[CTS11R1]android.appsecurity.cts.ApexSignatureVerificationTest#testApexPubKeyIsNotWellKnownKey fail

MultipleFailureException, There were 3 errors:

  java.lang.AssertionError: must not use well known pubkey

Expected: must not match well known key

     but: was </tmp/ApexSignatureVerificationTest5637729639613257975/tests-apex_com.android.i18n6068752760150743393/apex_pubkey>

apex_com.android.i18n

com.android.runtime

com.android.art

请替换成贵司的签名文件。

每个apex使用不同的签名文件，所以需要为报错的每个apex生成对应的签名文件。

建议签名文件的前缀和apex的包名保持一致， 然后将生成的签名文件放入贵司指定的存放签名文件的文件夹中。

如何生成 apex 镜像签名文件，请参考google网站: https://source.android.com/devices/tech/ota/apex#vbmeta_signing

vbmeta signing

Sign each APEX with different keys. When a new key is required, create a public-private key pair and make an apex_keymodule. Use the key property to sign the APEX using the key. The public key is automatically included in the APEX with the name avb_pubkey.

In the above example, the name of the public key (foo) becomes the ID of the key. The ID of the key used to sign an APEX is written in the APEX. At runtime, apexd verifies the APEX using a public key with the same ID in the device.