Closed chenxiaolong closed 4 months ago
Everything now uses AVB 2.0 version 1.3.0.
avbroot already supports this since #210 (avbroot 3.0.0).
The fstab specifies avb_keys=no_such_key
for the system_dlkm
and vendor_dlkm
entries.
diff '--color=auto' -Nru stock/vendor_boot/ramdisk.img.0_extracted/cpio_tree/first_stage_ramdisk/system/etc/fstab.zuma 15/stock/vendor_boot/ramdisk.img.0_extracted/cpio_tree/first_stage_ramdisk/system/etc/fstab.zuma
--- stock/vendor_boot/ramdisk.img.0_extracted/cpio_tree/first_stage_ramdisk/system/etc/fstab.zuma 2024-02-16 16:54:00.056172198 -0500
+++ 15/stock/vendor_boot/ramdisk.img.0_extracted/cpio_tree/first_stage_ramdisk/system/etc/fstab.zuma 2024-02-16 16:53:52.432162811 -0500
@@ -7,11 +7,11 @@
system /system ext4 noatime,ro wait,slotselect,avb=vbmeta_system,logical,first_stage_mount,readahead_size_kb=128
# During compliance testing, the previous line would fail (because GSI is ext4), and the next line would be used to mount GSI.
system /system ext4 noatime,ro wait,slotselect,avb=vbmeta_system,logical,first_stage_mount,readahead_size_kb=128
-system_dlkm /system_dlkm ext4 noatime,ro wait,slotselect,avb=vbmeta_system,logical,first_stage_mount,readahead_size_kb=128
+system_dlkm /system_dlkm ext4 noatime,ro wait,slotselect,avb=vbmeta_system,avb_keys=no_such_key,logical,first_stage_mount,readahead_size_kb=128
system_ext /system_ext ext4 noatime,ro wait,slotselect,avb=vbmeta_system,logical,first_stage_mount,readahead_size_kb=128
product /product ext4 noatime,ro wait,slotselect,avb=vbmeta_system,logical,first_stage_mount,readahead_size_kb=128
vendor /vendor ext4 noatime,ro wait,slotselect,avb=vbmeta_vendor,logical,first_stage_mount,readahead_size_kb=128
-vendor_dlkm /vendor_dlkm ext4 noatime,ro wait,slotselect,avb=vbmeta,logical,first_stage_mount
+vendor_dlkm /vendor_dlkm ext4 noatime,ro wait,slotselect,avb=vbmeta,avb_keys=no_such_key,logical,first_stage_mount
/dev/block/platform/13200000.ufs/by-name/boot /boot emmc defaults slotselect,avb=boot,first_stage_mount
/dev/block/platform/13200000.ufs/by-name/init_boot /init_boot emmc defaults slotselect,avb=init_boot,first_stage_mount
/dev/block/platform/13200000.ufs/by-name/efs /mnt/vendor/efs f2fs noatime,sync wait,check,formattable
I haven't investigated what this does, but it shouldn't affect avbroot anyway since we don't modify those partitions.
/system/etc/security/cacerts_google
no longer exists.
AOSP commit: https://android.googlesource.com/platform/system/update_engine/+/03c7be5f6096f19784af13d275f4f13f88fd4dd0%5E%21/
This will affect Custota users who use self-signed CA certificates. Custota's module installation script will need Android 15-specific logic.
Turns out these changes are already present in Android 14 QPR2 release from yesterday.
Android 15 DP1 has been released for Pixels! I think avbroot is likely already compatible, but I will verify today and post my findings here.