Loading target/product/security/Android.mk +0 −27 Original line number Original line Diff line number Diff line Loading @@ -80,30 +80,3 @@ $(LOCAL_BUILT_MODULE): \ $(extra_recovery_keys) $(extra_recovery_keys) $(SOONG_ZIP) -o $@ -j \ $(SOONG_ZIP) -o $@ -j \ $(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file)) $(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file)) ####################################### # update_engine_payload_key, used by update_engine. We use the same key as otacerts but in RSA # public key format. include $(CLEAR_VARS) LOCAL_MODULE := update_engine_payload_key LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_STEM := update-payload-key.pub.pem LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/update_engine include $(BUILD_SYSTEM)/base_rules.mk $(LOCAL_BUILT_MODULE): $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem openssl x509 -pubkey -noout -in $< > $@ ####################################### # update_engine_payload_key for recovery image, used by update_engine. include $(CLEAR_VARS) LOCAL_MODULE := update_engine_payload_key.recovery LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_STEM := update-payload-key.pub.pem LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/etc/update_engine include $(BUILD_SYSTEM)/base_rules.mk $(LOCAL_BUILT_MODULE): $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem openssl x509 -pubkey -noout -in $< > $@ tools/releasetools/sign_target_files_apks.py +2 −21 Original line number Original line Diff line number Diff line Loading @@ -557,14 +557,13 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, OPTIONS.rebuild_recovery = True OPTIONS.rebuild_recovery = True # Don't copy OTA certs if we're replacing them. # Don't copy OTA certs if we're replacing them. # Replacement of update-payload-key.pub.pem was removed in b/116660991. elif ( elif ( OPTIONS.replace_ota_keys and OPTIONS.replace_ota_keys and filename in ( filename in ( "BOOT/RAMDISK/system/etc/security/otacerts.zip", "BOOT/RAMDISK/system/etc/security/otacerts.zip", "BOOT/RAMDISK/system/etc/update_engine/update-payload-key.pub.pem", "RECOVERY/RAMDISK/system/etc/security/otacerts.zip", "RECOVERY/RAMDISK/system/etc/security/otacerts.zip", "SYSTEM/etc/security/otacerts.zip", "SYSTEM/etc/security/otacerts.zip")): "SYSTEM/etc/update_engine/update-payload-key.pub.pem")): pass pass # Skip META/misc_info.txt since we will write back the new values later. # Skip META/misc_info.txt since we will write back the new values later. Loading Loading @@ -832,24 +831,6 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info): # We DO NOT include the extra_recovery_keys (if any) here. # We DO NOT include the extra_recovery_keys (if any) here. WriteOtacerts(output_tf_zip, "SYSTEM/etc/security/otacerts.zip", mapped_keys) WriteOtacerts(output_tf_zip, "SYSTEM/etc/security/otacerts.zip", mapped_keys) # For A/B devices, update the payload verification key. if misc_info.get("ab_update") == "true": # Unlike otacerts.zip that may contain multiple keys, we can only specify # ONE payload verification key. if len(mapped_keys) > 1: print("\n WARNING: Found more than one OTA keys; Using the first one" " as payload verification key.\n\n") print("Using %s for payload verification." % (mapped_keys[0],)) pubkey = common.ExtractPublicKey(mapped_keys[0]) common.ZipWriteStr( output_tf_zip, "SYSTEM/etc/update_engine/update-payload-key.pub.pem", pubkey) common.ZipWriteStr( output_tf_zip, "BOOT/RAMDISK/system/etc/update_engine/update-payload-key.pub.pem", pubkey) def ReplaceVerityPublicKey(output_zip, filename, key_path): def ReplaceVerityPublicKey(output_zip, filename, key_path): Loading Loading
target/product/security/Android.mk +0 −27 Original line number Original line Diff line number Diff line Loading @@ -80,30 +80,3 @@ $(LOCAL_BUILT_MODULE): \ $(extra_recovery_keys) $(extra_recovery_keys) $(SOONG_ZIP) -o $@ -j \ $(SOONG_ZIP) -o $@ -j \ $(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file)) $(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file)) ####################################### # update_engine_payload_key, used by update_engine. We use the same key as otacerts but in RSA # public key format. include $(CLEAR_VARS) LOCAL_MODULE := update_engine_payload_key LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_STEM := update-payload-key.pub.pem LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/update_engine include $(BUILD_SYSTEM)/base_rules.mk $(LOCAL_BUILT_MODULE): $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem openssl x509 -pubkey -noout -in $< > $@ ####################################### # update_engine_payload_key for recovery image, used by update_engine. include $(CLEAR_VARS) LOCAL_MODULE := update_engine_payload_key.recovery LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_STEM := update-payload-key.pub.pem LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/etc/update_engine include $(BUILD_SYSTEM)/base_rules.mk $(LOCAL_BUILT_MODULE): $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem openssl x509 -pubkey -noout -in $< > $@
tools/releasetools/sign_target_files_apks.py +2 −21 Original line number Original line Diff line number Diff line Loading @@ -557,14 +557,13 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, OPTIONS.rebuild_recovery = True OPTIONS.rebuild_recovery = True # Don't copy OTA certs if we're replacing them. # Don't copy OTA certs if we're replacing them. # Replacement of update-payload-key.pub.pem was removed in b/116660991. elif ( elif ( OPTIONS.replace_ota_keys and OPTIONS.replace_ota_keys and filename in ( filename in ( "BOOT/RAMDISK/system/etc/security/otacerts.zip", "BOOT/RAMDISK/system/etc/security/otacerts.zip", "BOOT/RAMDISK/system/etc/update_engine/update-payload-key.pub.pem", "RECOVERY/RAMDISK/system/etc/security/otacerts.zip", "RECOVERY/RAMDISK/system/etc/security/otacerts.zip", "SYSTEM/etc/security/otacerts.zip", "SYSTEM/etc/security/otacerts.zip")): "SYSTEM/etc/update_engine/update-payload-key.pub.pem")): pass pass # Skip META/misc_info.txt since we will write back the new values later. # Skip META/misc_info.txt since we will write back the new values later. Loading Loading @@ -832,24 +831,6 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info): # We DO NOT include the extra_recovery_keys (if any) here. # We DO NOT include the extra_recovery_keys (if any) here. WriteOtacerts(output_tf_zip, "SYSTEM/etc/security/otacerts.zip", mapped_keys) WriteOtacerts(output_tf_zip, "SYSTEM/etc/security/otacerts.zip", mapped_keys) # For A/B devices, update the payload verification key. if misc_info.get("ab_update") == "true": # Unlike otacerts.zip that may contain multiple keys, we can only specify # ONE payload verification key. if len(mapped_keys) > 1: print("\n WARNING: Found more than one OTA keys; Using the first one" " as payload verification key.\n\n") print("Using %s for payload verification." % (mapped_keys[0],)) pubkey = common.ExtractPublicKey(mapped_keys[0]) common.ZipWriteStr( output_tf_zip, "SYSTEM/etc/update_engine/update-payload-key.pub.pem", pubkey) common.ZipWriteStr( output_tf_zip, "BOOT/RAMDISK/system/etc/update_engine/update-payload-key.pub.pem", pubkey) def ReplaceVerityPublicKey(output_zip, filename, key_path): def ReplaceVerityPublicKey(output_zip, filename, key_path): Loading
