sm6250-common: Build disabled VBMeta image

Partitions that use vbmeta_system can be found by looking at avb flag in fstab from boot ramdisk. --flags 2 makes the verification function of avb always return a positive result. --set_hashtree_disabled_flag builds the vbmeta images with the HASHTREE_DISABLED bit set and as a result they don't need to manually disable dm-verity via e.g. 'adb disable-verity'. The rest of the configuration is taken from https://source.android.com/devices/tech/ota/dynamic_partitions/implement#avb-configuration-changes Change-Id: I381feef8f6fefc8449ca50d85d704b67bcc8a77e
2018-06-27 21:14:43 -04:00 · 2018-06-27 21:14:43 -04:00 · 453a236973
commit 453a236973
parent ed08feb3fe
1 changed files with 10 additions and 0 deletions
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@ -113,3 +113,13 @@ BOARD_USES_QCOM_HARDWARE := true

 # Security patch level
 VENDOR_SECURITY_PATCH := 2020-02-01
+
+# Verified Boot
+BOARD_AVB_ENABLE := true
+BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --set_hashtree_disabled_flag
+BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 2
+BOARD_AVB_VBMETA_SYSTEM := system product
+BOARD_AVB_VBMETA_SYSTEM_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
+BOARD_AVB_VBMETA_SYSTEM_ALGORITHM := SHA256_RSA2048
+BOARD_AVB_VBMETA_SYSTEM_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
+BOARD_AVB_VBMETA_SYSTEM_ROLLBACK_INDEX_LOCATION := 1