AndroidBoot.mk, makefile: Add support to enable verified boot
Add makefile support to enable verified boot
Change-Id: Ic994485ff09b35af65907c6eb4e9a5ce32215def
diff --git a/AndroidBoot.mk b/AndroidBoot.mk
index c85677e..2ebb180 100644
--- a/AndroidBoot.mk
+++ b/AndroidBoot.mk
@@ -13,6 +13,20 @@
SIGNED_KERNEL := SIGNED_KERNEL=0
endif
+ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true)
+ VERIFIED_BOOT := VERIFIED_BOOT=1
+else
+ VERIFIED_BOOT := VERIFIED_BOOT=0
+endif
+
+ifeq ($(TARGET_BUILD_VARIANT),user)
+ BUILD_VARIANT := USER_BUILD_VARIANT=true
+endif
+
+ifneq ($(TARGET_BUILD_VARIANT),user)
+ DEVICE_STATUS := DEFAULT_UNLOCK=true
+endif
+
ifeq ($(TARGET_BOARD_PLATFORM),msm8660)
BOOTLOADER_PLATFORM := msm8660_surf
else
@@ -29,7 +43,7 @@
# ELF binary for ABOOT
TARGET_ABOOT_ELF := $(PRODUCT_OUT)/aboot.elf
$(TARGET_ABOOT_ELF): ABOOT_CLEAN | $(ABOOT_OUT)
- $(MAKE) -C bootable/bootloader/lk TOOLCHAIN_PREFIX=$(CROSS_COMPILE) BOOTLOADER_OUT=../../../$(ABOOT_OUT) $(BOOTLOADER_PLATFORM) $(EMMC_BOOT) $(SIGNED_KERNEL)
+ $(MAKE) -C bootable/bootloader/lk TOOLCHAIN_PREFIX=$(CROSS_COMPILE) BOOTLOADER_OUT=../../../$(ABOOT_OUT) $(BOOTLOADER_PLATFORM) $(EMMC_BOOT) $(SIGNED_KERNEL) $(VERIFIED_BOOT) $(DEVICE_STATUS)
# NAND variant output
TARGET_NAND_BOOTLOADER := $(PRODUCT_OUT)/appsboot.mbn
@@ -57,8 +71,8 @@
$(MAKE) -C bootable/bootloader/lk TOOLCHAIN_PREFIX=$(CROSS_COMPILE) BOOTLOADER_OUT=../../../$(NAND_BOOTLOADER_OUT) $(BOOTLOADER_PLATFORM) $(SIGNED_KERNEL)
# Top level for eMMC variant targets
-$(TARGET_EMMC_BOOTLOADER): emmc_appsbootldr_clean | $(EMMC_BOOTLOADER_OUT)
- $(MAKE) -C bootable/bootloader/lk TOOLCHAIN_PREFIX=$(CROSS_COMPILE) BOOTLOADER_OUT=../../../$(EMMC_BOOTLOADER_OUT) $(BOOTLOADER_PLATFORM) EMMC_BOOT=1 $(SIGNED_KERNEL)
+$(TARGET_EMMC_BOOTLOADER): emmc_appsbootldr_clean | $(EMMC_BOOTLOADER_OUT) $(INSTALLED_KEYSTOREIMAGE_TARGET)
+ $(MAKE) -C bootable/bootloader/lk TOOLCHAIN_PREFIX=$(CROSS_COMPILE) BOOTLOADER_OUT=../../../$(EMMC_BOOTLOADER_OUT) $(BOOTLOADER_PLATFORM) EMMC_BOOT=1 $(SIGNED_KERNEL) $(VERIFIED_BOOT) $(DEVICE_STATUS)
# Keep build NAND & eMMC as default for targets still using TARGET_BOOTLOADER
TARGET_BOOTLOADER := $(PRODUCT_OUT)/EMMCBOOT.MBN
diff --git a/makefile b/makefile
index 4f8f53e..6532fce 100644
--- a/makefile
+++ b/makefile
@@ -95,6 +95,14 @@
# Useful for header files that may be included by one or more source files.
SRCDEPS := $(CONFIGHEADER)
+ifeq ($(VERIFIED_BOOT),1)
+ DEFINES += VERIFIED_BOOT=1
+ DEFINES += _SIGNED_KERNEL=1
+ ifeq ($(DEFAULT_UNLOCK),true)
+ DEFINES += DEFAULT_UNLOCK=1
+ endif
+endif
+
# these need to be filled out by the project/target/platform rules.mk files
TARGET :=
PLATFORM :=
diff --git a/platform/msm_shared/rules.mk b/platform/msm_shared/rules.mk
index 42e4fcf..89859f0 100755
--- a/platform/msm_shared/rules.mk
+++ b/platform/msm_shared/rules.mk
@@ -27,6 +27,11 @@
$(LOCAL_DIR)/mmc.o
endif
+ifeq ($(VERIFIED_BOOT),1)
+OBJS += \
+ $(LOCAL_DIR)/boot_verifier.o
+endif
+
ifeq ($(PLATFORM),msm8x60)
OBJS += $(LOCAL_DIR)/mipi_dsi.o \
$(LOCAL_DIR)/i2c_qup.o \