06353ef218
This certificate will be used to enforce a clean break between "old" CTS UICCs and new ones. The new UICCs will have hardware support for new calculations that the old ones aren't capable of. Old certificate: ./testkey.x509.pem SHA-1: 61:ED:37:7E:85:D3:86:A8:DF:EE:6B:86:4B:D8:5B:0B:FA:A5:AF:81 SHA-256: A4:0D:A8:0A:59:D1:70:CA:A9:50:CF:15:C1:8C:45:4D:47:A3:9B:26:98:9D:8B:64:0E:CD:74:5B:A7:1B:F5:DC New certificate: ./cts_uicc_2021.x509.pem SHA-1: 06:97:71:39:21:E8:65:D0:1C:45:C4:A8:8D:45:7A:9D:96:F4:39:27 SHA-256: CE:7B:2B:47:AE:2B:75:52:C8:F9:2C:C2:91:24:27:98:83:04:1F:B6:23:A5:F1:94:A8:2C:9B:F1:5D:49:2A:A0 We won't yet submit the change to switch the signature of CtsCarrierApiTestCases, as that will introduce downstream presubmit and postsubmit failures until the new hardware is available for device labs. Bug: 178419755 Test: temporarily switch CtsCarrierApiTestCases to be signed with cts-uicc-2021-testkey, ensure: - Suite fails on a device with the old CTS SIM due to lack of carrier privileges - Suite passes with updated cuttlefish modem simulator ARF content Change-Id: I7598426bd3e4db90a8f0d8d80ea03468fb30f876 |
||
---|---|---|
.. | ||
Android.bp | ||
Android.mk | ||
cts_uicc_2021.pk8 | ||
cts_uicc_2021.x509.pem | ||
fsverity-release.x509.der | ||
media.pk8 | ||
media.x509.pem | ||
networkstack.pk8 | ||
networkstack.x509.pem | ||
platform.pk8 | ||
platform.x509.pem | ||
README | ||
shared.pk8 | ||
shared.x509.pem | ||
testkey.pk8 | ||
testkey.x509.pem | ||
verity.pk8 | ||
verity.x509.pem | ||
verity_key |
For detailed information on key types and image signing, please see: https://source.android.com/devices/tech/ota/sign_builds.html The test keys in this directory are used in development only and should NEVER be used to sign packages in publicly released images (as that would open a major security hole). key generation -------------- The following commands were used to generate the test key pairs: development/tools/make_key testkey '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com' development/tools/make_key platform '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com' development/tools/make_key shared '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com' development/tools/make_key media '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com' development/tools/make_key cts_uicc_2021 '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com' signing using the openssl commandline (for boot/system images) -------------------------------------------------------------- 1. convert pk8 format key to pem format % openssl pkcs8 -inform DER -nocrypt -in testkey.pk8 -out testkey.pem 2. create a signature using the pem format key % openssl dgst -binary -sha1 -sign testkey.pem FILE > FILE.sig extracting public keys for embedding ------------------------------------ dumpkey.jar is a Java tool that takes an x.509 certificate in PEM format as input and prints a C structure to standard output: $ java -jar out/host/linux-x86/framework/dumpkey.jar build/make/target/product/security/testkey.x509.pem {64,0xc926ad21,{1795090719,2141396315,950055447,2581568430,4268923165,1920809988,546586521,3498997798,1776797858,3740060814,1805317999,1429410244,129622599,1422441418,1783893377,1222374759,2563319927,323993566,28517732,609753416,1826472888,215237850,4261642700,4049082591,3228462402,774857746,154822455,2497198897,2758199418,3019015328,2794777644,87251430,2534927978,120774784,571297800,3695899472,2479925187,3811625450,3401832990,2394869647,3267246207,950095497,555058928,414729973,1136544882,3044590084,465547824,4058146728,2731796054,1689838846,3890756939,1048029507,895090649,247140249,178744550,3547885223,3165179243,109881576,3944604415,1044303212,3772373029,2985150306,3737520932,3599964420},{3437017481,3784475129,2800224972,3086222688,251333580,2131931323,512774938,325948880,2657486437,2102694287,3820568226,792812816,1026422502,2053275343,2800889200,3113586810,165549746,4273519969,4065247892,1902789247,772932719,3941848426,3652744109,216871947,3164400649,1942378755,3996765851,1055777370,964047799,629391717,2232744317,3910558992,191868569,2758883837,3682816752,2997714732,2702529250,3570700455,3776873832,3924067546,3555689545,2758825434,1323144535,61311905,1997411085,376844204,213777604,4077323584,9135381,1625809335,2804742137,2952293945,1117190829,4237312782,1825108855,3013147971,1111251351,2568837572,1684324211,2520978805,367251975,810756730,2353784344,1175080310}} This is called by build/make/core/Makefile to incorporate the OTA signing keys into the recovery image.