[CTS11R1]android.appsecurity.cts.ApexSignatureVerificationTest#testApexPubKeyIsNotWellKnownKey fail

问题描述

 CtsAppSecurityHostTestCases  android.appsecurity.cts.ApexSignatureVerificationTest#testApexPubKeyIsNotWellKnownKey
Fail:
MultipleFailureException, There were 3 errors:
  java.lang.AssertionError: must not use well known pubkey
Expected: must not match well known key
     but: was </tmp/ApexSignatureVerificationTest5637729639613257975/tests-apex_com.android.i18n6068752760150743393/apex_pubkey>

apex_com.android.i18n

com.android.runtime

com.android.art

apex使用了google默认签名, 所以导致测试Fail.

解决方案

请替换成贵司的签名文件。
每个apex使用不同的签名文件,所以需要为报错的每个apex生成对应的签名文件。
建议签名文件的前缀和apex的包名保持一致, 然后将生成的签名文件放入贵司指定的存放签名文件的文件夹中。
如何生成 apex 镜像签名文件,请参考google网站: https://source.android.com/devices/tech/ota/apex#vbmeta_signing

vbmeta signing

Sign each APEX with different keys. When a new key is required, create a public-private key pair and make an apex_keymodule. Use the key property to sign the APEX using the key. The public key is automatically included in the APEX with the name avb_pubkey.

In the above example, the name of the public key (foo) becomes the ID of the key. The ID of the key used to sign an APEX is written in the APEX. At runtime, apexd verifies the APEX using a public key with the same ID in the device.

 

微信扫码打赏

作者: RESSRC

个人资源站

发表评论

邮箱地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据