Skip to content

Commit

Permalink
Correct the rollback protection configs
Browse files Browse the repository at this point in the history 
u-boot:  CONFIG_SPL_FIT_ROLLBACK_PROTECT
AVB: CONFIG_ANDROID_AVB_ROLLBACK_INDEX
  • Loading branch information
@asus-leslieyu
asus-leslieyu authored Dec 29, 2023
1 parent af8b955 commit 54d132e
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions docs/developer-guide/tinker_board_3n/tinker_os_android.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ To enable the secure boot, please apply the modification under each directory.
If the secure boot is eanbled, the device can not boot with any other images which are not signed by the same key used to enable the secure boot.
:::

- u-boot: In the directory u-boot, ㄩake sure the configs CONFIG_FIT_SIGNATURE, CONFIG_SPL_FIT_SIGNATURE, and CONFIG_AVB_VBMETA_PUBLIC_KEY_VALIDATE are enabled. You can also enable the config CONFIG_ANDROID_AVB_ROLLBACK_INDEX to enable the u-boot rollback protection.
- u-boot: In the directory u-boot, ㄩake sure the configs CONFIG_FIT_SIGNATURE, CONFIG_SPL_FIT_SIGNATURE, and CONFIG_AVB_VBMETA_PUBLIC_KEY_VALIDATE are enabled. You can also enable the config CONFIG_SPL_FIT_ROLLBACK_PROTECT to enable the u-boot rollback protection.
```diff
diff --git a/configs/tinker_board_3n_defconfig b/configs/tinker_board_3n_defconfig
index a7b28f952b..1428a5abb5 100644
Expand Down Expand Up @@ -234,7 +234,7 @@ cd u-boot
cd ..
```

If the config CONFIG_ANDROID_AVB_ROLLBACK_INDEX is enabled to support the u-boot rollback protection. You will need to provide the options `-version-uboot` and `--rollback-index-uboot`.
If the config CONFIG_SPL_FIT_ROLLBACK_PROTECT is enabled to support the u-boot rollback protection. You will need to provide the options `-version-uboot` and `--rollback-index-uboot`.

```bash
cd u-boot
Expand Down Expand Up @@ -289,7 +289,7 @@ rm testkey_atx_p*
../avb_atx_generate_test_data
```

- u-boot: In the directory u-boot, make sure the configs CONFIG_AVB_VBMETA_PUBLIC_KEY_VALIDATE and CONFIG_RK_AVB_LIBAVB_ENABLE_ATH_UNLOCK are enabled. You can also enable the config CONFIG_FIT_ROLLBACK_PROTECT to enable the rollback protection.
- u-boot: In the directory u-boot, make sure the configs CONFIG_AVB_VBMETA_PUBLIC_KEY_VALIDATE and CONFIG_RK_AVB_LIBAVB_ENABLE_ATH_UNLOCK are enabled. You can also enable the config CONFIG_ANDROID_AVB_ROLLBACK_INDEX to enable the rollback protection.
```diff
diff --git a/configs/tinker_board_3n_defconfig b/configs/tinker_board_3n_defconfig
index a7b28f952b..4f7502fdf9 100644
Expand Down Expand Up @@ -319,7 +319,7 @@ cd external/avb
cd -
```

- device/asus/tinker_board_3: In the directory device/asus/tinker_board_3, make sure the config BOARD_AVB_ENABLE is enabled and the configs BOARD_AVB_ALGORITHM, BOARD_AVB_KEY_PATH, and BOARD_AVB_METADATA_BIN_PATH are defined. You can also define BOARD_AVB_ROLLBACK_INDEX to enable the rollback protection and this will need CONFIG_FIT_ROLLBACK_PROTECT to be enabled for u-boot as well.
- device/asus/tinker_board_3: In the directory device/asus/tinker_board_3, make sure the config BOARD_AVB_ENABLE is enabled and the configs BOARD_AVB_ALGORITHM, BOARD_AVB_KEY_PATH, and BOARD_AVB_METADATA_BIN_PATH are defined. You can also define BOARD_AVB_ROLLBACK_INDEX to enable the rollback protection and this will need CONFIG_ANDROID_AVB_ROLLBACK_INDEX to be enabled for u-boot as well.
```bash
diff --git a/BoardConfig.mk b/BoardConfig.mk
index 6ce3cd7..33f515b 100644
Expand Down

0 comments on commit 54d132e

Please sign in to comment.