Use the specified verity key to sign boot and recovery OTA images. This ensures that when the verity key is rotated to a release key both the boot and recovery images will be correctly signed. It does mean that they will both be signed with the same key for now, but as that doesn't change the threat model separating them is just a distant nice-to-have. Bug: 15725238 Change-Id: I5b75e4346fe0655065643ab553431690cc1a8cb0

commit: 95ebe7a09b61931fc9e84b3ce43439c1eda40308 [log] [tgz]
author: Geremy Condra <gcondra@google.com> Tue Aug 19 17:27:56 2014 -0700
committer: Rom Lemarchand <romlem@google.com> Wed Aug 20 20:17:01 2014 +0000
tree: 5e8235effc68e2341f4faa41255a068b7584f7ff
parent: 4faea310acb2e884192f3e760e3190426b9c6d0f [diff] [blame]
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 947a9e4..4fe4938 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py

@@ -335,6 +335,13 @@
   assert p.returncode == 0, "mkbootimg of %s image failed" % (
       os.path.basename(sourcedir),)
 
+  if info_dict.get("verity_key", None):
+    path = "/" + os.path.basename(sourcedir).lower()
+    cmd = ["boot_signer", path, img.name, info_dict["verity_key"], img.name]
+    p = Run(cmd, stdout=subprocess.PIPE)
+    p.communicate()
+    assert p.returncode == 0, "boot_signer of %s image failed" % path
+
   img.seek(os.SEEK_SET, 0)
   data = img.read()
commit	95ebe7a09b61931fc9e84b3ce43439c1eda40308	[log] [tgz]
author	Geremy Condra <gcondra@google.com>	Tue Aug 19 17:27:56 2014 -0700
committer	Rom Lemarchand <romlem@google.com>	Wed Aug 20 20:17:01 2014 +0000
tree	5e8235effc68e2341f4faa41255a068b7584f7ff
parent	4faea310acb2e884192f3e760e3190426b9c6d0f [diff] [blame]