOkalu6kkCAwEAAaNQME4w
-HQYDVR0OBBYEFH5DM/m7oArf4O3peeKO0ZIEkrQPMB8GA1UdIwQYMBaAFH5DM/m7
-oArf4O3peeKO0ZIEkrQPMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
-AHO3NSvDE5jFvMehGGtS8BnFYdFKRIglDMc4niWSzhzOVYRH4WajxdtBWc5fx0ix
-NF/+hVKVhP6AIOQa+++sk+HIi7RvioPPbhjcsVlZe7cUEGrLSSveGouQyc+j0+m6
-JF84kszIl5GGNMTnx0XRPO+g8t6h5LWfnVydgZfpGRRg+WHewk1U2HlvTjIceb0N
-dcoJ8WKJAFWdcuE7VIm4w+vF/DYX/A2Oyzr2+QRhmYSv1cusgAeC1tvH4ap+J1Lg
-UnOu5Kh/FqPLLSwNVQp4Bu7b9QFfqK8Moj84bj88NqRGZgDyqzuTrFxn6FW7dmyA
-yttuAJAEAymk1mipd9+zp38=
------END CERTIFICATE-----
diff --git a/target/product/security/verity_key b/target/product/security/verity_key
deleted file mode 100644
index 31982d95ad57005430b65bb28dbfd39adb231347..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 524
zcmV+n0`vVq00007*!mSo>Tao#&V;50r@F4bKzox<9++;YhGi5$I#idbYH7%!gcSSG
zjZae}y3`boUmbd`5WTVonJYyjH_?}81VAOG?KlZH!bT%-&z#cDqTNRgHqKMN0Be6#
z?V_a5V*#PXP_N7@dpFq#?Nd5PI>zK$CUaFy$QiQ{%|P2wH4m8=>gHUHPxnu1$}IZs
zNz%@6L)vET*7q}=yX%%u%J<B>-5hU2_YhlG{L7_)_Deb!lMK$yeyDyHog5qH$*mC+
zD;$a|osKh5N4pdix_!oqwf(_EPPpQ;nTbN6pz9B2r;9TX>td>c^rm4m<k943Y3JKJ
zvwM1xR822Uc<bo$)V56<?tTX*4ig{!*kQgTEl~d8ITcUHcp^`fs*oiW!<cfce8#<S
z@EvrginISO;oC!4flr3**$(}X<+5yFAk{W>RQO5Icr(+stoA0|`|}7FmS+A=VX_>8
zY{CI-h?eiWdWapYX_c4Z!3_b~H#5fBwAQHXK>snOd)%677I<*-H^|dT5Y^3neCwAV
z5g%<5@KOth19r#9E`RiKU>MT}%f}#VQ~0Nv^RDDd7csx@I@O`AG3{dh1+U@!cT>&$
z`t<&6{lIv<Iq+D{(ZlNCp6ePw%zg@c-P?l)B)GY|`=a7O!m*3$poV4yLIg&)SkhJz
OQmO{;c1c750098P_6ukL

diff --git a/target/product/verity.mk b/target/product/verity.mk
deleted file mode 100644
index 961567c76d..0000000000
--- a/target/product/verity.mk
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Copyright (C) 2014 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# Provides dependencies necessary for verified boot.
-
-# The dev key is used to sign boot and recovery images, and the verity
-# metadata table. Actual product deliverables will be re-signed by hand.
-# We expect this file to exist with the suffixes ".x509.pem" and ".pk8".
-PRODUCT_VERITY_SIGNING_KEY := build/make/target/product/security/verity
-
-PRODUCT_PACKAGES += \
-        verity_key