sdm660-common: Enable OEM unlock and bootable image signing
* Given the fact that the bootloader allows bootable images with arbitrary signatures to boot, one can relock the bootloader after installing a signed custom recovery. After that, custom ROMs can be installed from recovery as usual, as long as the boot.img's are signed. * This is NOT a security vulnerability because unlocked bootloader is still prerequisite to access fastboot boot/flash, in contrast it's a feature suggested by Google. * To make it feasible with Lineage, sign the img with AOSP verity key which is publicly available. * OnePlus happens to use the same key to sign their own images and bootloader, so as a bonus there's even no 5s warning indicating a custom boot.img is in use on boot. * This doesn't mean using custom ROMs with locked bootloader is suggested. Change-Id: I178e9588e1dde96400dcb2178a027597d05949bd
This commit is contained in:
dianlujitao
Max Weffers
parent
7573dba6d6
commit
3b46abdecc
1 changed files with 4 additions and 0 deletions
|
|
@ -93,6 +93,10 @@ PRODUCT_PROPERTY_OVERRIDES += \
|
|||
PRODUCT_PROPERTY_OVERRIDES += \
|
||||
ro.netflix.bsp_rev=Q660-13149-1
|
||||
|
||||
# OEM Unlock reporting
|
||||
PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \
|
||||
ro.oem_unlock_supported=1
|
||||
|
||||
# Proximity
|
||||
PRODUCT_PROPERTY_OVERRIDES += \
|
||||
gsm.proximity.enable=true
|
||||
|
|
|
|||
Loading…
Reference in a new issue