8b3f08bc7b
Allow dm-verity to be enabled without boot and recovery images being signed. This makes it possible to enable only dm-verity to detect corruption without confusing bootloaders that do not understand signed images. Bug: 19985143 Change-Id: Ie52c6ff595faa7a5c1f1bc1b37f6899c4d0c7001
28 lines
1 KiB
Makefile
28 lines
1 KiB
Makefile
#
|
|
# Copyright (C) 2014 The Android Open Source Project
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
# Provides dependencies necessary for verified boot
|
|
|
|
PRODUCT_SUPPORTS_BOOT_SIGNER := true
|
|
PRODUCT_SUPPORTS_VERITY := true
|
|
|
|
# The dev key is used to sign boot and recovery images, and the verity
|
|
# metadata table. Actual product deliverables will be re-signed by hand.
|
|
# We expect this file to exist with the suffixes ".x509.pem" and ".pk8".
|
|
PRODUCT_VERITY_SIGNING_KEY := build/target/product/security/verity
|
|
|
|
PRODUCT_PACKAGES += \
|
|
verity_key
|