diff options
| author | dianlujitao <dianlujitao@lineageos.org> | 2019-03-28 14:33:56 +0800 |
|---|---|---|
| committer | Davide Garberi <dade.garberi@gmail.com> | 2019-05-02 15:37:47 +0200 |
| commit | f03c601509bec9331de6829531d61e927e42f736 (patch) | |
| tree | 197476dd64cc49caa9747eb484ab14dd7856d1d0 | |
| parent | 79062bdb9f4714577409c8dd4badf8f97b722e4c (diff) | |
msm8996-common: Enable OEM unlock and bootable image signing
* Given the fact that the bootloader allows bootable images with
arbitrary signatures to boot, one can relock the bootloader after
installing a signed custom recovery. After that, custom ROMs can be
installed from recovery as usual, as long as the boot.img's are
signed.
* This is NOT a security vulnerability because unlocked bootloader is
still prerequisite to access fastboot boot/flash, in contrast it's a
feature suggested by Google.
* To make it feasible with Lineage, sign the img with AOSP verity key
which is publicly available.
* This doesn't mean using custom ROMs with locked bootloader is
suggested.
Change-Id: I178e9588e1dde96400dcb2178a027597d05949bd
| -rwxr-xr-x | msm8996.mk | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -284,6 +284,10 @@ PRODUCT_PACKAGES += \ libandroid_net \ netutils-wrapper-1.0 +# OEM Unlock reporting +PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \ + ro.oem_unlock_supported=1 + # OMX PRODUCT_PACKAGES += \ libextmedia_jni \ @@ -365,6 +369,11 @@ PRODUCT_PACKAGES += \ PRODUCT_PACKAGES += \ android.hardware.usb@1.0-service +# Verity +PRODUCT_SYSTEM_VERITY_PARTITION=/dev/block/bootdevice/by-name/system +PRODUCT_VENDOR_VERITY_PARTITION=/dev/block/bootdevice/by-name/factory +$(call inherit-product, build/target/product/verity.mk) + # VNDK PRODUCT_PACKAGES += \ vndk_package |