Corrupt recovery image

[jun10r4lm31d4]

After run the patch the image size of recovery in HashTree is bigger then original, i have checked in boot and this is normal. I have compared the raw.img of both recovery then are different too. I am using the --rootless option for test. See the diff output:

13c13
<                     image_size: 67805184,
---
>                     image_size: 67837952,
17c17
<                     root_digest: "8fe58c4532046005c238674dc181a318b5c04c2abed635bd1bdd9af32b6d6df4",
---
>                     root_digest: "ed3942deaca10614d832ef218f6f35d53f4cf4d05c66332349815f32087dd55b",
39,40c39,40
<             original_image_size: 67805184,
<             vbmeta_offset: 67805184,
---
>             original_image_size: 67837952,
>             vbmeta_offset: 67837952,

[chenxiaolong]

That's expected, even for --rootless. avbroot needs to update system/etc/security/otacerts.zip inside the ramdisk to update the trusted certificates so that sideloading further patched OTAs will work.

The most common reason the size increases is if the OS's original key was RSA2048 and your key is RSA4096.

[jun10r4lm31d4]

That's expected, even for --rootless. avbroot needs to update system/etc/security/otacerts.zip inside the ramdisk to update the trusted certificates so that sideloading further patched OTAs will work.

The most common reason the size increases is if the OS's original key was RSA2048 and your key is RSA4096.

This make the image unbootable tried flashing and using fastboot boot command. Its possible do the patch without the OTA changes just for testing?

[chenxiaolong]

Can you provide a link to the OTA you're patching? I'd like to take a look and see if there's anything weird in there.

Currently, you can only disable patching otacerts.zip if you're building avbroot from source. This is the line that would need to be removed: https://github.com/chenxiaolong/avbroot/blob/e18ef20e4db8b3bd838af62b328cd83c3d790208/avbroot/src/cli/ota.rs#L1275