Add BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT
BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT controls whether GSI AVB keys are built
to vendor_boot. On devices without a dedicated recovery partition, GSI AVB
keys used to be built in boot. They are device-specific, so they should be
moved to vendor_boot.
Test: pass
Bug: 156098440
Change-Id: I0a5eaa1b39e88fcca9837c7aa3f475be47d5b0f2
diff --git a/core/board_config.mk b/core/board_config.mk
index 03d2b3e..21fca28 100644
--- a/core/board_config.mk
+++ b/core/board_config.mk
@@ -105,10 +105,13 @@
# contains a kernel or not.
# - BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT controls whether ramdisk
# recovery resources are built to vendor_boot.
+# - BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT controls whether GSI AVB keys are
+# built to vendor_boot.
_board_strip_readonly_list += \
BOARD_USES_GENERIC_KERNEL_IMAGE \
BOARD_EXCLUDE_KERNEL_FROM_RECOVERY_IMAGE \
BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT \
+ BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT \
_build_broken_var_list := \
BUILD_BROKEN_DUP_RULES \
@@ -772,6 +775,9 @@
ifeq (true,$(BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT))
$(error Should not set BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT if not building vendor_boot image)
endif
+ ifeq (true,$(BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT))
+ $(error Should not set BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT if not building vendor_boot image)
+ endif
endif
# If BOARD_USES_GENERIC_KERNEL_IMAGE is set, BOARD_USES_RECOVERY_AS_BOOT must not be set.