Actually enforce AVB + signing fixes

- Turns out AVB was set permissive this entire time :( --flags 2 == VERIFICATION_DISABLED - APEX support from GrapheneOS - Disable vbmeta chaining like GrapheneOS and optionally handle it like CalyxOS taimen 19.1 boots with locked bootloader successfully after this Signed-off-by: Tad <tad@spotco.us>
2025-06-25 06:50:42 -04:00 · 2022-04-06 10:32:44 -04:00 · 2022-04-06 10:32:44 -04:00 · b026a7811c
commit b026a7811c
parent d1e441e4cb
4 changed files with 107 additions and 12 deletions
--- a/Scripts/init.sh
+++ b/Scripts/init.sh
@ -86,6 +86,7 @@ export DOS_GPS_SUPL_HOST="supl.google.com"; #Options: supl.{google,vodafone,sony

 #Release Processing
 export DOS_MALWARE_SCAN_BEFORE_SIGN=false; #Scan device files for malware before signing
+export DOS_SIGNING_NOCHAIN=true; #Disable AVB partition chaining
 export DOS_GENERATE_DELTAS=true; #Creates deltas from existing target_files in $DOS_BUILDS
 export DOS_GENERATE_DELTAS_DEVICES=('akari' 'alioth' 'Amber' 'aura' 'aurora' 'avicii' 'blueline' 'bonito' 'bramble' 'cheryl' 'coral' 'crosshatch' 'davinci' 'discovery' 'enchilada' 'fajita' 'flame' 'FP3' 'guacamole' 'guacamoleb' 'hotdog' 'hotdogb' 'marlin' 'mata' 'pioneer' 'pro1' 'redfin' 'sailfish' 'sargo' 'sunfish' 'taimen' 'vayu' 'voyager' 'walleye' 'xz2c'); #List of devices deltas will be generated for
 export DOS_AUTO_ARCHIVE_BUILDS=true; #Copies files to $DOS_BUILDS after signing