os icon indicating copy to clipboard operation
os copied to clipboard
verified publisher icon hashbang

Optional PCKS#11 for signing with Yubikey/Trezor etc.

Open lrvick opened this issue 7 years ago • 2 comments

lrvick avatar Dec 17 '18 08:12 lrvick

Will need to adapt image signing tools to use a scheme like the following: https://developers.yubico.com/PIV/Guides/Android_code_signing.html

lrvick avatar Dec 17 '18 10:12 lrvick

I looked into this briefly, and wrote down my findings at https://gitlab.com/calyxos/calyxos/wikis/Offline-signing

TL;DR:

  • Some AOSP scripts will need slight modifications
  • Need a signapk which supports keys stored on dedicated hardware
  • Need to write an external program that's called by avbtool to sign things using keys stored on dedicated hardware.

chirayudesai avatar Sep 02 '19 14:09 chirayudesai