堆栈内存溢出
  简体   繁体   English

如何检查 android 图像(boot.img、system.img 等)是否已签名?

[英]How to check for android image(boot.img, system.img etc) is signed or not?

 原文  2021-08-06 06:16:59       android/ linux/ android-studio/ android-source

问题描述

I received an android image build from a source, how do I check for it's signature?我从来源收到了一个 android 图像构建,我该如何检查它的签名? I know we could check signature for an android app but facing some trouble with OS It's AOSP 10我知道我们可以检查 android 应用程序的签名,但在使用 OS 它是 AOSP 10 时会遇到一些问题

Tried "BootSignature.jar" but throws error java -jar BootSignature.jar -verify boot.img尝试“BootSignature.jar”但抛出错误java -jar BootSignature.jar -verify boot.img

1 个解决方案

解决方案1
 0  2021-08-09 02:57:39

  1. The android image is not sigend like an app. android 图像不像应用程序那样被标记。 But it's protected by verified boot.但它受到验证启动的保护。 See the offical document: https://source.android.google.cn/security/verifiedboot .参见官方文档: https://source.android.google.cn/security/verifiedboot

  2. And the app in system.img or vendor.img are sigend by a set of keys.而 system.img 或 vendor.img 中的应用程序是通过一组密钥进行签名的。 The standard Android build uses five keys(testkey, platform, shared, media,.networkstack), all of which reside in build/target/product/security . 标准 Android 构建使用五个密钥(testkey、platform、shared、media、.networkstack),所有这些都位于 build/target/product/security中。 For example, /system/framework/framework-res.apk is sigend with platform keys.例如,/system/framework/framework-res.apk 带有平台密钥。 You can check the signature like you do to an app.您可以像检查应用程序一样检查签名。

When you build the image from source, and use the android default testkeys set, the build's fingerprint will end with "test-keys", and if you use your private keys set, the fingerprint will end with "dev-keys".当您从源构建映像并使用 android 默认测试密钥集时,构建的指纹将以“test-keys”结尾,如果您使用私钥集,指纹将以“dev-keys”结尾。

And you can also sign an build, it will resigned the apps with new keys set, and update the verifiedboot's sum.你也可以签署一个构建,它会用新的密钥集退出应用程序,并更新验证引导的总和。 And the fingerprint will ended with "release-keys".指纹将以“release-keys”结尾。

  1. And the OTA package(zip file) are signed like an app. OTA 包(zip 文件)像应用程序一样签名。 Before updating, recovery will verify the zip's signature with the recovery/res/keys.在更新之前,recovery 将使用 recovery/res/keys 验证 zip 的签名。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 替换system.img后无法启动Android设备 - Can't boot Android device after replacing system.img 重新打包boot.img时出错(Android) - Error with repacking boot.img (Android) android中的boot.img文件是什么? - What is boot.img file in android? 如何在boot.img的根目录中包含文件? - How to include a file in the root of boot.img? 在Android中使用System.img的目的是什么? - What is purpose of using System.img in Android? 建立android系统:缺少system.img - building android: system.img is missing 如何增加 system.img 分区大小 - How to increase system.img partition size / arm64 / Image to zImage或boot.img - /arm64/Image to zImage or boot.img 编辑Seliunx规则时未更新Android AOSP boot.img - Android AOSP boot.img not updated while Editing Seliunx Rule 如何在任何 android 模拟器上运行系统生成的 android AOSP 12L system.img 文件? - How to run a system generated android AOSP 12L system.img file on any android emulator?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM