Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build / fc15d50d6d07317f75c1b996f419afc37bf958d4^2..fc15d50d6d07317f75c1b996f419afc37bf958d4 / .
commitfc15d50d6d07317f75c1b996f419afc37bf958d4[log] [tgz]
authorTianjie Xu <xunchang@google.com>Tue May 11 19:19:09 2021 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Tue May 11 19:19:09 2021 +0000
treea5b60558dc1f9eed4b5a799ae43250a02d1e8155
parent328a537e3710be6d8bea9588381901e3fce300eb [diff]
parentfdda51d2ae9e2d9aa96bb9f8f1f6439479910e1d [diff]
Merge "Calculate the runtime ro.build.id in ota scripts"
diff --git a/target/board/BoardConfigGsiCommon.mk b/target/board/BoardConfigGsiCommon.mk
index c577870..95ba1d0 100644
--- a/target/board/BoardConfigGsiCommon.mk
+++ b/target/board/BoardConfigGsiCommon.mk

@@ -30,6 +30,14 @@
 # the devices with metadata parition
 BOARD_USES_METADATA_PARTITION := true
 
+# Enable GKI 2.0 signing.
+BOARD_GKI_SIGNING_KEY_PATH := build/make/target/product/gsi/testkey_rsa2048.pem
+BOARD_GKI_SIGNING_ALGORITHM := SHA256_RSA2048
+# The following is needed to allow release signing process appends more extra
+# args, e.g., passing --signing_helper_with_files from mkbootimg to avbtool.
+# See b/178559811 for more details.
+BOARD_GKI_SIGNING_SIGNATURE_ARGS := --prop foo:bar
+
 # Android Verified Boot (AVB):
 #   Set the rollback index to zero, to prevent the device bootloader from
 #   updating the last seen rollback index in the tamper-evident storage.

diff --git a/target/board/generic_arm64/BoardConfig.mk b/target/board/generic_arm64/BoardConfig.mk
index 1229327..423faf9 100644
--- a/target/board/generic_arm64/BoardConfig.mk
+++ b/target/board/generic_arm64/BoardConfig.mk

@@ -77,10 +77,6 @@
 BOARD_BOOT_HEADER_VERSION := 4
 BOARD_MKBOOTIMG_ARGS += --header_version $(BOARD_BOOT_HEADER_VERSION)
 
-# Enable GKI 2.0 signing.
-BOARD_GKI_SIGNING_KEY_PATH := build/make/target/product/gsi/testkey_rsa2048.pem
-BOARD_GKI_SIGNING_ALGORITHM := SHA256_RSA2048
-
 BOARD_KERNEL_BINARIES := \
     kernel-4.19-gz \
     kernel-5.4 kernel-5.4-gz kernel-5.4-lz4 \

diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index f0110ea..dd2de36 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py

@@ -1033,9 +1033,8 @@
 
   extra_args = OPTIONS.gki_signing_extra_args
   if extra_args:
-    print('Setting extra GKI signing args: "%s"' % (extra_args))
-    misc_info["gki_signing_signature_args"] = (
-        misc_info.get("gki_signing_signature_args", '') + ' ' + extra_args)
+    print('Setting GKI signing args: "%s"' % (extra_args))
+    misc_info["gki_signing_signature_args"] = extra_args
 
 
 def BuildKeyMap(misc_info, key_mapping_options):

diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py
index 64e27a2..ad9e657 100644
--- a/tools/releasetools/test_sign_target_files_apks.py
+++ b/tools/releasetools/test_sign_target_files_apks.py

@@ -602,7 +602,7 @@
     expected_dict = {
         'gki_signing_key_path': 'release_gki_key',
         'gki_signing_algorithm': 'release_gki_algorithm',
-        'gki_signing_signature_args': 'default_gki_signature_args release_gki_signature_extra_args',
+        'gki_signing_signature_args': 'release_gki_signature_extra_args',
     }
     ReplaceGkiSigningKey(misc_info)
     self.assertDictEqual(expected_dict, misc_info)