Android Recovery下更新,實際上OTA最終也是調用這個方法。
裡面有個流程是需要驗證verify_package,使用的是/res/keys,這個keys是從哪兒來的呢。
static constexpr const char* PUBLIC_KEYS_FILE = "/res/keys";
std::vector<Certificate> loadedKeys;
if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {
檢視了recovery編譯out目錄,确實發現有這個檔案呢,
recovery/root/res$ ls keys
剛開始以為是bootloader/recovery下,搜了沒有。後面想了下,找下 RECOVERY檔案的
編譯Makefile。 在目錄build/make/core/Makefile,找到了RECOVERY_INSTALL_OTA_KEYS,
順着代碼看了下:
# substitute other keys for this one.
OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
$(RECOVERY_INSTALL_OTA_KEYS): PRIVATE_OTA_PUBLIC_KEYS := $(OTA_PUBLIC_KEYS)
$(hide) cp $(RECOVERY_INSTALL_OTA_KEYS) $(TARGET_RECOVERY_ROOT_OUT)/res/keys
編譯log:
default_system_dev_certificate = (str) device/mediatek/common/security/releasekey