Separate boot and recovery image signing from dm-verity Allow dm-verity to be enabled without boot and recovery images being signed. This makes it possible to enable only dm-verity to detect corruption without confusing bootloaders that do not understand signed images. Bug: 19985143 Change-Id: Ie52c6ff595faa7a5c1f1bc1b37f6899c4d0c7001

commit: 8b3f08bc7b9870c8c43c7c5bb39f343eaa25d6aa [log] [tgz]
author: Sami Tolvanen <samitolvanen@google.com> Tue Apr 07 15:08:59 2015 +0100
committer: Sami Tolvanen <samitolvanen@google.com> Wed Apr 08 12:30:16 2015 +0100
tree: 4e6af4fea07a1b3abbebb84c965a22be385d159f
parent: 4605be6c9ec9296addc0f0b034ae79db6c14f10e [diff] [blame]
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 59e81c1..04fe5b0 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py

@@ -362,7 +362,8 @@
   assert p.returncode == 0, "mkbootimg of %s image failed" % (
       os.path.basename(sourcedir),)
 
-  if info_dict.get("verity_key", None):
+  if (info_dict.get("boot_signer", None) == "true" and
+      info_dict.get("verity_key", None)):
     path = "/" + os.path.basename(sourcedir).lower()
     cmd = [OPTIONS.boot_signer_path, path, img.name,
            info_dict["verity_key"] + ".pk8",
commit	8b3f08bc7b9870c8c43c7c5bb39f343eaa25d6aa	[log] [tgz]
author	Sami Tolvanen <samitolvanen@google.com>	Tue Apr 07 15:08:59 2015 +0100
committer	Sami Tolvanen <samitolvanen@google.com>	Wed Apr 08 12:30:16 2015 +0100
tree	4e6af4fea07a1b3abbebb84c965a22be385d159f
parent	4605be6c9ec9296addc0f0b034ae79db6c14f10e [diff] [blame]