Can someone describe how to create a signed update.zip for use with the fastboot command "update"? What tools are used?
Is there documentation on this somewhere? Thanks, Dan On Fri, Aug 21, 2009 at 1:25 PM, William Enck <[email protected]> wrote: > > > > Dan Hein wrote: > >> Do you know of any existing documentation that explains steps needed to >> secure Android device (i.e. at the OEM level)? >> > > I'm not sure where the documentation is for these things are; however: > > > 1. sign userimage with vendor private keys >> > > There is a variable you can set in your buildspec.mk to set the *public* > keys used by your build. I found it by tracing the build process, if I > remember correctly it is: > > OTA_PUBLIC_KEYS := path/to/key1.pem path/to/key2.pem > > This will include the listed public keys in the otacerts.zip store on the > system as well as bake them into the recovery binary in recovery.img. > > If you do an engineering build, I'm not certain whether or not it also > includes the test keys, but you could include the following in your > buildspec.mk (I believe this works, but haven't tested): > > INCLUDE_TEST_OTA_KEYS := false > > The *private* keys, on the other hand are a different story. I seem to > remember reading a comment somewhere in the makefiles indicating that > initially everything is signed by the test keys and that all package signing > should be done with a post processing script. I couldn't find those scripts. > Of course, it was quite a while ago when I looked into this, and they might > be available now. Similarly, I'd love to have the scripts that create the > update.zip (it shouldn't be hard to create, but I just haven't gotten around > to it). To sign the update.zip, I believe there is a SignApk.jar application > somewhere in the build (could be a slightly different name). Given the name, > I imagine this works for both the update.zip and .apk files included in the > distribution. > > > 2. ensure ro.secure system property set >> > > This is set based on the build options. A user-release build will ensure > ro.secure=1. I.e., you want the following in your buildspec.mk: > > TARGET_BUILD_VARIANT := user > TARGET_BUILD_TYPE := release > > > 3. ensure no root consoles left running (e.g. such as G1 RC29) >> > > This was fixed by modifying the kernel command line baked into boot.img. A > user-release configuration should have this configuration. I don't know if > it is also fixed with the engineering build. My best guess is yes. > > > 4. ensure build phase for generating dexopt files into system image >> > > Note sure. > > Hope that helps, > > -Will > >
