Merge "Fix GKI 2.0 signing in the release process" am: 328a537e37 am: bde804c8cf am: daab4cb7c6

Original change: https://android-review.googlesource.com/c/platform/build/+/1699576 Change-Id: I939155566577ae36fd7626a080b2187919458222
2021-05-11 14:08:19 +00:00 · 2021-05-11 14:08:19 +00:00 · 4ea660a62d
parent 095b57327d daab4cb7c6
commit 4ea660a62d
2 changed files with 8 additions and 4 deletions
--- a/target/board/BoardConfigGsiCommon.mk
+++ b/target/board/BoardConfigGsiCommon.mk
@ -30,6 +30,14 @@ BOARD_PRODUCTIMAGE_FILE_SYSTEM_TYPE :=
 # the devices with metadata parition
 BOARD_USES_METADATA_PARTITION := true

+# Enable GKI 2.0 signing.
+BOARD_GKI_SIGNING_KEY_PATH := build/make/target/product/gsi/testkey_rsa2048.pem
+BOARD_GKI_SIGNING_ALGORITHM := SHA256_RSA2048
+# The following is needed to allow release signing process appends more extra
+# args, e.g., passing --signing_helper_with_files from mkbootimg to avbtool.
+# See b/178559811 for more details.
+BOARD_GKI_SIGNING_SIGNATURE_ARGS := --prop foo:bar
+
 # Android Verified Boot (AVB):
 #   Set the rollback index to zero, to prevent the device bootloader from
 #   updating the last seen rollback index in the tamper-evident storage.
--- a/target/board/generic_arm64/BoardConfig.mk
+++ b/target/board/generic_arm64/BoardConfig.mk
@ -77,10 +77,6 @@ BOARD_RAMDISK_USE_LZ4 := true
 BOARD_BOOT_HEADER_VERSION := 4
 BOARD_MKBOOTIMG_ARGS += --header_version $(BOARD_BOOT_HEADER_VERSION)

-# Enable GKI 2.0 signing.
-BOARD_GKI_SIGNING_KEY_PATH := build/make/target/product/gsi/testkey_rsa2048.pem
-BOARD_GKI_SIGNING_ALGORITHM := SHA256_RSA2048
-
 BOARD_KERNEL_BINARIES := \
    kernel-4.19-gz \
    kernel-5.4 kernel-5.4-gz kernel-5.4-lz4 \