The commit in d14b895665
(https://android-review.googlesource.com/c/platform/build/+/728287)
changed partition layout, to always build the root dir into system.img,
even for devices not using system-as-root (i.e. the ones with separate
boot ramdisk).
With the new layout, there will be two root dirs for non-system-as-root
targets during the boot. If such a device uses Verified Boot 1.0,
/verity_key needs to be available in both roots, to establish the chain
of trust.
- bootloader uses the baked-in key to verify boot.img; it then loads
the ramdisk from the verified boot.img
- First stage init uses /verity_key (in ramdisk) to verify and mount
system.img at /system, then chroot's to it
- Second stage init uses /verity_key (in system.img) to verify and
mount other partitions
This CL adds rules to additionally install verity_key into ramdisk for
such targets.
Bug: 139770257
Test: Set up a target to use non-system-as-root
(BOARD_BUILD_SYSTEM_ROOT_IMAGE != true). `m dist`.
Test: Check that both ROOT/verity_key and BOOT/RAMDISK/verity_key exist
in the built target_files.zip.
Test: Run validate_target_files to validate the above target_files.zip.
$ validate_target_files \
--verity_key_mincrypt /path/to/verity_key \
target_files.zip
Test: Run sign_target_files_apks to sign the above target. Re-run
validate_target_files on the signed target_files.zip.
Test: python -m unittest test_validate_target_files
Change-Id: Ibe7e771c8c376429add85851ac86055564765d3c
certificate.
See the comment in cts/tests/tests/carrierapi/Android.bp
Bug: 122332514
Test: atest CtsCarrierApiTestCases
(same failures as baseline)
Change-Id: I80b9a1e466a3556486d05befe60d3522e6980ef5
This allows update_engine listing the file as a required module,
regardless of the value in AB_OTA_UPDATER.
Bug: 130516531
Test: Build aosp_arm64-userdebug w/o setting AB_OTA_UPDATER. Check that
/system/etc/update_engine/update-payload-key.pub.pem is available.
Change-Id: Ied041aca750e7260402ae8dbf65ff740d0b87205
Bug: 30414428
Test: `m -j dist` with aosp_taimen-userdebug. Check
/system/etc/security/otacerts.zip available under system and
recovery images.
Change-Id: I5abeb2da441fb3e3231e094063c2383eb3807852
Merged-In: I5abeb2da441fb3e3231e094063c2383eb3807852
This reverts commit 74f27716f3.
The key/cert pairs for APEXes are moved to the same directory where the
APEXes are defined.
Test: Check this for all APEXes
jarsigner -verify -verbose -certs out/target/product/blueline/system/apex/com.android.tzdata.apex shows
...
X.509, CN=com.android.tzdata, OU=Android, O=Android, L=Mountain View, ST=California, C=US
Change-Id: I8d867b434b93aa68cbc707fa20ed8dbd4cef755e
The networkstack is using shared test keys for NetworkStack.apk,
CaptivePortalLogin.apk and NetworkStackPermissionStub.apk.
This allows NetworkStackPermissionStub.apk to define signature
permissions without the platform certificate, and enforce that the other
packages match the signature to use the permissions if they are
installed.
Bug: 124033493
Test: m
Change-Id: I7257a472d702e82acdadffc4e0535c63a8bd591d
Remove apex_debug_key, in favor of apex.test.key which is under
/system/apex and is built with soong.
Bug: 118213152
Test: /system/etc/security/apex/testkey exists
Change-Id: Iaa0facea2d26cadd48783778e8915bc3c560de10
These keys will be used to sign and verify APEX modules on
eng/userdebug devices. The keys may still change, but are
added now to unblock apexd development.
The keys were generated as follows:
$ openssl genrsa -out apex_debug_key.pem 4096
$ avbtool extract_public_key --key apex_debug_key.pem --output apex_debug_key
We'll probably need PRODUCT_APEX_KEYS at some point, but we'll wait
with that until we have build support.
Bug: 112684055
Test: /system/etc/security/apex/apex_debug_key found on-device
Change-Id: I5f4b1cb1eb11be6431146aa4297b50205fbc382e
This easily allow products to add custom adb keys for debuggable builds.
To use, provide a public key created by `adb keygen` to
PRODUCT_ADB_KEYS.
This way automated test farms don't need manual intervention to
authenticate to the device over adb, but we don't disable security for
everyone else.
Add an inherit-product-if-exists hook to aosp_* targets so that our
build servers can add a key for our test farms.
Bug: 32891559
Test: lunch aosp_marlin-userdebug; m bootimage
Test: lunch aosp_marlin-user; m bootimage
Change-Id: I1720644d89ec5289fbe99f95ebcdfbb3f3b20e67
Add a pointer to the online signing document and delete some redundant
information. Update the "embedding" section and add more background info
on what it is used for. Eliminate references to $BUILD_SECURE which no
longer exists.
Change-Id: I6d971849cc21697de9cf4fd891423f331f083830
Signed-off-by: Kevin Cernekee <cernekee@google.com>
Change boot, recovery, and verity metadata signing keys to use the
same PKCS8 / X.509 PEM format as the other signing keys, and update
build scripts to use correct arguments for the updated signing
tools.
Bug: 15984840
Bug: 18120110
Change-Id: I23ed5a004ecdad6cf7696487935ad5031eb8adf8
(cherry picked from commit 72d90eb189)