Android Q releaseKey管理

Android Q releaseKey管理

1. 文件修改路径
   android/build/make/core/config.mk
   android/build/make/core/Makefile
2. 系统默认为testkey，将其修改为releasekey

diff --git a/core/Makefile b/core/Makefile
index 8854e88..e5ae89e 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -303,7 +303,7 @@ endif
 ifeq ($(DEFAULT_SYSTEM_DEV_CERTIFICATE),build/target/product/security/testkey)
 BUILD_KEYS := test-keys
 else
-BUILD_KEYS := dev-keys
+BUILD_KEYS := release-keys
 endif
 BUILD_VERSION_TAGS += $(BUILD_KEYS)
 BUILD_VERSION_TAGS := $(subst $(space),$(comma),$(sort $(BUILD_VERSION_TAGS)))
diff --git a/core/config.mk b/core/config.mk
index 5b5adfa..fc7a5be 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -765,7 +765,7 @@ endif
 ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
   DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE)
 else
-  DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey
+  DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/releasekey
 endif
 .KATI_READONLY := DEFAULT_SYSTEM_DEV_CERTIFICATE
 
diff --git a/target/product/security/releasekey.pk8 b/target/product/security/releasekey.pk8
new file mode 100644
index 0000000..3dffd30
Binary files /dev/null and b/target/product/security/releasekey.pk8 differ
diff --git a/target/product/security/releasekey.x509.pem b/target/product/security/releasekey.x509.pem
new file mode 100644
index 0000000..933fc60
--- /dev/null
+++ b/target/product/security/releasekey.x509.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIJAKj7xG0Ebk2sMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYD
+VQQGEwJVUzELMAkGA1UECAwCTlkxFjAUBgNVBAcMDUhvbGJyb29rIFZpZXcxDDAK
+BgNVBAoMA1pKWTELMAkGA1UECwwCUE0xCzAJBgNVBAMMAlNXMScwJQYJKoZIhvcN
+AQkBFhhzYXFpYi5naG91cmlAcmVsaWFuY2UudXMwHhcNMjEwNTEwMDg1NTU4WhcN
+NDgwOTI1MDg1NTU4WjCBgzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMRYwFAYD
+VQQHDA1Ib2xicm9vayBWaWV3MQwwCgYDVQQKDANaSlkxCzAJBgNVBAsMAlBNMQsw
+CQYDVQQDDAJTVzEnMCUGCSqGSIb3DQEJARYYc2FxaWIuZ2hvdXJpQHJlbGlhbmNl
+LnVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSWQsci6uJlJp81p
+eP6tVxB9oOEjNtjpVVZ/FkEfBjE/PwIEDsLc+0P5ZDxbQAyROaNpuvTqC1m4XUbS
+oDqijSl/B67D+oS7dECzgSC/Gn7SK/7LNebfw2FrjsL2S9hDDwviuQEiqXKNmbin
+DD3cU9QQ7ln8d0rZlj0fbXuZfksg7b7dUVkOZ1Bw3t5Rgc3wcKN8h/mJzvpOJ8PH
+c30LTlLkRkSloHPcv+/Yd/KwySrMnl0929NZmeoue7RkZn78g0tptaJG49Cc1ENA
+O/BhJzeWoypnhql5N5+N8smn737HKVPNsnptrpXkRA6ACQx9MA7cElbiQKNj7Hn3
+RiPu2QIDAQABo1AwTjAdBgNVHQ4EFgQUTvS0IkrVOvmKtT/fn3gxJkEpntcwHwYD
+VR0jBBgwFoAUTvS0IkrVOvmKtT/fn3gxJkEpntcwDAYDVR0TBAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAQEAnwujxs7lQuSW3fyUoz3870PtbKbywA/eZEX4xxUzeFBb
+kIFnPdBbohPf59Y4uLqmizkjN7u9DZPReIqZgJjubd6owrFZrzJNDBKFKMfuKoGJ
+Fqj13j8oTCfhsI/lXMNifl2fXoEKTyBjFImCxiLrTGiFVBCXuXlZRs6gR/2Zkdas
+Bn+SsWQpU2MvRIuHdKpfFrYl253S/ulNgIN+1SUUtb/xYht+qWUoSyZSYGDFoW4N
+OYyPm6qnNEUo5x3VNmPoWG9waftdW1WhEgojHM2vu20oHzLc6uzwPT1Ff9T1g1xZ
+E397B68zqEJVcgfDo+AcPLKW0SK5TvRIdWapx0/s4w==
+-----END CERTIFICATE-----

4. 默认使用平台签名

diff --git a/core/config.mk b/core/config.mk
index fc7a5be..4697bd4 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -765,7 +765,7 @@ endif
 ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
   DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE)
 else
-  DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/releasekey
+  DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/platform
 endif
 .KATI_READONLY := DEFAULT_SYSTEM_DEV_CERTIFICATE

5. relasekey生成指令

development/tools/make_key testkey  '/C=US/ST=NY/L=Holbrook View/O=ZJY/OU=PM/CN=SW/[email protected]'
development/tools/make_key media  '/C=US/ST=NY/L=Holbrook View/O=ZJY/OU=PM/CN=SW/[email protected]'
development/tools/make_key shared  '/C=US/ST=NY/L=Holbrook View/O=ZJY/OU=PM/CN=SW/[email protected]'
development/tools/make_key platform  '/C=US/ST=NY/L=Holbrook View/O=ZJY/OU=PM/CN=SW/[email protected]'
development/tools/make_key releasekey  '/C=US/ST=NY/L=Holbrook View/O=ZJY/OU=PM/CN=SW/[email protected]'
development/tools/make_key verity  '/C=US/ST=NY/L=Holbrook View/O=ZJY/OU=PM/CN=SW/[email protected]'
out/host/linux-x86/bin/generate_verity_key -convert verity.x509.pem verity_key

6. Android系统中的主要签名文件

media.pk8，media.x509.pem；platform.pk8，platform.x509.pem；releasekey.pk8，releasekey.x509.pem；shared.pk8，shared.x509.pem；testkey.pk8，testkey.x509.pem。

Android系统中的签名文件的路径

build/target/product/security/目录下。

可使用openssl x509指令获取到每一个签名的文件sign数据

openssl x509 -in shared.x509.pem -text -noout
14745818950089601948
openssl x509 -in platform.x509.pem -text -noout
18277047876529865745
openssl x509 -in testkey.x509.pem -text -noout
17452760084156571116
openssl x509 -in platform.x509.pem -text -noout
18277047876529865745

2055 openssl x509 -in media.x509.pem -text -noout | grep “Serial Number”
2056 openssl x509 -in platform.x509.pem -text -noout | grep “Serial Number”
2057 openssl x509 -in shared.x509.pem -text -noout | grep “Serial Number”
2058 openssl x509 -in testkey.x509.pem -text -noout | grep “Serial Number”
2059 openssl x509 -in releasekey.x509.pem -text -noout | grep “Serial Number”