MultiROM Once Again Available for the Galaxy S4

Multiboot, or the ability to select betweenmultiple operating systems on a single device at … more

Build an Impractical But Awesome Lego Mindstorm Dock

The vast majority of what we cover here on the XDA-Developers News Portal relates to … more

MultiROM Makes its Way Over to the HTC One (M8)

While browsing our forum, you will undoubtedly find more than a few enticing ROMs available … more

Welcome to the New XDA-Developers Portal!

You may recall that a few weeks ago, we opened up the XDA-2015 forum themesto intrepid users … more
Post Reply
Exclamation

[Q] Issues with Signing Android Factory Images, ROMs and OTA Files.

18th November 2013, 07:06 AM   |  #1  
GoDzPlaY's Avatar
OP Member
Flag Pune
Thanks Meter: 2
 
79 posts
Join Date:Joined: Apr 2011
More
I am doing R&D on FOTA(Firmware Update Over the Air) using Nexus 7-Wifi(grouper). For which I followed the following steps.

1. Downloaded the android source from source.android.com for v 4.2.2_r1 and v 4.3_r1
2. Downloaded the binaries for grouper, extract it to my source folder.
3. Then I compiled the source code using following commands.
i. source build/envsetup.sh
ii. lunch full_grouper-userdebug
iii. make -j8 dist
4. After few tries, I had success in compiling the source for Nexus 7(grouper).
5. I got following files in $out/source_4.2.2/dist folder
-----------------------------------------------
adb*
android-common-carousel.jar
android-common.jar
android-info.txt
android-support-v13.jar
android-support-v4.jar
android-support-v7-gridlayout.jar
build.prop
com.android.nfc_extras.jar
fastboot*
full_grouper-apps-eng.root.zip
full_grouper-emulator-eng.root.zip
full_grouper-img-eng.root.zip
full_grouper-ota-eng.root.zip
full_grouper-symbols-eng.root.zip
full_grouper-target_files-eng.root.zip
gpl_source.tgz
guava.jar
installed-files.txt
jsr305.jar
mkbootfs*
mkbootimg*
mkyaffs2image*
mp4parser.jar
package-stats.txt
ramdisk.img
signapk.jar
vendor_owner_info.txt
-----------------------------------------------
6. Then I generated my own keys using /development/tools/make_key tool for media, testkey, releasekey, shared, platform.
Assume my keys are locate at /keys folder.
7. Then I created a signed target zip file using following command.
/source/build/tools/releasetools/sign_target_files_apks -v -p ../host/linux-x86 -d /keys full_grouper-target_files-eng.root.zip signed_target_files.zip
8. From signed target zip file I create
/source/build/tools/releasetools/img_from_target_files -v -p ../host/linux-x86 signed_target_files.zip signed_img_from_target_files.zip
9. Then I flashed the signed_img_from_target_files.zip using fastboot command using the following script:
----------------------------------------------------------------------
fastboot oem unlock
fastboot erase boot
fastboot erase cache
fastboot erase recovery
fastboot erase system
fastboot erase userdata
fastboot reboot-bootloader
sleep 10
fastboot -w update signed_img_from_target_files.zip
----------------------------------------------------------------------
10. The device gets flashed well and is working, but I am getting an log while flashing in which it is unable to find boot.sig, system.sig and recovery.sig
11. Now the otacerts.zip file contains a testkey which is not the one that I signed it with.
file located at "/system/etc/security/otacerts.zip" on device.
12. Now since the otacerts.zip is signed with the default key it gives a mismatch error which I tried to flash an OTA update which is signed by the my custom key.

Now my doubt is:
How can I add boot.sig, recovery.sig and system.sig to signed_img_from_target_files.zip?
Is there anything I am doing wrong?
Does the recovery checks the current ROM keys from "/system/etc/security/otacerts.zip"?
What is the correct procedure to sign the OTA update?
The Following User Says Thank You to GoDzPlaY For This Useful Post: [ View ]
30th September 2014, 07:08 AM   |  #2  
Junior Member
Flag İzmir
Thanks Meter: 0
 
1 posts
Join Date:Joined: Sep 2014
More
i am posting this reply just for people who are looking for help too,

you need to explicitly define "BUILD_SECURE := true" in your device make file so that android/build/core/Makefile will use device/*/$(TARGET_DEVICE)/releasekey.x509.pem for OTA_PUBLIC_KEYS
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools
Display Modes


Top Threads in OS Porting by ThreadRank