FORUMS
Remove All Ads from XDA

Signing boot images for Android Verified Boot (AVB) [v8]

11,416 posts
Thanks Meter: 88,137
 
By Chainfire, Moderator Emeritus / Senior Recognized Developer - Where is my shirt? on 3rd May 2017, 12:16 PM
Post Reply Email Thread
6th May 2017, 01:17 AM |#21  
Senior Member
Thanks Meter: 32
 
More
The zip for signing work perfectly on Google Pixel not XL
Flash SuperSU
Flash Zip for Signing
Reboot and enjoy
6th May 2017, 03:06 AM |#22  
Senior Member
Thanks Meter: 56
 
More
Pixel XL. Zip didn't work here (Flashed the May bootloader before, of course). Got an error:
https://forum.xda-developers.com/sho...postcount=1659

Abort: unexpected result.
Exception in thread "main" java.io.IOException: DER length more than 4 bytes: 44
E: unknow command [at]
E: unknow command [at]
E: unknow command [at]
E: unknow command [at]
E: unknow command [at]
Updater process ended with ERROR: 1
Error installing zip file '/sdcard/Downloads/VerifiedBootSigner.zip'
6th May 2017, 11:07 AM |#23  
Chainfire's Avatar
OP Moderator Emeritus / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 88,137
 
Donate to Me
More
Quote:
Originally Posted by TCattd

Pixel XL. Zip didn't work here (Flashed the May bootloader before, of course). Got an error:
https://forum.xda-developers.com/sho...postcount=1659

Abort: unexpected result.
Exception in thread "main" java.io.IOException: DER length more than 4 bytes: 44

I have attached a new version to the first post, try if that one works for you.

The ZIP explicitly tests for known errors, and if an unknown error occurs, it dies. This can be a bit inconvenient for the early adopters, but in the end it does lead to a fuller understanding and possibly better scripts. The specific error you guys have been seeing is now added to the whitelist.
The Following 9 Users Say Thank You to Chainfire For This Useful Post: [ View ]
6th May 2017, 12:05 PM |#24  
Chainfire's Avatar
OP Moderator Emeritus / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 88,137
 
Donate to Me
More
Quote:
Originally Posted by ashyx

So are Samsungs latest devices now using this. Reason I ask is because in the S8 and Tab S3 stock firmware there is a META-DATA folder in the AP firmware tar. Inside is a fota.zip containing various folders with all sorts of utilities and files, one of which is BootSignature.jar.
It seems it is required to flash the META-DATA folder with the boot.img in ODIN or it will not boot. So I'm guessing the boot.img is being signed as part of the flashing process?

I haven't figured out yet what is going on here exactly.

The signature found at the end of boot/recovery.img is not an AVB signature as far as I can tell, so it is unlikely the images are signed with this. Furthermore, sign-during-flash would require the device to actually contain the private key somewhere, which would be an incredibly bad idea security wise... I doubt even Samsung would do something that stupid.

But you are correct that those ZIPs do contain BootSignature.jar. I'm not sure what it's used for, or if it's used at all, really. fota.zip appears to be a zipped up collection of files generated during the firmware build (you can find a very similar file tree somewhere in the AOSP out folder if you build a firmware), however, the actual contents of the files inside the zip do not appear to match the files found in the boot/recovery images (even just the sizes don't match), which should be the case if this were just that.

As I have an unlocked phone, I do not have the same flashing limitations. I would be interested to know what happens if you include an empty self-made fota.zip, or a fota.zip from a different firmware than the boot image (after verifying that fota.zip is binary different).
The Following 4 Users Say Thank You to Chainfire For This Useful Post: [ View ]
6th May 2017, 02:58 PM |#25  
Nit3H8wk's Avatar
Member
Thanks Meter: 21
 
More
Worked fine for me on pixel xl. Although i had to flash supersu and boot signer zip from fastbooted twrp or it would bootloop. Seems to be working well now though I can boot into twrp and reboot to system.
6th May 2017, 05:03 PM |#26  
Kisakuku's Avatar
Senior Member
Thanks Meter: 4,628
 
More
Quote:
Originally Posted by Nit3H8wk

Worked fine for me on pixel xl. Although i had to flash supersu and boot signer zip from fastbooted twrp or it would bootloop. Seems to be working well now though I can boot into twrp and reboot to system.

That is to be expected. You can't boot into the flashed TWRP until boot.img is signed, so the signing has to be done from fastboot booted TWRP.
The Following 2 Users Say Thank You to Kisakuku For This Useful Post: [ View ] Gift Kisakuku Ad-Free
6th May 2017, 05:20 PM |#27  
Senior Member
Thanks Meter: 56
 
More
Quote:
Originally Posted by Chainfire

I have attached a new version to the first post, try if that one works for you.

The ZIP explicitly tests for known errors, and if an unknown error occurs, it dies. This can be a bit inconvenient for the early adopters, but in the end it does lead to a fuller understanding and possibly better scripts. The specific error you guys have been seeing is now added to the whitelist.

New zip worked flawlessly.
Thanks Chainfire!
6th May 2017, 11:02 PM |#28  
JakeDHS07's Avatar
Senior Member
Flag Danbury, CT
Thanks Meter: 658
 
More
I still can't get V2 to flash. Still erroring out and aborting.
6th May 2017, 11:17 PM |#29  
Ibuprophen's Avatar
Senior Member
Flag Upstate New York
Thanks Meter: 6,567
 
Donate to Me
More
This is a work of a genius @Chainfire!!!

I know that nothing is perfect and everything pretty much is a work in progress for you but, this is amazing!


"Live Long and Prosper..."
~Ambassador S'chn T'gai Spock

Sent via Communicator [D2VZW] from the Bridge of the U.S.S. Enterprise [NCC-1701].
7th May 2017, 12:30 AM |#30  
Chainfire's Avatar
OP Moderator Emeritus / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 88,137
 
Donate to Me
More
Quote:
Originally Posted by JakeDHS07

I still can't get V2 to flash. Still erroring out and aborting.

Reproduce the error, and pull and post /tmp/recovery.log from the flash. Otherwise there is nothing I can do.
The Following 3 Users Say Thank You to Chainfire For This Useful Post: [ View ]
7th May 2017, 01:02 AM |#31  
JakeDHS07's Avatar
Senior Member
Flag Danbury, CT
Thanks Meter: 658
 
More
Got it. Hope this helps. @Chainfire
Attached Files
File Type: log recovery.log - [Click for QR Code] (25.9 KB, 152 views)
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes