From b3e8ce6d1d936cddb6eb4a5052de8ed7ba85d68e Mon Sep 17 00:00:00 2001 From: Alex Deymo Date: Thu, 4 Aug 2016 16:06:12 -0700 Subject: [PATCH] Replace OTA sideload verification key when signing A/B devices. The update-payload-key is used by update_engine_sideload from recovery to verify an update payload. Bug: 27178350 Change-Id: I7a0a307ae565e5e9cbf2c9b58fbcc055e87771ce --- tools/releasetools/sign_target_files_apks.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py index b11225c18..3ab4a2c1d 100755 --- a/tools/releasetools/sign_target_files_apks.py +++ b/tools/releasetools/sign_target_files_apks.py @@ -255,6 +255,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, elif (OPTIONS.replace_ota_keys and info.filename in ( "BOOT/RAMDISK/res/keys", + "BOOT/RAMDISK/etc/update_engine/update-payload-key.pub.pem", "RECOVERY/RAMDISK/res/keys", "SYSTEM/etc/security/otacerts.zip", "SYSTEM/etc/update_engine/update-payload-key.pub.pem")): @@ -510,6 +511,10 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info): output_tf_zip, "SYSTEM/etc/update_engine/update-payload-key.pub.pem", pubkey) + common.ZipWriteStr( + output_tf_zip, + "BOOT/RAMDISK/etc/update_engine/update-payload-key.pub.pem", + pubkey) return new_recovery_keys