diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2019-03-14 03:05:48 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-03-14 03:05:48 +0000 |
commit | 61b7929b46a59ed155512c960f94be014926fd3b (patch) | |
tree | 368eddfb97da956667b873e2da8d43e397a7d520 | |
parent | 26a04a7131be8dbc21314793ab31f487ec4d2faf (diff) | |
parent | 119251268c594d115a1eff31b3ec32108b88b593 (diff) | |
download | avb-android10-security-release.tar.gz |
Snap for 5374457 from 119251268c594d115a1eff31b3ec32108b88b593 to qt-releaseandroid-vts-10.0_r9android-vts-10.0_r8android-vts-10.0_r7android-vts-10.0_r6android-vts-10.0_r5android-vts-10.0_r4android-vts-10.0_r3android-vts-10.0_r2android-vts-10.0_r16android-vts-10.0_r15android-vts-10.0_r14android-vts-10.0_r13android-vts-10.0_r12android-vts-10.0_r11android-vts-10.0_r10android-vts-10.0_r1android-security-10.0.0_r75android-security-10.0.0_r74android-security-10.0.0_r73android-security-10.0.0_r72android-security-10.0.0_r71android-security-10.0.0_r70android-security-10.0.0_r69android-security-10.0.0_r68android-security-10.0.0_r67android-security-10.0.0_r66android-security-10.0.0_r65android-security-10.0.0_r64android-security-10.0.0_r63android-security-10.0.0_r62android-security-10.0.0_r61android-security-10.0.0_r60android-security-10.0.0_r59android-security-10.0.0_r58android-security-10.0.0_r57android-security-10.0.0_r56android-security-10.0.0_r55android-security-10.0.0_r54android-security-10.0.0_r53android-security-10.0.0_r52android-security-10.0.0_r51android-security-10.0.0_r50android-security-10.0.0_r49android-security-10.0.0_r48android-mainline-10.0.0_r3android-mainline-10.0.0_r2android-mainline-10.0.0_r1android-cts-10.0_r9android-cts-10.0_r8android-cts-10.0_r7android-cts-10.0_r6android-cts-10.0_r5android-cts-10.0_r4android-cts-10.0_r3android-cts-10.0_r2android-cts-10.0_r16android-cts-10.0_r15android-cts-10.0_r14android-cts-10.0_r13android-cts-10.0_r12android-cts-10.0_r11android-cts-10.0_r10android-cts-10.0_r1android-10.0.0_r6android-10.0.0_r5android-10.0.0_r47android-10.0.0_r46android-10.0.0_r4android-10.0.0_r3android-10.0.0_r2android-10.0.0_r17android-10.0.0_r11android-10.0.0_r10android-10.0.0_r1android10-tests-releaseandroid10-security-releaseandroid10-s3-releaseandroid10-s2-releaseandroid10-s1-releaseandroid10-releaseandroid10-mainline-releaseandroid10-mainline-a-release
Change-Id: If57110f11eedd7142b5626b5ff8fe1f8979a2ad3
-rw-r--r-- | README.md | 18 |
1 files changed, 9 insertions, 9 deletions
@@ -591,25 +591,25 @@ the [Device Specific Notes](#Device-Specific-Notes) section for details. Devices can be configured to create additional `vbmeta` partitions as [chained partitions](#The-VBMeta-struct) in order to update a subset of partitions without changing the top-level `vbmeta` partition. For example, -the following variables create `vbmeta_mainline.img` as a chained `vbmeta` +the following variables create `vbmeta_system.img` as a chained `vbmeta` image that contains the hash-tree descriptors for `system.img` and -`product_services.img`. `vbmeta_mainline.img` itself will be signed by the +`product_services.img`. `vbmeta_system.img` itself will be signed by the specified key and algorithm. - BOARD_AVB_VBMETA_MAINLINE := system product_services - BOARD_AVB_VBMETA_MAINLINE_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem - BOARD_AVB_VBMETA_MAINLINE_ALGORITHM := SHA256_RSA2048 - BOARD_AVB_VBMETA_MAINLINE_ROLLBACK_INDEX_LOCATION := 1 + BOARD_AVB_VBMETA_SYSTEM := system product_services + BOARD_AVB_VBMETA_SYSTEM_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem + BOARD_AVB_VBMETA_SYSTEM_ALGORITHM := SHA256_RSA2048 + BOARD_AVB_VBMETA_SYSTEM_ROLLBACK_INDEX_LOCATION := 1 Note that the hash-tree descriptors for `system.img` and -`product_services.img` will be included only in `vbmeta_mainline.img`, but +`product_services.img` will be included only in `vbmeta_system.img`, but not `vbmeta.img`. With the above setup, partitions `system.img`, -`product_services.img` and `vbmeta_mainline.img` can be updated +`product_services.img` and `vbmeta_system.img` can be updated independently - but as a group - of the rest of the partitions, *or* as part of the traditional updates that update all the partitions. Currently build system supports building chained `vbmeta` images of -`vbmeta_mainline.img` (`BOARD_AVB_VBMETA_MAINLINE`) and `vbmeta_vendor.img` +`vbmeta_system.img` (`BOARD_AVB_VBMETA_SYSTEM`) and `vbmeta_vendor.img` (`BOARD_AVB_VBMETA_VENDOR`). To prevent rollback attacks, the rollback index should be increased on |