Signing own android build with AVBv1
Signing own android build with AVBv1
(04-01-2020, 03:44 AM)AreYouLoco? Hi, I have a device its Blackview BV9600 Pro (MT6771) which is a brick now because I might have damaged the screen tape on the way somehow and doesnt show any output on the screen. Wasted money since it was new but its good enough to make further experiments on it. I have taken it apart so I have access to the board and images of the stock partitions. Planning to identify serial port and solder jumpers to get bootloader/kernel log to see if it works. I am able to flash with SP Flash Tools. But stock tjat worked with previous soft-bricked attempts is not resurecting the device no more. Nevermind.
Long story short the bootloader probbably has color states which are green yellow orange and red. As in google docs about verified boot: Signed stock, locked bootloader is green; unlocked bootloader and custom rom state is orange. Red is locked custom rom (doesnt allow to boot) and the missing state according to docs I would like to achieve is possible yellow which is whole correctly self-signed rom booting with locked bootloader. How do I verify if its possible?
I am new to Android Verified Boot and I've read in docs that it should have vbmeta partition with pub keys but it is not there (AVBv1 or AVBv1.1 but not AVBv2.0 for sure) and the keys are somehow appended to the signed stock boot partition which I cannot unsign/unpack correctly. Only worked partially with osm0sis scripts to see that there is some binary file inside called boot-verified. And it might be the one with keys.
How do I replace keys that I am gling to use to sign my own boot.img? For now no kernel sources yet but working on port and anoyying company to give stock kernel sources. Rom building, rooting, unlocking bootloader is not a problem at all so not related and please do skip that part unless well argumented. I have generated my own keys already and to sign each partition should not be a problem as well with android google docs. But how to tell the kernel to use my self-signed keys and ignore vendor/google/root key? And how to append them to the boot-signed.img?
Anybody got some experience with AVB on mediatek devices and Verified Boot? Thanks for any tips. Seriously
(04-01-2020, 03:44 AM)AreYouLoco? Hi, I have a device its Blackview BV9600 Pro (MT6771) which is a brick now because I might have damaged the screen tape on the way somehow and doesnt show any output on the screen. Wasted money since it was new but its good enough to make further experiments on it. I have taken it apart so I have access to the board and images of the stock partitions. Planning to identify serial port and solder jumpers to get bootloader/kernel log to see if it works. I am able to flash with SP Flash Tools. But stock tjat worked with previous soft-bricked attempts is not resurecting the device no more. Nevermind.
Long story short the bootloader probbably has color states which are green yellow orange and red. As in google docs about verified boot: Signed stock, locked bootloader is green; unlocked bootloader and custom rom state is orange. Red is locked custom rom (doesnt allow to boot) and the missing state according to docs I would like to achieve is possible yellow which is whole correctly self-signed rom booting with locked bootloader. How do I verify if its possible?
I am new to Android Verified Boot and I've read in docs that it should have vbmeta partition with pub keys but it is not there (AVBv1 or AVBv1.1 but not AVBv2.0 for sure) and the keys are somehow appended to the signed stock boot partition which I cannot unsign/unpack correctly. Only worked partially with osm0sis scripts to see that there is some binary file inside called boot-verified. And it might be the one with keys.
How do I replace keys that I am gling to use to sign my own boot.img? For now no kernel sources yet but working on port and anoyying company to give stock kernel sources. Rom building, rooting, unlocking bootloader is not a problem at all so not related and please do skip that part unless well argumented. I have generated my own keys already and to sign each partition should not be a problem as well with android google docs. But how to tell the kernel to use my self-signed keys and ignore vendor/google/root key? And how to append them to the boot-signed.img?
Anybody got some experience with AVB on mediatek devices and Verified Boot? Thanks for any tips. Seriously
(04-01-2020, 08:17 PM)AreYouLoco? Well thx for interest. I am willing to test. It is faulty but if I get console output from serial TTY then I do not need screen to see if it boots.