evolution-x-aosp / evolution_security Goto Github PK

This repository belongs to vendor/evolution/build/target/product/security

After cloning to the specific path, please run generate-keys.sh

Please note, that mka evolution may not work properly if you have this repository cloned.

Please refer to this AOSP documentation on how to assign custom AVB keys

Please check out the followings BOARD_AVB_ENABLE, BOARD_AVB_ALGORITHM, BOARD_AVB_KEY_PATH, BOARD_AVB_RECOVERY_KEY_PATH and BOARD_AVB_RECOVERY_ALGORITHM for device with vbmeta_system BOARD_AVB_VBMETA_SYSTEM_KEY_PATH, and BOARD_AVB_VBMETA_SYSTEM_ALGORITHM

After putting it together, it should look like this

BOARD_AVB_ENABLE := true
BOARD_AVB_KEY_PATH := $(PROD_CERTS)/evolution_rsa4096.pem
BOARD_AVB_ALGORITHM := SHA256_RSA4096
BOARD_AVB_RECOVERY_KEY_PATH := $(PROD_CERTS)/evolution_rsa2048.pem
BOARD_AVB_RECOVERY_ALGORITHM := SHA256_RSA2048
# For devices with VBMETA_SYSTEM
BOARD_AVB_VBMETA_SYSTEM_KEY_PATH := $(PROD_CERTS)/evolution_rsa2048.pem
BOARD_AVB_VBMETA_SYSTEM_ALGORITHM := SHA256_RSA2048

Please refer to AOSP documentation on AVB implementation for your device.

Please make sure your current AVB configuration does not conflict with what you are trying to achieve

Please note that a clean flash is required when build signing keys get changed.

Please save your private keys to use in future builds, otherwise you would have to generate new keys, which would require further clean flashes.

To build a production build, run mka evolution-prod

If your device does not boot, please look out for any proprietary applications that may be using a presigned key instead of a platform key.

PRESIGNED -> platform as shown here Applications signed by Google can be kept as presigned.