Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e63c937b authored May 08, 2018 by Isaac Chen

Build disabled vbmeta.img for aosp_$arch

System images of aosp_$arch are used as GSIs in P, and traditional GSI
users often need a special vbmeta image to disable verity (if AVB is
employed) befrre they flash the GSI.

"BOARD_BUILD_DISABLED_VBMETAIMAGE := true" builds such vbmeta.img

Bug: 79393905
Test: # For arch in arm, arm64, x86, x86_64, do
    $ lunch aosp_$arch; m -j # found vbmeta.img under $OUT

Change-Id: I113006385991a2daab60d3c55dc03f23f1b383b8

parent 053a04f6

target/board/generic/BoardConfig.mk

+10 −0

Original line number	Diff line number	Diff line
		@@ -59,6 +59,16 @@ DEVICE_MATRIX_FILE := device/generic/goldfish/compatibility_matrix.xml
		BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
		BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true

		# Android Verified Boot (AVB):
		# Builds a special vbmeta.img that disables AVB verification.
		# Otherwise, AVB will prevent the device from booting the generic system.img.
		# Also checks that BOARD_AVB_ENABLE is not set, to prevent adding verity
		# metadata into system.img.
		ifeq ($(BOARD_AVB_ENABLE),true)
		$(error BOARD_AVB_ENABLE cannot be set for GSI)
		endif
		BOARD_BUILD_DISABLED_VBMETAIMAGE := true

		ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
		# GSI is always userdebug and needs a couple of properties taking precedence
		# over those set by the vendor.

target/board/generic_arm64/BoardConfig.mk

+10 −0

Original line number	Diff line number	Diff line
		@@ -88,6 +88,16 @@ DEVICE_MATRIX_FILE := device/generic/goldfish/compatibility_matrix.xml
		BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
		BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy

		# Android Verified Boot (AVB):
		# Builds a special vbmeta.img that disables AVB verification.
		# Otherwise, AVB will prevent the device from booting the generic system.img.
		# Also checks that BOARD_AVB_ENABLE is not set, to prevent adding verity
		# metadata into system.img.
		ifeq ($(BOARD_AVB_ENABLE),true)
		$(error BOARD_AVB_ENABLE cannot be set for GSI)
		endif
		BOARD_BUILD_DISABLED_VBMETAIMAGE := true

		ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
		# GSI is always userdebug and needs a couple of properties taking precedence
		# over those set by the vendor.

target/board/generic_x86/BoardConfig.mk

+10 −0

Original line number	Diff line number	Diff line
		@@ -62,6 +62,16 @@ BOARD_SEPOLICY_DIRS += \
		build/target/board/generic/sepolicy \
		build/target/board/generic_x86/sepolicy

		# Android Verified Boot (AVB):
		# Builds a special vbmeta.img that disables AVB verification.
		# Otherwise, AVB will prevent the device from booting the generic system.img.
		# Also checks that BOARD_AVB_ENABLE is not set, to prevent adding verity
		# metadata into system.img.
		ifeq ($(BOARD_AVB_ENABLE),true)
		$(error BOARD_AVB_ENABLE cannot be set for GSI)
		endif
		BOARD_BUILD_DISABLED_VBMETAIMAGE := true

		ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
		# GSI is always userdebug and needs a couple of properties taking precedence
		# over those set by the vendor.

target/board/generic_x86_64/BoardConfig.mk

+10 −0

Original line number	Diff line number	Diff line
		@@ -60,6 +60,16 @@ BOARD_SEPOLICY_DIRS += \
		build/target/board/generic/sepolicy \
		build/target/board/generic_x86/sepolicy

		# Android Verified Boot (AVB):
		# Builds a special vbmeta.img that disables AVB verification.
		# Otherwise, AVB will prevent the device from booting the generic system.img.
		# Also checks that BOARD_AVB_ENABLE is not set, to prevent adding verity
		# metadata into system.img.
		ifeq ($(BOARD_AVB_ENABLE),true)
		$(error BOARD_AVB_ENABLE cannot be set for GSI)
		endif
		BOARD_BUILD_DISABLED_VBMETAIMAGE := true

		ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
		# GSI is always userdebug and needs a couple of properties taking precedence
		# over those set by the vendor.