Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build / 169289c04451559b09adac671a28aeb2ec9f9bc3
commit169289c04451559b09adac671a28aeb2ec9f9bc3[log] [tgz]
authorBowgo Tsai <bowgotsai@google.com>Wed Jan 22 18:27:52 2025 +0800
committerBowgo Tsai <bowgotsai@google.com>Tue Feb 04 18:43:09 2025 -0800
tree7d9f31662999e00c459431bab5dcb71cd28ab593
parentf2e683abac628d16907cf679c6dfd9152b93b01f [diff]
Fix (pvmfw.img) Embed correct public key for Microdroid verification

The previous commit (I551e14fa6a0c63e3cef334b953f670cf9c465e10)
incorrectly embedded the APEX public key ('apex_pubkey') into
pvmfw.img. This key is used to verify `apex_payload.img`
within `com.android.virt.apex`, not the Microdroid image.

This commit embeds the correct public key, which verifies
`microdroid_vbmeta.img` inside `apex_payload.img`.

Bug: 384813199
Test: m sign_target_files_apks
Test: sign_target_files_apks --allow_gsi_debug_sepolicy \
        --extra_apex_payload_key com.android.virt.apex= \
        -e com.android.virt.apex= \
        gsi_arm64-target_files-${build_id}.zip signed.zip
Test: unzip signed.zip IMAGES/pvmfw.img
Test: avbtool extract_public_key --key external/avb/test/data/testkey_rsa4096.pem --out key.pub
Test: grep -U -F -f key.pub IMAGES/pvmfw.img => grep: IMAGES/pvmfw.img: binary file matches
Change-Id: Ic8ae72898b8ab6067402b26eef9ed1b876a778f7
Merged-In: Ic8ae72898b8ab6067402b26eef9ed1b876a778f7
1 file changed
tree: 7d9f31662999e00c459431bab5dcb71cd28ab593
  1. ci/
  2. common/
  3. core/
  4. packaging/
  5. target/
  6. teams/
  7. tests/
  8. tools/
  9. .gitignore
  10. Android.bp
  11. banchanHelp.sh
  12. buildspec.mk.default
  13. Changes.md
  14. CleanSpec.mk
  15. cogsetup.sh
  16. Deprecation.md
  17. envsetup.sh
  18. help.sh
  19. navbar.md
  20. OWNERS
  21. PREUPLOAD.cfg
  22. rbesetup.sh
  23. README.md
  24. shell_utils.sh
  25. tapasHelp.sh
  26. Usage.txt
README.md

Android Make Build System

This is the Makefile-based portion of the Android Build System.

For documentation on how to run a build, see Usage.txt

For a list of behavioral changes useful for Android.mk writers see Changes.md

For an outdated reference on Android.mk files, see build-system.html. Our Android.mk files look similar, but are entirely different from the Android.mk files used by the NDK build system. When searching for documentation elsewhere, ensure that it is for the platform build system -- most are not.

This Makefile-based system is in the process of being replaced with Soong, a new build system written in Go. During the transition, all of these makefiles are read by Kati, and generate a ninja file instead of being executed directly. That's combined with a ninja file read by Soong so that the build graph of the two systems can be combined and run as one.