[Android P] How to Enable/Disable Security Boot

[DESCRIPTION]
     android P上面默认会打开security boot。客户在研发初期,如果想关闭security boot,可以参考以下内容

[SOLUTION]

Enable/Disable Verified Boot

  • Verified boot is a chain starting from boot ROM.
  • Whether boot ROM verifies preloader is determined by efuse SBC_EN. (SW default on from Android P)
  • Security boot starting from preloader can be enabled/disabled with preloader feature option.
  • Modify preloader custom file. vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/[project]/[project].mk
  • Disable verified boot:
    • MTK_SEC_USBDL=ATTR_SUSBDL_DISABLE
    • MTK_SEC_BOOT=ATTR_SBOOT_DISABLE
  • Enable verified boot:
    • MTK_SEC_USBDL=ATTR_SUSBDL_ENABLE
    • MTK_SEC_BOOT=ATTR_SBOOT_ENABLE
    • After this preloader has been flashed into device:
      • You can only flash signed image (package_name-verified.img) and can only boot device with signed image.
      • Preloader will reject MTK_AllInOne_DA.bin. You must press USBDL key in order to use MTK_AllInOne_DA.bin.

How to Disable Verified Boot from Android P 

Download preloader with verified boot disabled (preloader_[project_name]_SBOOT_DIS.bin), which is in out folder.

After that, image which is not signed can be downloaded and booted.

 

作者: RESSRC

个人资源站

《[Android P] How to Enable/Disable Security Boot》有3个想法

  1. 你好,
    我修改vendor/mediatek/proprietary/bootable/bootloader、preloader/custom/k65v1_64_bsp/k65v1_64_bsp.mk
    MTK_SEC_USBDL=ATTR_SUSBDL_DISABLE
    MTK_SEC_BOOT=ATTR_SBOOT_DISABLE
    后 remake 整个Project , out下没有生成xxx_SBOOT_DIS.bin文件。
    请问这可能是怎么问题呢?

发表评论

邮箱地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据