bootloader locking
I am not allowed to paste links anymore so bear with me:
this is pretty easy to support/enable, you just have to integrate the following into your builds
- builds must be -user, not -userdebug
- in DivestOS-Build repo:
- signing keys can be generated correctly using Scripts/Generate_Signing_Keys.sh $device
- Scripts/Common/Copy_Keys.sh is used to copy verity keys into kernels
- processRelease() in Scripts/Common/Functions.sh is used to sign releases
- devices can have verified boot re-enabled using enableVerity() in Scripts/Common/Functions.sh
- you need to
sed -i 's/^\treturn VERITY_STATE_DISABLE;//' drivers/md/dm-android-verity.con all kernels, to restore verified boot that LineageOS disabled - you’ll need to apply Patches/*/android_build/0002-OTA_Keys.patch to android_build repo to correctly add keys to the recovery
- update_device_info.sh in DivestOS-Website repo has device bootloader information in the format: unlock method, bootloader lock support, verified boot support
As for device support (per the devices I build for):
- 9 devices have been tested working with locked bootloader and verified boot
- 5 devices have been tested working with locked bootloader but do not support verfied boot
- 25 devices should support locked bootloader with verified boot
- 6 devices should support locked bootloader but do not support verified boot