1LOCAL_PATH:= $(call my-dir) 2 3####################################### 4# verity_key (installed to /, i.e. part of system.img) 5include $(CLEAR_VARS) 6 7LOCAL_MODULE := verity_key 8LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 9LOCAL_LICENSE_CONDITIONS := notice 10LOCAL_NOTICE_FILE := build/soong/licenses/LICENSE 11LOCAL_SRC_FILES := $(LOCAL_MODULE) 12LOCAL_MODULE_CLASS := ETC 13LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 14 15# For devices using a separate ramdisk, we need a copy there to establish the chain of trust. 16ifneq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true) 17LOCAL_REQUIRED_MODULES := verity_key_ramdisk 18endif 19 20include $(BUILD_PREBUILT) 21 22####################################### 23# verity_key (installed to ramdisk) 24# 25# Enabling the target when using system-as-root would cause build failure, as TARGET_RAMDISK_OUT 26# points to the same location as TARGET_ROOT_OUT. 27ifneq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true) 28 include $(CLEAR_VARS) 29 LOCAL_MODULE := verity_key_ramdisk 30 LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 31 LOCAL_LICENSE_CONDITIONS := notice 32 LOCAL_NOTICE_FILE := build/soong/licenses/LICENSE 33 LOCAL_MODULE_CLASS := ETC 34 LOCAL_SRC_FILES := verity_key 35 LOCAL_MODULE_STEM := verity_key 36 LOCAL_MODULE_PATH := $(TARGET_RAMDISK_OUT) 37 include $(BUILD_PREBUILT) 38endif 39 40####################################### 41# adb key, if configured via PRODUCT_ADB_KEYS 42ifdef PRODUCT_ADB_KEYS 43 ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),) 44 include $(CLEAR_VARS) 45 LOCAL_MODULE := adb_keys 46 LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 47 LOCAL_LICENSE_CONDITIONS := notice 48 LOCAL_NOTICE_FILE := build/soong/licenses/LICENSE 49 LOCAL_MODULE_CLASS := ETC 50 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 51 LOCAL_PREBUILT_MODULE_FILE := $(PRODUCT_ADB_KEYS) 52 include $(BUILD_PREBUILT) 53 endif 54endif 55 56 57####################################### 58# otacerts: A keystore with the authorized keys in it, which is used to verify the authenticity of 59# downloaded OTA packages. 60include $(CLEAR_VARS) 61 62LOCAL_MODULE := otacerts 63LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 64LOCAL_LICENSE_CONDITIONS := notice 65LOCAL_NOTICE_FILE := build/soong/licenses/LICENSE 66LOCAL_MODULE_CLASS := ETC 67LOCAL_MODULE_STEM := otacerts.zip 68LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/security 69include $(BUILD_SYSTEM)/base_rules.mk 70 71extra_ota_keys := $(addsuffix .x509.pem,$(PRODUCT_EXTRA_OTA_KEYS)) 72 73$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem 74$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_OTA_KEYS := $(extra_ota_keys) 75$(LOCAL_BUILT_MODULE): \ 76 $(SOONG_ZIP) \ 77 $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem \ 78 $(extra_ota_keys) 79 $(SOONG_ZIP) -o $@ -j -symlinks=false \ 80 $(addprefix -f ,$(PRIVATE_CERT) $(PRIVATE_EXTRA_OTA_KEYS)) 81 82 83####################################### 84# otacerts for recovery image. 85include $(CLEAR_VARS) 86 87LOCAL_MODULE := otacerts.recovery 88LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 89LOCAL_LICENSE_CONDITIONS := notice 90LOCAL_NOTICE_FILE := build/soong/licenses/LICENSE 91LOCAL_MODULE_CLASS := ETC 92LOCAL_MODULE_STEM := otacerts.zip 93LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/etc/security 94include $(BUILD_SYSTEM)/base_rules.mk 95 96extra_recovery_keys := $(addsuffix .x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS)) 97 98$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem 99$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_RECOVERY_KEYS := $(extra_recovery_keys) 100$(LOCAL_BUILT_MODULE): \ 101 $(SOONG_ZIP) \ 102 $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem \ 103 $(extra_recovery_keys) 104 $(SOONG_ZIP) -o $@ -j -symlinks=false \ 105 $(addprefix -f ,$(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS)) 106