From f03c601509bec9331de6829531d61e927e42f736 Mon Sep 17 00:00:00 2001 From: dianlujitao Date: Thu, 28 Mar 2019 14:33:56 +0800 Subject: msm8996-common: Enable OEM unlock and bootable image signing * Given the fact that the bootloader allows bootable images with arbitrary signatures to boot, one can relock the bootloader after installing a signed custom recovery. After that, custom ROMs can be installed from recovery as usual, as long as the boot.img's are signed. * This is NOT a security vulnerability because unlocked bootloader is still prerequisite to access fastboot boot/flash, in contrast it's a feature suggested by Google. * To make it feasible with Lineage, sign the img with AOSP verity key which is publicly available. * This doesn't mean using custom ROMs with locked bootloader is suggested. Change-Id: I178e9588e1dde96400dcb2178a027597d05949bd --- msm8996.mk | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/msm8996.mk b/msm8996.mk index ac4ea94..155e58b 100755 --- a/msm8996.mk +++ b/msm8996.mk @@ -284,6 +284,10 @@ PRODUCT_PACKAGES += \ libandroid_net \ netutils-wrapper-1.0 +# OEM Unlock reporting +PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \ + ro.oem_unlock_supported=1 + # OMX PRODUCT_PACKAGES += \ libextmedia_jni \ @@ -365,6 +369,11 @@ PRODUCT_PACKAGES += \ PRODUCT_PACKAGES += \ android.hardware.usb@1.0-service +# Verity +PRODUCT_SYSTEM_VERITY_PARTITION=/dev/block/bootdevice/by-name/system +PRODUCT_VENDOR_VERITY_PARTITION=/dev/block/bootdevice/by-name/factory +$(call inherit-product, build/target/product/verity.mk) + # VNDK PRODUCT_PACKAGES += \ vndk_package -- cgit v1.2.3