StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Separate boot and recovery image signing from dm-verity

Browse Source 
Allow dm-verity to be enabled without boot and recovery images being
signed. This makes it possible to enable only dm-verity to detect
corruption without confusing bootloaders that do not understand signed
images.

Bug: 19985143
Change-Id: Ie52c6ff595faa7a5c1f1bc1b37f6899c4d0c7001
This commit is contained in:
Sami Tolvanen
2015-04-07 15:08:59 +01:00
parent 4605be6c9e
commit 8b3f08bc7b
4 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tools/releasetools/common.py
View File

@@ -362,7 +362,8 @@ def BuildBootableImage(sourcedir, fs_config_file, info_dict=None):
assert p.returncode == 0, "mkbootimg of %s image failed" % (
os.path.basename(sourcedir),)
if info_dict.get("verity_key", None):
if (info_dict.get("boot_signer", None) == "true" and
info_dict.get("verity_key", None)):
path = "/" + os.path.basename(sourcedir).lower()
cmd = [OPTIONS.boot_signer_path, path, img.name,
info_dict["verity_key"] + ".pk8",