| commit | 055128bf10597389e1400418d3b4c96f96741678 | [log] [tgz] |
|---|---|---|
| author | Tianjie <xunchang@google.com> | Thu Dec 10 17:16:41 2020 -0800 |
| committer | Tianjie Xu <xunchang@google.com> | Fri Dec 11 01:26:12 2020 +0000 |
| tree | 1c1af7d8e5fcf98e2cde3feaec04e76fdfbe8e2d | |
| parent | 33571ac8dd96b1b467bf00ecf88e72e4cb3625dd [diff] |
Use sha256 to build the hashtree in avb image The hashtree is used in verified boot, and sha256 is more robust against malicious attacks. Also, sha256 uses the same space as sha1 in the hashtree. And there isn't much performance regression per https://b.corp.google.com/issues/156162446#comment18 By putting the config in BoardConfigMainlineCommon.mk, we enable sha256 on all Pixels. And devices who want to use a different hash algorithm can override it in it's own board configs. Bug: 156162446 Test: boot the device and check performance Change-Id: I9f1d3bcf241bc65adf10376cc5ae7ab1986216fa
This is the Makefile-based portion of the Android Build System.
For documentation on how to run a build, see Usage.txt
For a list of behavioral changes useful for Android.mk writers see Changes.md
For an outdated reference on Android.mk files, see build-system.html. Our Android.mk files look similar, but are entirely different from the Android.mk files used by the NDK build system. When searching for documentation elsewhere, ensure that it is for the platform build system -- most are not.
This Makefile-based system is in the process of being replaced with Soong, a new build system written in Go. During the transition, all of these makefiles are read by Kati, and generate a ninja file instead of being executed directly. That's combined with a ninja file read by Soong so that the build graph of the two systems can be combined and run as one.