Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 9d28638c authored by Bowgo Tsai's avatar Bowgo Tsai
Browse files

Enable AVB signing on GSI 

In current GSI builds, AVB signing is not allowed.
We should allow signing GSI image, while building a vbmeta.img with
AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED (flag 2).

When need to disable AVB, use the vbmeta.img above together with the
GSI. When need enable AVB on GSI, include the GSI public key into the
device-specific vbmeta.img. Note that GSI is a chain partition so the
keys used to sign GSI and vbmeta.img are different.

Bug: 112293933
Test: build aosp_arm64-userdebug, checks flag 2 is set in vbmeta.img
      and there is AVB HASHTREE in system.img
      `avbtool info_image --image $OUT/system.img`
      `avbtool info_image --image $OUT/vbmeta.img`

Change-Id: If1eff317621882994e7dcbf37cd35f5bfa16b69a
parent 99ed1b4f
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment