diff options
author | Konstantin Vyshetsky <vkon@google.com> | 2021-10-07 14:27:38 -0700 |
---|---|---|
committer | TreeHugger Robot <treehugger-gerrit@google.com> | 2021-11-11 05:04:50 +0000 |
commit | 067512ec32b105fb41b8a8878b17082d53203fd6 (patch) | |
tree | 78086ed381c7f2fff5cdd517d805682d54f41153 /BoardConfig-common.mk | |
parent | 11475b1588120ac8c36af302d7bb2ada8f4c6df6 (diff) | |
download | gs201-067512ec32b105fb41b8a8878b17082d53203fd6.tar.gz |
Generate a separate fstab file for FIPS mode
Add a file "fstab.gs201-fips" alongside the existing "fstab.gs201" in
order to specify different encryption settings in FIPS mode.
"androidboot.fstab_suffix=gs201-fips" on the kernel command line will be
used to select the FIPS fstab when needed.
As the two fstabs should be otherwise identical, generate them from a
template file so that they will stay in sync.
Note that generating the fstabs requires that they be installed as build
system modules rather than via PRODUCT_COPY_FILES, which results in the
vendor_ramdisk copy of the fstabs being installed to system/etc rather
than /. This shouldn't cause any problem, now that Android has been
updated to look for the fstab in this location too.
(cherry-pick from device/google/gs101)
Test: Boot to home screen with/without fips mode
Bug: 202417706
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: I8fdc1c9a91399816fa2d4c53f282d63e988ce7d5
Diffstat (limited to 'BoardConfig-common.mk')
-rw-r--r-- | BoardConfig-common.mk | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/BoardConfig-common.mk b/BoardConfig-common.mk index def9de0..fd82475 100644 --- a/BoardConfig-common.mk +++ b/BoardConfig-common.mk @@ -54,7 +54,17 @@ BOARD_USES_GENERIC_KERNEL_IMAGE := true BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT := true BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT := true TARGET_RECOVERY_WIPE := device/google/gs201/conf/recovery.wipe -TARGET_RECOVERY_FSTAB := device/google/gs201/conf/fstab.gs201 + +# This is the fstab file that will be included in the recovery image. Note that +# recovery doesn't care about the encryption settings, so it doesn't matter +# whether we use the normal or the fips fstab here. +# +# Since this is a generated file, it's necessary to use intermediates-dir-for in +# order to refer to it correctly. And since intermediates-dir-for isn't defined +# yet when this file is included, it's necessary to use a deferred variable +# assignment ( = ) rather than an immediate variable assignment ( := ). +TARGET_RECOVERY_FSTAB = $(call intermediates-dir-for,ETC,fstab.gs201)/fstab.gs201 + TARGET_RECOVERY_PIXEL_FORMAT := ABGR_8888 TARGET_RECOVERY_UI_MARGIN_HEIGHT := 165 TARGET_RECOVERY_UI_LIB := \ |