From c9394889aad94ec7a5f48379092ba78fe9a7f0db Mon Sep 17 00:00:00 2001
From: Christian Oder <myself5@carbonrom.org>
Date: Wed, 27 Jun 2018 21:14:43 -0400
Subject: [PATCH] sm6250-common: Build disabled VBMeta image

Partitions that use vbmeta_system can be found by looking at
avb flag in fstab from boot ramdisk.

--flags 2 makes the verification function of avb always return a
positive result.

--set_hashtree_disabled_flag builds the vbmeta images with the
HASHTREE_DISABLED bit set and as a result they don't need to manually
disable dm-verity via e.g. 'adb disable-verity'.

The rest of the configuration is taken from
https://source.android.com/devices/tech/ota/dynamic_partitions/implement#avb-configuration-changes

Change-Id: I381feef8f6fefc8449ca50d85d704b67bcc8a77e
---
 BoardConfigCommon.mk | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 3385091..7bdef02 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -128,3 +128,13 @@ VENDOR_SECURITY_PATCH := 2021-07-01
 
 # Sepolicy
 include device/qcom/sepolicy_vndr/SEPolicy.mk
+
+# Verified Boot
+BOARD_AVB_ENABLE := true
+BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --set_hashtree_disabled_flag
+BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 2
+BOARD_AVB_VBMETA_SYSTEM := system system_ext product
+BOARD_AVB_VBMETA_SYSTEM_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
+BOARD_AVB_VBMETA_SYSTEM_ALGORITHM := SHA256_RSA2048
+BOARD_AVB_VBMETA_SYSTEM_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
+BOARD_AVB_VBMETA_SYSTEM_ROLLBACK_INDEX_LOCATION := 1