Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support latest GKI certificates parsing #89

Open
cfig opened this issue May 30, 2022 · 2 comments
Open

support latest GKI certificates parsing #89

cfig opened this issue May 30, 2022 · 2 comments

Comments

@cfig
Copy link
Owner

cfig commented May 30, 2022

No description provided.

@cfig
Copy link
Owner Author

cfig commented Jun 1, 2022

GKI certificate generation:

	rm -fr gki_arm64 && mkdir gki_arm64
	out/host/linux-x86/bin/mkbootimg --kernel out/target/product/gki_arm64/kernel-5.10 --header_version 4 --output gki_arm64/boot-5.10.img
	@# generate boot-5.10.img.boot_signature
	out/host/linux-x86/bin/generate_gki_certificate \
		--key build/make/target/product/gsi/testkey_rsa2048.pem \
		--algorithm SHA256_RSA2048 \
		--avbtool out/host/linux-x86/bin/avbtool \
		--additional_avb_args "--prop com.android.build.boot.os_version:12 --prop com.android.build.boot.fingerprint:$(cat out/target/product/gki_arm64/build_fingerprint.txt) --prop com.android.build.boot.security_patch:2022-05-05 --rollback_index 1651708800" \
		--name boot \
		--output gki_arm64/boot-5.10.img.boot_signature \
		gki_arm64/boot-5.10.img
	@#generate kernel-5.10.boot_signature
	out/host/linux-x86/bin/generate_gki_certificate \
		--key build/make/target/product/gsi/testkey_rsa2048.pem \
		--algorithm SHA256_RSA2048 \
		--avbtool out/host/linux-x86/bin/avbtool \
		--additional_avb_args "--prop com.android.build.boot.os_version:12 --prop com.android.build.boot.fingerprint:$(cat out/target/product/gki_arm64/build_fingerprint.txt) --prop com.android.build.boot.security_patch:2022-05-05 --rollback_index 1651708800" \
		--name generic_kernel \
		--output gki_arm64/kernel-5.10.boot_signature \
		out/target/product/gki_arm64/kernel-5.10
	@#append bootSig
	cat gki_arm64/kernel-5.10.boot_signature >> gki_arm64/boot-5.10.img.boot_signature
	# 16 << 10
	truncate -s 16384 gki_arm64/boot-5.10.img.boot_signature
	cat gki_arm64/boot-5.10.img.boot_signature >> gki_arm64/boot-5.10.img
	out/host/linux-x86/bin/avbtool add_hash_footer --image gki_arm64/boot-5.10.img --partition_size 67108864 --partition_name boot --algorithm SHA256_RSA4096 --key external/avb/test/data/testkey_rsa4096.pem --prop com.android.build.boot.os_version:12 --prop com.android.build.boot.fingerprint:$(cat out/target/product/gki_arm64/build_fingerprint.txt) --prop com.android.build.boot.security_patch:2022-05-05 --rollback_index 1651708800

@cfig
Copy link
Owner Author

cfig commented Jun 2, 2022

GKI 1.0: header: typical 4KB boot signature.
GKI 2.0: header: boot signature size is 0, but it will have 16KB boot signature implicitly.

@cfig cfig changed the title support latest GKI certificates support latest GKI certificates parsing Jun 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cfig