1LOCAL_PATH:= $(call my-dir) 2 3####################################### 4# verity_key (installed to /, i.e. part of system.img) 5include $(CLEAR_VARS) 6 7LOCAL_MODULE := verity_key 8LOCAL_LICENSE_KINDS := legacy_restricted 9LOCAL_LICENSE_CONDITIONS := restricted 10LOCAL_SRC_FILES := $(LOCAL_MODULE) 11LOCAL_MODULE_CLASS := ETC 12LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 13 14# For devices using a separate ramdisk, we need a copy there to establish the chain of trust. 15ifneq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true) 16LOCAL_REQUIRED_MODULES := verity_key_ramdisk 17endif 18 19include $(BUILD_PREBUILT) 20 21####################################### 22# verity_key (installed to ramdisk) 23# 24# Enabling the target when using system-as-root would cause build failure, as TARGET_RAMDISK_OUT 25# points to the same location as TARGET_ROOT_OUT. 26ifneq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true) 27 include $(CLEAR_VARS) 28 LOCAL_MODULE := verity_key_ramdisk 29 LOCAL_LICENSE_KINDS := legacy_restricted 30 LOCAL_LICENSE_CONDITIONS := restricted 31 LOCAL_MODULE_CLASS := ETC 32 LOCAL_SRC_FILES := verity_key 33 LOCAL_MODULE_STEM := verity_key 34 LOCAL_MODULE_PATH := $(TARGET_RAMDISK_OUT) 35 include $(BUILD_PREBUILT) 36endif 37 38####################################### 39# adb key, if configured via PRODUCT_ADB_KEYS 40ifdef PRODUCT_ADB_KEYS 41 ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),) 42 include $(CLEAR_VARS) 43 LOCAL_MODULE := adb_keys 44 LOCAL_LICENSE_KINDS := legacy_restricted 45 LOCAL_LICENSE_CONDITIONS := restricted 46 LOCAL_MODULE_CLASS := ETC 47 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 48 LOCAL_PREBUILT_MODULE_FILE := $(PRODUCT_ADB_KEYS) 49 include $(BUILD_PREBUILT) 50 endif 51endif 52 53 54####################################### 55# otacerts: A keystore with the authorized keys in it, which is used to verify the authenticity of 56# downloaded OTA packages. 57include $(CLEAR_VARS) 58 59LOCAL_MODULE := otacerts 60LOCAL_LICENSE_KINDS := legacy_restricted 61LOCAL_LICENSE_CONDITIONS := restricted 62LOCAL_MODULE_CLASS := ETC 63LOCAL_MODULE_STEM := otacerts.zip 64LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/security 65include $(BUILD_SYSTEM)/base_rules.mk 66$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem 67$(LOCAL_BUILT_MODULE): $(SOONG_ZIP) $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem 68 $(SOONG_ZIP) -o $@ -j -symlinks=false -f $(PRIVATE_CERT) 69 70 71####################################### 72# otacerts for recovery image. 73include $(CLEAR_VARS) 74 75LOCAL_MODULE := otacerts.recovery 76LOCAL_LICENSE_KINDS := legacy_restricted 77LOCAL_LICENSE_CONDITIONS := restricted 78LOCAL_MODULE_CLASS := ETC 79LOCAL_MODULE_STEM := otacerts.zip 80LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/etc/security 81include $(BUILD_SYSTEM)/base_rules.mk 82 83extra_recovery_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS)) 84 85$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem 86$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_RECOVERY_KEYS := $(extra_recovery_keys) 87$(LOCAL_BUILT_MODULE): \ 88 $(SOONG_ZIP) \ 89 $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem \ 90 $(extra_recovery_keys) 91 $(SOONG_ZIP) -o $@ -j -symlinks=false \ 92 $(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file)) 93