From c1a8f1a5d7e8bc772ac5694be655a83c3c2d494a Mon Sep 17 00:00:00 2001 From: Bowgo Tsai Date: Tue, 19 Feb 2019 10:30:50 +0800 Subject: [PATCH] GSI vbmeta.img: set rollback_index to zero The major purpose of vbmeta.img built on GSI targets (e.g., aosp_arm, aosp_arm64, etc) is to disable AVB. We should also set the rollback index to zero, to prevent the device bootloader from updating the last seen rollback index in the tamper-evident storage. Bug: 122583908 Test: build aosp_arm64, then `avbtool info_image --image $OUT/vbmeta.img` Change-Id: I48a49957f8dd3169003b9507fe80e519f301d5b5 --- target/board/BoardConfigGsiCommon.mk | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/target/board/BoardConfigGsiCommon.mk b/target/board/BoardConfigGsiCommon.mk index 88bc7daa3..68d29c8af 100644 --- a/target/board/BoardConfigGsiCommon.mk +++ b/target/board/BoardConfigGsiCommon.mk @@ -34,11 +34,14 @@ BOARD_USES_METADATA_PARTITION := true # Android Verified Boot (AVB): # Set AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED (--flags 2) in -# vbmeta.img to disable AVB verification. +# vbmeta.img to disable AVB verification. Also set the rollback index +# to zero, to prevent the device bootloader from updating the last seen +# rollback index in the tamper-evident storage. # # To disable AVB for GSI, use the vbmeta.img and the GSI together. # To enable AVB for GSI, include the GSI public key into the device-specific # vbmeta.img. +BOARD_AVB_ROLLBACK_INDEX := 0 BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 2 # Enable chain partition for system.