Add rule to support verified boot.
Enable verified boot code in LK.
Change-Id: I07362da0018a7f55137c06d9e6e603a0911dc26a
diff --git a/AndroidBoot.mk b/AndroidBoot.mk
index e93b7b4..b27a1a0 100644
--- a/AndroidBoot.mk
+++ b/AndroidBoot.mk
@@ -17,6 +17,16 @@
BOOTLOADER_PLATFORM := $(TARGET_BOARD_PLATFORM)
endif
+ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true)
+ VERIFIED_BOOT := VERIFIED_BOOT=1
+else
+ VERIFIED_BOOT := VERIFEID_BOOT=0
+endif
+
+ifneq ($(TARGET_BUILD_VARIANT),user)
+ DEVICE_STATUS := DEFAULT_UNLOCK=true
+endif
+
ifeq ($(TARGET_BOARD_PLATFORM),msm8660)
BOOTLOADER_PLATFORM := msm8660_surf
endif
@@ -31,7 +41,7 @@
# ELF binary for ABOOT
TARGET_ABOOT_ELF := $(PRODUCT_OUT)/aboot.elf
$(TARGET_ABOOT_ELF): ABOOT_CLEAN | $(ABOOT_OUT)
- $(MAKE) -C bootable/bootloader/lk TOOLCHAIN_PREFIX=$(CROSS_COMPILE) BOOTLOADER_OUT=../../../$(ABOOT_OUT) $(BOOTLOADER_PLATFORM) $(EMMC_BOOT) $(SIGNED_KERNEL)
+ $(MAKE) -C bootable/bootloader/lk TOOLCHAIN_PREFIX=$(CROSS_COMPILE) BOOTLOADER_OUT=../../../$(ABOOT_OUT) $(BOOTLOADER_PLATFORM) $(EMMC_BOOT) $(SIGNED_KERNEL) $(VERIFIED_BOOT) $(DEVICE_STATUS)
# NAND variant output
TARGET_NAND_BOOTLOADER := $(PRODUCT_OUT)/appsboot.mbn
@@ -59,8 +69,8 @@
$(MAKE) -C bootable/bootloader/lk TOOLCHAIN_PREFIX=$(CROSS_COMPILE) BOOTLOADER_OUT=../../../$(NAND_BOOTLOADER_OUT) $(BOOTLOADER_PLATFORM) $(SIGNED_KERNEL)
# Top level for eMMC variant targets
-$(TARGET_EMMC_BOOTLOADER): emmc_appsbootldr_clean | $(EMMC_BOOTLOADER_OUT)
- $(MAKE) -C bootable/bootloader/lk TOOLCHAIN_PREFIX=$(CROSS_COMPILE) BOOTLOADER_OUT=../../../$(EMMC_BOOTLOADER_OUT) $(BOOTLOADER_PLATFORM) EMMC_BOOT=1 $(SIGNED_KERNEL)
+$(TARGET_EMMC_BOOTLOADER): emmc_appsbootldr_clean | $(EMMC_BOOTLOADER_OUT) $(INSTALLED_KEYSTOREIMAGE_TARGET)
+ $(MAKE) -C bootable/bootloader/lk TOOLCHAIN_PREFIX=$(CROSS_COMPILE) BOOTLOADER_OUT=../../../$(EMMC_BOOTLOADER_OUT) $(BOOTLOADER_PLATFORM) EMMC_BOOT=1 $(SIGNED_KERNEL) $(VERIFIED_BOOT) $(DEVICE_STATUS)
# Keep build NAND & eMMC as default for targets still using TARGET_BOOTLOADER
TARGET_BOOTLOADER := $(PRODUCT_OUT)/EMMCBOOT.MBN
diff --git a/makefile b/makefile
index 1056726..252903e 100644
--- a/makefile
+++ b/makefile
@@ -97,6 +97,14 @@
# Useful for header files that may be included by one or more source files.
SRCDEPS := $(CONFIGHEADER)
+ifeq ($(VERIFIED_BOOT),1)
+ DEFINES += VERIFIED_BOOT=1
+ DEFINES += _SIGNED_KERNEL=1
+ ifeq ($(DEFAULT_UNLOCK),true)
+ DEFINES += DEFAULT_UNLOCK=1
+ endif
+endif
+
# these need to be filled out by the project/target/platform rules.mk files
TARGET :=
PLATFORM :=
diff --git a/platform/msm_shared/rules.mk b/platform/msm_shared/rules.mk
index 834e883..f0e453c 100755
--- a/platform/msm_shared/rules.mk
+++ b/platform/msm_shared/rules.mk
@@ -38,7 +38,7 @@
$(LOCAL_DIR)/mmc.o
endif
-ifeq ($(ENABLE_VERIFIED_BOOT),1)
+ifeq ($(VERIFIED_BOOT),1)
OBJS += \
$(LOCAL_DIR)/boot_verifier.o
endif