Android_boot_image_editor icon indicating copy to clipboard operation
Android_boot_image_editor copied to clipboard

Published 20 hours ago verified publisher icon cfig

support latest GKI certificates parsing

Open cfig opened this issue 3 years ago • 2 comments

cfig avatar May 30 '22 11:05 cfig

GKI certificate generation:

	rm -fr gki_arm64 && mkdir gki_arm64
	out/host/linux-x86/bin/mkbootimg --kernel out/target/product/gki_arm64/kernel-5.10 --header_version 4 --output gki_arm64/boot-5.10.img
	@# generate boot-5.10.img.boot_signature
	out/host/linux-x86/bin/generate_gki_certificate \
		--key build/make/target/product/gsi/testkey_rsa2048.pem \
		--algorithm SHA256_RSA2048 \
		--avbtool out/host/linux-x86/bin/avbtool \
		--additional_avb_args "--prop com.android.build.boot.os_version:12 --prop com.android.build.boot.fingerprint:$(cat out/target/product/gki_arm64/build_fingerprint.txt) --prop com.android.build.boot.security_patch:2022-05-05 --rollback_index 1651708800" \
		--name boot \
		--output gki_arm64/boot-5.10.img.boot_signature \
		gki_arm64/boot-5.10.img
	@#generate kernel-5.10.boot_signature
	out/host/linux-x86/bin/generate_gki_certificate \
		--key build/make/target/product/gsi/testkey_rsa2048.pem \
		--algorithm SHA256_RSA2048 \
		--avbtool out/host/linux-x86/bin/avbtool \
		--additional_avb_args "--prop com.android.build.boot.os_version:12 --prop com.android.build.boot.fingerprint:$(cat out/target/product/gki_arm64/build_fingerprint.txt) --prop com.android.build.boot.security_patch:2022-05-05 --rollback_index 1651708800" \
		--name generic_kernel \
		--output gki_arm64/kernel-5.10.boot_signature \
		out/target/product/gki_arm64/kernel-5.10
	@#append bootSig
	cat gki_arm64/kernel-5.10.boot_signature >> gki_arm64/boot-5.10.img.boot_signature
	# 16 << 10
	truncate -s 16384 gki_arm64/boot-5.10.img.boot_signature
	cat gki_arm64/boot-5.10.img.boot_signature >> gki_arm64/boot-5.10.img
	out/host/linux-x86/bin/avbtool add_hash_footer --image gki_arm64/boot-5.10.img --partition_size 67108864 --partition_name boot --algorithm SHA256_RSA4096 --key external/avb/test/data/testkey_rsa4096.pem --prop com.android.build.boot.os_version:12 --prop com.android.build.boot.fingerprint:$(cat out/target/product/gki_arm64/build_fingerprint.txt) --prop com.android.build.boot.security_patch:2022-05-05 --rollback_index 1651708800

cfig avatar Jun 01 '22 08:06 cfig

GKI 1.0: header: typical 4KB boot signature. GKI 2.0: header: boot signature size is 0, but it will have 16KB boot signature implicitly.

cfig avatar Jun 02 '22 03:06 cfig