Merge "treble_common.mk: add the vbmeta.img to disable verification" into oc-mr1-dev
diff --git a/core/Makefile b/core/Makefile
index c6c9ebf..d180ef5 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -2013,6 +2013,14 @@
vbmetaimage-nodeps:
$(build-vbmetaimage-target)
+else ifeq (true,$(BOARD_BUILD_DISABLED_VBMETAIMAGE))
+BUILT_DISABLED_VBMETAIMAGE := $(PRODUCT_OUT)/vbmeta.img
+
+INSTALLED_VBMETAIMAGE_TARGET := $(BUILT_DISABLED_VBMETAIMAGE)
+$(INSTALLED_VBMETAIMAGE_TARGET): $(AVBTOOL)
+ $(hide) $(AVBTOOL) make_vbmeta_image \
+ --flag 2 --padding_size 4096 --output $@
+
endif # BOARD_AVB_ENABLE
# -----------------------------------------------------------------
diff --git a/target/product/treble_common.mk b/target/product/treble_common.mk
index f31e9ac..a16829b 100644
--- a/target/product/treble_common.mk
+++ b/target/product/treble_common.mk
@@ -216,3 +216,13 @@
# Android O.
PRODUCT_PACKAGES += \
netutils-wrapper-1.0
+
+# Android Verified Boot (AVB):
+# Builds a special vbmeta.img that disables AVB verification.
+# Otherwise, AVB will prevent the device from booting the generic system.img.
+# Also checks that BOARD_AVB_ENABLE is not set, to prevent adding verity
+# metadata into system.img.
+ifeq ($(BOARD_AVB_ENABLE),true)
+$(error BOARD_AVB_ENABLE cannot be set for Treble GSI)
+endif
+BOARD_BUILD_DISABLED_VBMETAIMAGE := true
