os_version is important for keymaster version binding, where it
refuses to perform operations with a key that is bound to an old
system version. This ensures that an attacker who discovers a
weakness in an old version of system or TEE software cannot roll a
device back to the vulnerable version and use keys created with the
newer version.
Previously, os_version for system.img is added into boot.img header
for bootloader to read the value then pass to TEE before booting the
HLOS. However, with project Treble to modularize each partition, all
images are now in the trajectory to be built independently (still
on-going). Also, in the Generic System Image (GSI) compliance test,
the os_version in OEM's boot.img cannot reflect the actual version of
GSI.
This CL adds per-partition os_versions into AVB metadata, which is
readable by bootloader via libavb without file system dependency. It's
still unclear for how os_version in non-system partition should be used.
We just add them for completeness here.
See more details in:
https://source.android.com/security/keystore/version-binding
Bug: 132233601
Test: build and avbtool info_image $OUT/vbmeta.img
- Prop: com.android.build.boot.os_version -> '10'
- Prop: com.android.build.system.os_version -> '10'
- Prop: com.android.build.system.security_patch -> '2019-06-05'
- Prop: com.android.build.vendor.os_version -> '10'
- Prop: com.android.build.vendor.security_patch -> '2019-06-05'
- Prop: com.android.build.product.os_version -> '10'
- Prop: com.android.build.product.security_patch -> '2019-06-05'
Change-Id: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
Merged-In: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
(cherry picked from commit 9b54801b58)
This reverts commit 842119ab3a.
Reason for revert: Rolling forward for Q-Finalization
Bug: 129975435
Bug: 129943426
Test: Build
Change-Id: I651e3ec68a765d3867be5341751cd536ccbe604a
(cherry picked from commit bed3e5262e)
Should be in product_config.mk, before the variables are readonly'd, or
the default will fail to work.
(cherry picked from commit 269dd013a5)
Bug: 131576555
Test: set PRODUCT_SHIPPING_API_LEVEL := 29 in mainline_arm64.mk && lunch
Change-Id: I25faee7ec0a3fff17e1d08b834d868834effda36
Merged-In: I25faee7ec0a3fff17e1d08b834d868834effda36
This reverts commit 842119ab3a.
Reason for revert: Rolling forward for Q-Finalization
Bug: 129975435
Bug: 129943426
Test: Build
Change-Id: I651e3ec68a765d3867be5341751cd536ccbe604a
Bug: 132197773
Test: property present in vendor/build.prop
Currently, the property resides in product partition which gets
overwritten by the GSI image. Moving it to vendor will ensure
that the property is set even when a GSI image is flashed on the device.
Change-Id: I4d4a3c473194e15ba124a121f89bbb3ec1a73d19
Merged-In: I4d4a3c473194e15ba124a121f89bbb3ec1a73d19
TARGET_FLATTEN_APEX and ro.apex.updatable cannot be independently set.
For a device where updating APEXes is not supported, ro.apex.updatable
should not be set (or set to false) and TARGET_FLATTEN_APEX should be
set to true. For APEX-supporting devices, it is the opposite;
ro.apex.updatable == true and TARGET_FLATTEN_APEX is false (or not set).
To ensure this relationship, TARGET_FLATTEN_APEX is by default set to
true, and overridden to false when updatable_apex.mk is inherited.
Bug: 130623080
Test: choosecombo to Pixels 2 and later; get_build_var
TARGET_FLATTEN_APEX returns false.
choosecombo to the original Pixel and other non-Pixel targets;
get_build_var TARGET_FLATTEN_APEX returns true.
choosecombo to the cuttlefish; get_build_var TARGET_FLATTEN_APEX
returns false
Change-Id: Id73a594dd9838457e68e2793122592c11a84fc83
