Now the update_engine is able to read public keysfrom otacerts directly.
So the update_engine_payload_key is no longer needed.
Also remove the key replace in sign_target_files_apks.py. So we should
not use the new script to sign the old target files.
Bug: 116660991
Test: build the system image, unit tests pass
Change-Id: I9dae1f8b397f2b5efafed66a8faac1cb9087c741
The commit in d14b895665
(https://android-review.googlesource.com/c/platform/build/+/728287)
changed partition layout, to always build the root dir into system.img,
even for devices not using system-as-root (i.e. the ones with separate
boot ramdisk).
With the new layout, there will be two root dirs for non-system-as-root
targets during the boot. If such a device uses Verified Boot 1.0,
/verity_key needs to be available in both roots, to establish the chain
of trust.
- bootloader uses the baked-in key to verify boot.img; it then loads
the ramdisk from the verified boot.img
- First stage init uses /verity_key (in ramdisk) to verify and mount
system.img at /system, then chroot's to it
- Second stage init uses /verity_key (in system.img) to verify and
mount other partitions
This CL adds rules to additionally install verity_key into ramdisk for
such targets.
Bug: 139770257
Test: Set up a target to use non-system-as-root
(BOARD_BUILD_SYSTEM_ROOT_IMAGE != true). `m dist`.
Test: Check that both ROOT/verity_key and BOOT/RAMDISK/verity_key exist
in the built target_files.zip.
Test: Run validate_target_files to validate the above target_files.zip.
$ validate_target_files \
--verity_key_mincrypt /path/to/verity_key \
target_files.zip
Test: Run sign_target_files_apks to sign the above target. Re-run
validate_target_files on the signed target_files.zip.
Test: python -m unittest test_validate_target_files
Change-Id: Ibe7e771c8c376429add85851ac86055564765d3c
This allows update_engine listing the file as a required module,
regardless of the value in AB_OTA_UPDATER.
Bug: 130516531
Test: Build aosp_arm64-userdebug w/o setting AB_OTA_UPDATER. Check that
/system/etc/update_engine/update-payload-key.pub.pem is available.
Change-Id: Ied041aca750e7260402ae8dbf65ff740d0b87205
Bug: 30414428
Test: `m -j dist` with aosp_taimen-userdebug. Check
/system/etc/security/otacerts.zip available under system and
recovery images.
Change-Id: I5abeb2da441fb3e3231e094063c2383eb3807852
Merged-In: I5abeb2da441fb3e3231e094063c2383eb3807852
Remove apex_debug_key, in favor of apex.test.key which is under
/system/apex and is built with soong.
Bug: 118213152
Test: /system/etc/security/apex/testkey exists
Change-Id: Iaa0facea2d26cadd48783778e8915bc3c560de10
These keys will be used to sign and verify APEX modules on
eng/userdebug devices. The keys may still change, but are
added now to unblock apexd development.
The keys were generated as follows:
$ openssl genrsa -out apex_debug_key.pem 4096
$ avbtool extract_public_key --key apex_debug_key.pem --output apex_debug_key
We'll probably need PRODUCT_APEX_KEYS at some point, but we'll wait
with that until we have build support.
Bug: 112684055
Test: /system/etc/security/apex/apex_debug_key found on-device
Change-Id: I5f4b1cb1eb11be6431146aa4297b50205fbc382e
This easily allow products to add custom adb keys for debuggable builds.
To use, provide a public key created by `adb keygen` to
PRODUCT_ADB_KEYS.
This way automated test farms don't need manual intervention to
authenticate to the device over adb, but we don't disable security for
everyone else.
Add an inherit-product-if-exists hook to aosp_* targets so that our
build servers can add a key for our test farms.
Bug: 32891559
Test: lunch aosp_marlin-userdebug; m bootimage
Test: lunch aosp_marlin-user; m bootimage
Change-Id: I1720644d89ec5289fbe99f95ebcdfbb3f3b20e67
