Allow dm-verity to be enabled without boot and recovery images being
signed. This makes it possible to enable only dm-verity to detect
corruption without confusing bootloaders that do not understand signed
images.
Bug: 19985143
Change-Id: Ie52c6ff595faa7a5c1f1bc1b37f6899c4d0c7001
Change boot, recovery, and verity metadata signing keys to use the
same PKCS8 / X.509 PEM format as the other signing keys, and update
build scripts to use correct arguments for the updated signing
tools.
Change-Id: I23ed5a004ecdad6cf7696487935ad5031eb8adf8
Without this, system images will be built that do not contain the
necessary bits for verification.
Change-Id: I87c15282b26377d7a2a1540e3d0e30b0299622e3
Move image dependencies out of PRODUCT_PACKAGES and into direct
dependencies for the image building rules.
Fix the test for PRODUCT_SUPPORTS_VERITY, it needs to check for
the current project as the global is no longer set.
Change-Id: I811501834ae5ec658229bd505fcc48275ff578c9
