Append error-correcting codes to verified partitions provided that
PRODUCT_SUPPORTS_VERITY_FEC is true.
This moves verity metadata to be after the hash tree, and requires
matching changes from
Ide48f581bbba77aed6132f77b309db71630d81ed
Bug: 21893453
Change-Id: I6945cbab99e214566a1f9d3702333f2dbbc35816
We don't have dm-verity enabled on eng builds, so don't waste time
generating metadata for images.
Change-Id: Ib2c8d459bb50c30dc32a4ea1fdedc152c09a3a0f
(cherry picked from commit beae6395fc)
Allow dm-verity to be enabled without boot and recovery images being
signed. This makes it possible to enable only dm-verity to detect
corruption without confusing bootloaders that do not understand signed
images.
Bug: 19985143
Change-Id: Ie52c6ff595faa7a5c1f1bc1b37f6899c4d0c7001
Change boot, recovery, and verity metadata signing keys to use the
same PKCS8 / X.509 PEM format as the other signing keys, and update
build scripts to use correct arguments for the updated signing
tools.
Change-Id: I23ed5a004ecdad6cf7696487935ad5031eb8adf8
Without this, system images will be built that do not contain the
necessary bits for verification.
Change-Id: I87c15282b26377d7a2a1540e3d0e30b0299622e3
Move image dependencies out of PRODUCT_PACKAGES and into direct
dependencies for the image building rules.
Fix the test for PRODUCT_SUPPORTS_VERITY, it needs to check for
the current project as the global is no longer set.
Change-Id: I811501834ae5ec658229bd505fcc48275ff578c9
