tequilaOS/platform_build
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Append pubkey of microdroid-vendor into avb prop of vendor_boot

Browse source 
For protected VM in AVF, the public key of microdroid-vendor partition
should be passed via trustable way. However, pvmfw config data is
constructed from ABL. AVB property is needed to pass the public key from
the source code into ABL, determined in the build time.

Bug: 285854379
Test: avbtool info_image --image $ANDROID_PRODUCT_OUT/vendor_boot.img
Change-Id: I024d1d835cccb27feef1164aca30712dbb8a70da
This commit is contained in:
Seungjae Yoo 2023-12-04 13:08:24 +09:00
parent 2f9162f1cb
commit e68d922118
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
core/Makefile
View file

@ -4600,6 +4600,12 @@ BOARD_AVB_PVMFW_ADD_HASH_FOOTER_ARGS += \
--prop com.android.build.pvmfw.security_patch:$(PVMFW_SECURITY_PATCH)
endif
# Append avbpubkey of microdroid-vendor partition into vendor_boot partition.
ifdef MICRODROID_VENDOR_AVBKEY
BOARD_AVB_VENDOR_BOOT_ADD_HASH_FOOTER_ARGS += \
--prop_from_file com.android.build.microdroid-vendor.avbpubkey:$(MICRODROID_VENDOR_AVBKEY)
endif
BOOT_FOOTER_ARGS := BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS
INIT_BOOT_FOOTER_ARGS := BOARD_AVB_INIT_BOOT_ADD_HASH_FOOTER_ARGS
VENDOR_BOOT_FOOTER_ARGS := BOARD_AVB_VENDOR_BOOT_ADD_HASH_FOOTER_ARGS