This reverts commit 74f27716f3.
The key/cert pairs for APEXes are moved to the same directory where the
APEXes are defined.
Test: Check this for all APEXes
jarsigner -verify -verbose -certs out/target/product/blueline/system/apex/com.android.tzdata.apex shows
...
X.509, CN=com.android.tzdata, OU=Android, O=Android, L=Mountain View, ST=California, C=US
Change-Id: I8d867b434b93aa68cbc707fa20ed8dbd4cef755e
The networkstack is using shared test keys for NetworkStack.apk,
CaptivePortalLogin.apk and NetworkStackPermissionStub.apk.
This allows NetworkStackPermissionStub.apk to define signature
permissions without the platform certificate, and enforce that the other
packages match the signature to use the permissions if they are
installed.
Bug: 124033493
Test: m
Change-Id: I7257a472d702e82acdadffc4e0535c63a8bd591d
Remove apex_debug_key, in favor of apex.test.key which is under
/system/apex and is built with soong.
Bug: 118213152
Test: /system/etc/security/apex/testkey exists
Change-Id: Iaa0facea2d26cadd48783778e8915bc3c560de10
These keys will be used to sign and verify APEX modules on
eng/userdebug devices. The keys may still change, but are
added now to unblock apexd development.
The keys were generated as follows:
$ openssl genrsa -out apex_debug_key.pem 4096
$ avbtool extract_public_key --key apex_debug_key.pem --output apex_debug_key
We'll probably need PRODUCT_APEX_KEYS at some point, but we'll wait
with that until we have build support.
Bug: 112684055
Test: /system/etc/security/apex/apex_debug_key found on-device
Change-Id: I5f4b1cb1eb11be6431146aa4297b50205fbc382e
This easily allow products to add custom adb keys for debuggable builds.
To use, provide a public key created by `adb keygen` to
PRODUCT_ADB_KEYS.
This way automated test farms don't need manual intervention to
authenticate to the device over adb, but we don't disable security for
everyone else.
Add an inherit-product-if-exists hook to aosp_* targets so that our
build servers can add a key for our test farms.
Bug: 32891559
Test: lunch aosp_marlin-userdebug; m bootimage
Test: lunch aosp_marlin-user; m bootimage
Change-Id: I1720644d89ec5289fbe99f95ebcdfbb3f3b20e67
Add a pointer to the online signing document and delete some redundant
information. Update the "embedding" section and add more background info
on what it is used for. Eliminate references to $BUILD_SECURE which no
longer exists.
Change-Id: I6d971849cc21697de9cf4fd891423f331f083830
Signed-off-by: Kevin Cernekee <cernekee@google.com>
Change boot, recovery, and verity metadata signing keys to use the
same PKCS8 / X.509 PEM format as the other signing keys, and update
build scripts to use correct arguments for the updated signing
tools.
Bug: 15984840
Bug: 18120110
Change-Id: I23ed5a004ecdad6cf7696487935ad5031eb8adf8
(cherry picked from commit 72d90eb189)
