3

I am building AOSP and I want to sign the build with my own key. There is some official doc about this process here.

But I wonder if I can simply turn around all of that process and instead do this things:

  1. Delete default android test-keys which are located at build/target/product/security
  2. put my keys (which are generated using official instructions at here) in that folder with same names. (Assume one key for all of shared,media,...)

But this approach does not work. After burning the image, system apps (SystemUI, settings,..) will stop and continuously show the ANR dialog. I know this happens if system signature does not match with these apps's signature... but why?

Another question: Is using same key as shared.pk8 , media.pk8, testkey.pk8 , ... causes any problem?

Thanks

Saleh
  • 1,819
  • 1
  • 17
  • 44

3 Answers3

2

One suggestion:

If you don't want to keep your private keys in source control together with the aosp code, you can define a path to them in your device mk:

PRODUCT_DEFAULT_DEV_CERTIFICATE :=  /home/my_user/release_keys_folder/releasekey
PRODUCT_VERITY_SIGNING_KEY := /home/my_user/release_keys_folder/verity
Rick Sanchez
  • 4,528
  • 2
  • 27
  • 53
1

First, make sure the build has re-signed the apps. You may have to do a make clean to get rid of the previous artifacts.

Also check the Android.mk files for your bundled system apps (like in packages/apps or wherever you may have put them). Where you see this line:

LOCAL_CERTIFICATE := PRESIGNED

replace it with this instead:

LOCAL_CERTIFICATE := platform

This will let the build re-sign your system apps with the key they'll be checked against.

While using the same key for shared, media, testkey, platform will work (in the sense that your system should boot and function), it removes a layer of isolation from apps built with those keys. In particular, non-system apps that are normally signed with the testkey will now be signed with the same key as platform. This will give them access to system app data and code and also give them heightened privileges (like not having to ask the user for confirmation to use the camera or access their files). I don't think that's recommended.

Allen Luce
  • 7,859
  • 3
  • 40
  • 53
  • The key step for me is to do `make clean`. After doing this, replacing my keys instead of testkey is okay. I was lazy to do that because rebuilding AOSP on my PC takes a lot of time! Thanks – Saleh Sep 18 '19 at 10:41
  • For my builds, I use an AWS EC2 box with 96 cores and 768M of ram (an `r5.metal`/`r5d.metal` instance). That beast takes about 15 minutes to do a full AOSP build from clean. At Ohio spot rates and including boot/transfer time, that usually comes out to around $0.50 USD per build (plus about $10/month for disk space). – Allen Luce Sep 18 '19 at 16:41
0

The recommended method to sign your image with keys use (from Googles AOSP documentations):

make dist
sign_target_files_apks \
-o \
--default_key_mappings ~/.android-certs out/dist/*-target_files-*.zip \
signed-target_files.zip

Then execute:

img_from_target_files signed-target-files.zip signed-img.zip

I wouldn't use the same key, there's a reason why different keys are used.

Dean
  • 7,814
  • 8
  • 30
  • 31