AnsweredAssumed Answered

Enabling DM-Verity singing failed on i.MX8MQ

Question asked by pratik manvar on Jul 26, 2020
Latest reply on Aug 13, 2020 by Joan Xie

Hello,

 

I am using i.MX8MQ custom board. I want to enable DM-Veiry signing using dm-verity RSA private key available at "Android-9.0/build/target/product/security/verity/verity.pk8".

 

The kernel configuration for DM-Verity is as below:

----------------------------------------------------------------------------------------------------------

CONFIG_BLK_DEV_DM_BUILTIN=y
# CONFIG_DM_MQ_DEFAULT is not set
CONFIG_DM_DEBUG=y
CONFIG_DM_BUFIO=y
# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set
CONFIG_DM_CRYPT=y
CONFIG_DM_UEVENT=y
# CONFIG_DM_FLAKEY is not set
CONFIG_DM_VERITY=y
CONFIG_DM_VERITY_HASH_PREFETCH_MIN_SIZE=1
# CONFIG_DM_VERITY_HASH_PREFETCH_MIN_SIZE_128 is not set
CONFIG_DM_VERITY_FEC=y
# CONFIG_DM_SWITCH is not set
# CONFIG_DM_LOG_WRITES is not set
# CONFIG_DM_INTEGRITY is not set
# CONFIG_DM_ANDROID_VERITY_AT_MOST_ONCE_DEFAULT_ENABLED is not set

----------------------------------------------------------------------------------------------------------

 

To enable signing of "system.img and vendor.img" using dm-verity RSA key, I have added below lines in my board.mk file.

----------------------------------------------------------------------------------------------------------

$(call inherit-product, build/target/product/verity.mk)

PRODUCT_VENDOR_VERITY_PARTITION := /dev/block/dm-1
PRODUCT_SYSTEM_VERITY_PARTITION := /dev/block/dm-0

----------------------------------------------------------------------------------------------------------

 

Then, I got some errors while building the system and vendor images. Please see the attached file for build log errors.

If I do not add "$(call inherit-product, build/target/product/verity.mk)" line then, build is successfully completed without any errors but signing is not done.

 

Please help me out to find what I am doing wrong.

 

Thank You.

Pratik Manvar

Outcomes