Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c1a8f1a5 authored by Bowgo Tsai's avatar Bowgo Tsai
Browse files

GSI vbmeta.img: set rollback_index to zero 

The major purpose of vbmeta.img built on GSI targets (e.g., aosp_arm,
aosp_arm64, etc) is to disable AVB. We should also set the rollback
index to zero, to prevent the device bootloader from updating the
last seen rollback index in the tamper-evident storage.

Bug: 122583908
Test: build aosp_arm64, then `avbtool info_image --image $OUT/vbmeta.img`
Change-Id: I48a49957f8dd3169003b9507fe80e519f301d5b5
parent 6867fd7d

target/board/BoardConfigGsiCommon.mk

+4 −1
Original line number Diff line number Diff line
@@ -34,11 +34,14 @@ BOARD_USES_METADATA_PARTITION := true 


# Android Verified Boot (AVB):

#   Set AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED (--flags 2) in

#   vbmeta.img to disable AVB verification.

#   vbmeta.img to disable AVB verification. Also set the rollback index

#   to zero, to prevent the device bootloader from updating the last seen

#   rollback index in the tamper-evident storage.

#

# To disable AVB for GSI, use the vbmeta.img and the GSI together.

# To enable AVB for GSI, include the GSI public key into the device-specific

# vbmeta.img.

BOARD_AVB_ROLLBACK_INDEX := 0

BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 2



# Enable chain partition for system.