Separate boot and recovery image signing from dm-verity Allow dm-verity to be enabled without boot and recovery images being signed. This makes it possible to enable only dm-verity to detect corruption without confusing bootloaders that do not understand signed images. Bug: 19985143 Change-Id: Ie52c6ff595faa7a5c1f1bc1b37f6899c4d0c7001

commit: 8b3f08bc7b9870c8c43c7c5bb39f343eaa25d6aa [log] [tgz]
author: Sami Tolvanen <samitolvanen@google.com> Tue Apr 07 15:08:59 2015 +0100
committer: Sami Tolvanen <samitolvanen@google.com> Wed Apr 08 12:30:16 2015 +0100
tree: 4e6af4fea07a1b3abbebb84c965a22be385d159f
parent: 4605be6c9ec9296addc0f0b034ae79db6c14f10e [diff]
diff --git a/core/Makefile b/core/Makefile
index 3485c86..4d803a5 100644
--- a/core/Makefile
+++ b/core/Makefile

@@ -488,7 +488,7 @@
 
 ifeq ($(TARGET_BOOTIMAGE_USE_EXT2),true)
 $(error TARGET_BOOTIMAGE_USE_EXT2 is not supported anymore)
-else ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY)) # TARGET_BOOTIMAGE_USE_EXT2 != true
+else ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_BOOT_SIGNER)) # TARGET_BOOTIMAGE_USE_EXT2 != true
 
 $(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(INTERNAL_BOOTIMAGE_FILES) $(BOOT_SIGNER)
 	$(call pretty,"Target boot image: $@")
@@ -503,7 +503,7 @@
 	$(BOOT_SIGNER) /boot $(INSTALLED_BOOTIMAGE_TARGET) $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY).pk8 $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY).x509.pem $(INSTALLED_BOOTIMAGE_TARGET)
 	$(hide) $(call assert-max-image-size,$(INSTALLED_BOOTIMAGE_TARGET),$(BOARD_BOOTIMAGE_PARTITION_SIZE))
 
-else ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT)) # PRODUCT_SUPPORTS_VERITY != true
+else ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT)) # PRODUCT_SUPPORTS_BOOT_SIGNER != true
 
 $(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(INTERNAL_BOOTIMAGE_FILES) $(VBOOT_SIGNER)
 	$(call pretty,"Target boot image: $@")
@@ -727,6 +727,7 @@
 $(if $(BOARD_OEMIMAGE_JOURNAL_SIZE),$(hide) echo "oem_journal_size=$(BOARD_OEMIMAGE_JOURNAL_SIZE)" >> $(1))
 $(if $(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG),$(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(1))
 $(hide) echo "selinux_fc=$(SELINUX_FC)" >> $(1)
+$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_BOOT_SIGNER),$(hide) echo "boot_signer=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_BOOT_SIGNER)" >> $(1))
 $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY)" >> $(1))
 $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_key=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY)" >> $(1))
 $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_signer_cmd=$(VERITY_SIGNER)" >> $(1))
@@ -869,7 +870,7 @@
   $(if $(filter true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT)), \
     $(hide) $(MKBOOTIMG) $(INTERNAL_RECOVERYIMAGE_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $(1).unsigned, \
     $(hide) $(MKBOOTIMG) $(INTERNAL_RECOVERYIMAGE_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $(1))
-  $(if $(filter true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY)),\
+  $(if $(filter true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_BOOT_SIGNER)),\
     $(BOOT_SIGNER) /recovery $(1) $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY).pk8 $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY).x509.pem $(1))
   $(if $(filter true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT)), \
     $(VBOOT_SIGNER) $(FUTILITY) $(1).unsigned $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VBOOT_SIGNING_KEY).vbpubk $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VBOOT_SIGNING_KEY).vbprivk $(1).keyblock $(1))

diff --git a/core/product.mk b/core/product.mk
index 77e053f..b7e1aa9 100644
--- a/core/product.mk
+++ b/core/product.mk

@@ -97,6 +97,7 @@
     PRODUCT_RESTRICT_VENDOR_FILES \
     PRODUCT_VENDOR_KERNEL_HEADERS \
     PRODUCT_BOOT_JARS \
+    PRODUCT_SUPPORTS_BOOT_SIGNER \
     PRODUCT_SUPPORTS_VBOOT \
     PRODUCT_SUPPORTS_VERITY \
     PRODUCT_OEM_PROPERTIES \

diff --git a/target/product/verity.mk b/target/product/verity.mk
index 0361b64..3e00b49 100644
--- a/target/product/verity.mk
+++ b/target/product/verity.mk

@@ -16,6 +16,7 @@
 
 # Provides dependencies necessary for verified boot
 
+PRODUCT_SUPPORTS_BOOT_SIGNER := true
 PRODUCT_SUPPORTS_VERITY := true
 
 # The dev key is used to sign boot and recovery images, and the verity

diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 59e81c1..04fe5b0 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py

@@ -362,7 +362,8 @@
   assert p.returncode == 0, "mkbootimg of %s image failed" % (
       os.path.basename(sourcedir),)
 
-  if info_dict.get("verity_key", None):
+  if (info_dict.get("boot_signer", None) == "true" and
+      info_dict.get("verity_key", None)):
     path = "/" + os.path.basename(sourcedir).lower()
     cmd = [OPTIONS.boot_signer_path, path, img.name,
            info_dict["verity_key"] + ".pk8",
commit	8b3f08bc7b9870c8c43c7c5bb39f343eaa25d6aa	[log] [tgz]
author	Sami Tolvanen <samitolvanen@google.com>	Tue Apr 07 15:08:59 2015 +0100
committer	Sami Tolvanen <samitolvanen@google.com>	Wed Apr 08 12:30:16 2015 +0100
tree	4e6af4fea07a1b3abbebb84c965a22be385d159f
parent	4605be6c9ec9296addc0f0b034ae79db6c14f10e [diff]