| Name | Date | Size | #Lines | LOC | ||
|---|---|---|---|---|---|---|
| .. | - | - | ||||
| res/ | 23-Nov-2023 | - | ||||
| src/com/android/cts/dexmetadata/ | 23-Nov-2023 | - | 676 | 489 | ||
| Android.bp | D | 23-Nov-2023 | 1.1 KiB | 36 | 33 | |
| AndroidTest.xml | D | 23-Nov-2023 | 1.7 KiB | 33 | 15 | |
| OWNERS | D | 23-Nov-2023 | 39 | 2 | 2 | |
| README.md | D | 23-Nov-2023 | 1 KiB | 31 | 23 |
README.md
1Fs-verity keys 2============== 3All AOSP compatible devices ship with the Google-managed fs-verity certificate 4(located at build/make/target/product/security/fsverity-release.x509.der). The 5public key can verify the signature prebuilt of .dm.fsv\_sig in res/. 6 7Modifying a .dm file requires to regenerate the signature with some debug key. 8To use the debug key, you can run the following commands once per boot. 9 10``` 11KEY_DIR=$ANDROID_BUILD_TOP/cts/hostsidetests/appsecurity/test-apps/ApkVerityTestApp/testdata 12 13adb root 14adb shell 'mini-keyctl padd asymmetric fsv-play .fs-verity' < $KEY_DIR/fsverity-debug.x509.der 15``` 16 17Alternatively, copy the .der file to /{system, product}/etc/security/fsverity. 18The key will be located upon reboot. 19 20How to modify the signed .dm 21============================ 22The easiet way is to re-sign and replace the signature in place. For example, 23 24``` 25m fsverity 26 27fsverity sign CtsDexMetadataSplitApp.dm CtsDexMetadataSplitApp.dm.fsv_sig \ 28 --key="$KEY_DIR/fsverity-debug-key.pem" \ 29 --cert="$KEY_DIR/fsverity-debug.x509.pem" 30``` 31