From 32674abf1752676f976cadc8b2ebba291c2a581b Mon Sep 17 00:00:00 2001 From: Andrew Gunnerson Date: Mon, 4 Nov 2024 18:22:06 -0500 Subject: [PATCH] Add option to skip inserting OTA cert into recovery image Issue: #366 Signed-off-by: Andrew Gunnerson --- README.md | 6 ++++++ avbroot/src/cli/ota.rs | 19 +++++++++++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 95d1aa7..d9dffca 100644 --- a/README.md +++ b/README.md @@ -385,6 +385,12 @@ Note that avbroot will validate that the prepatched image is compatible with the avbroot can be used for just re-signing an OTA by specifying `--rootless` instead of `--magisk`/`--prepatched`. With this option, the patched OTA will not be rooted. The only modification applied is the replacement of the OTA verification certificate so that the OS can be upgraded with future (patched) OTAs. +### Skipping recovery OTA certificate patches + +avbroot can skip modifying `otacerts.zip` in the recovery image with the `--skip-recovery-ota-cert` option. **Do not do this unless you have a good reason to do so.** (For example, if you've already manually inserted the OTA certificate into a boot image specified with `--prepatched` or `--replace`.) When this option is used with `--rootless` (and `--dsu` is not specified), then no modifications are performed on any boot image besides ensuring they are properly signed. + +When manually adding the OTA certificate to a boot image, [verifying the patched OTA](#verifying-otas) afterwards is recommended to ensure that it was properly done. + ### Replacing partitions avbroot supports replacing entire partitions in the OTA, even partitions that are not boot images (eg. `vendor_dlkm`). A partition can be replaced by passing in `--replace /path/to/partition.img`. diff --git a/avbroot/src/cli/ota.rs b/avbroot/src/cli/ota.rs index 54c777c..37da545 100644 --- a/avbroot/src/cli/ota.rs +++ b/avbroot/src/cli/ota.rs @@ -201,7 +201,7 @@ fn patch_boot_images<'a, 'b: 'a>( let boot_partitions = required_images.iter_boot().collect::>(); info!( - "Patching boot images: {}", + "Candidate boot images: {}", joined(sorted(boot_partitions.iter())), ); @@ -1304,7 +1304,11 @@ pub fn patch_subcommand(cli: &PatchCli, cancel_signal: &AtomicBool) -> Result<() assert!(cli.root.rootless); }; - boot_patchers.push(Box::new(OtaCertPatcher::new(cert_ota.clone()))); + if cli.skip_recovery_ota_cert { + warn!("Not inserting OTA cert into recovery image; sideloading further updates may fail"); + } else { + boot_patchers.push(Box::new(OtaCertPatcher::new(cert_ota.clone()))); + } if cli.dsu { boot_patchers.push(Box::new(DsuPubKeyPatcher::new(key_avb.to_public_key()))); @@ -1922,6 +1926,17 @@ pub struct PatchCli { )] pub ignore_prepatched_compat: u8, + /// Skip adding OTA certificate to recovery image. + /// + /// DO NOT USE THIS unless you've manually added the certificate to the + /// recovery image already. Otherwise, sideloading further updates will not + /// be possible. + /// + /// When this option is used with --rootless, the boot images in the OTA + /// will not be modified. + #[arg(long, help_heading = HEADING_OTHER)] + pub skip_recovery_ota_cert: bool, + /// Add AVB public key to trusted keys for DSU. #[arg(long, help_heading = HEADING_OTHER)] pub dsu: bool,