Remove apex_debug_key, in favor of apex.test.key which is under
/system/apex and is built with soong.
Bug: 118213152
Test: /system/etc/security/apex/testkey exists
Change-Id: Iaa0facea2d26cadd48783778e8915bc3c560de10
These keys will be used to sign and verify APEX modules on
eng/userdebug devices. The keys may still change, but are
added now to unblock apexd development.
The keys were generated as follows:
$ openssl genrsa -out apex_debug_key.pem 4096
$ avbtool extract_public_key --key apex_debug_key.pem --output apex_debug_key
We'll probably need PRODUCT_APEX_KEYS at some point, but we'll wait
with that until we have build support.
Bug: 112684055
Test: /system/etc/security/apex/apex_debug_key found on-device
Change-Id: I5f4b1cb1eb11be6431146aa4297b50205fbc382e
This easily allow products to add custom adb keys for debuggable builds.
To use, provide a public key created by `adb keygen` to
PRODUCT_ADB_KEYS.
This way automated test farms don't need manual intervention to
authenticate to the device over adb, but we don't disable security for
everyone else.
Add an inherit-product-if-exists hook to aosp_* targets so that our
build servers can add a key for our test farms.
Bug: 32891559
Test: lunch aosp_marlin-userdebug; m bootimage
Test: lunch aosp_marlin-user; m bootimage
Change-Id: I1720644d89ec5289fbe99f95ebcdfbb3f3b20e67
Add a pointer to the online signing document and delete some redundant
information. Update the "embedding" section and add more background info
on what it is used for. Eliminate references to $BUILD_SECURE which no
longer exists.
Change-Id: I6d971849cc21697de9cf4fd891423f331f083830
Signed-off-by: Kevin Cernekee <cernekee@google.com>
Change boot, recovery, and verity metadata signing keys to use the
same PKCS8 / X.509 PEM format as the other signing keys, and update
build scripts to use correct arguments for the updated signing
tools.
Bug: 15984840
Bug: 18120110
Change-Id: I23ed5a004ecdad6cf7696487935ad5031eb8adf8
(cherry picked from commit 72d90eb189)