From e68d922118ba89a3760c4a15f80fdbaf71a3584b Mon Sep 17 00:00:00 2001
From: Seungjae Yoo <seungjaeyoo@google.com>
Date: Mon, 4 Dec 2023 13:08:24 +0900
Subject: [PATCH] Append pubkey of microdroid-vendor into avb prop of
 vendor_boot

For protected VM in AVF, the public key of microdroid-vendor partition
should be passed via trustable way. However, pvmfw config data is
constructed from ABL. AVB property is needed to pass the public key from
the source code into ABL, determined in the build time.

Bug: 285854379
Test: avbtool info_image --image $ANDROID_PRODUCT_OUT/vendor_boot.img
Change-Id: I024d1d835cccb27feef1164aca30712dbb8a70da
---
 core/Makefile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/core/Makefile b/core/Makefile
index 845f7c8202..68e968eabe 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -4600,6 +4600,12 @@ BOARD_AVB_PVMFW_ADD_HASH_FOOTER_ARGS += \
     --prop com.android.build.pvmfw.security_patch:$(PVMFW_SECURITY_PATCH)
 endif
 
+# Append avbpubkey of microdroid-vendor partition into vendor_boot partition.
+ifdef MICRODROID_VENDOR_AVBKEY
+BOARD_AVB_VENDOR_BOOT_ADD_HASH_FOOTER_ARGS += \
+    --prop_from_file com.android.build.microdroid-vendor.avbpubkey:$(MICRODROID_VENDOR_AVBKEY)
+endif
+
 BOOT_FOOTER_ARGS := BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS
 INIT_BOOT_FOOTER_ARGS := BOARD_AVB_INIT_BOOT_ADD_HASH_FOOTER_ARGS
 VENDOR_BOOT_FOOTER_ARGS := BOARD_AVB_VENDOR_BOOT_ADD_HASH_FOOTER_ARGS