Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 480dc7c1 authored by Bowgo Tsai's avatar Bowgo Tsai
Browse files

Support signing custom_images with AVB 

Current AVB signing for custom images is enabled by either of the
following build variables:
  CUSTOM_IMAGE_AVB_HASH_ENABLE := true
  CUSTOM_IMAGE_AVB_HASHTREE_ENABLE := true

A previous change to support chain partition replaced avb_signing_args
with avb_key_path and avb_algorithm. This change updates the
corresponding change for custom_images.

To sign a custom_image as a chain partition, it needs:
  CUSTOM_IMAGE_AVB_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
  CUSTOM_IMAGE_AVB_ALGORITHM := SHA256_RSA2048
  CUSTOM_IMAGE_AVB_ROLLBACK_INDEX := 1

Note that it doesn't support include metadata of custom images into
vbmeta.img. Because custom_images is designed to build multiple files
(e.g., custom1.img, custom2.img, custom3.img, etc) and a device can only
use/mount one of them. The vbmeta.img needs to be generated per each
combination.

Bug:36701014
Test: sign custom image with AVB HASH descriptor (non-chain)
Test: sign custom image with AVB HASH descriptor as chain partition
Test: sign custom image with AVB HASHTREE descriptor (non-chain)
Test: sign custom image with AVB HASHTREE descriptor as chain partition
Change-Id: I492e2ce768e7caec22228b776b2c13a2d37a5b89
parent d6c7681d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment