From 395ef97b2eb7eb94a83edf7567b84ee34512a72c Mon Sep 17 00:00:00 2001
From: Dmitry Gerasimov <d.gerasimov@omp.ru>
Date: Wed, 23 Jan 2019 22:23:40 +0300
Subject: [PATCH] [dhd] Allow bundling keys into kernel and bootloader.
 JB#54649 OMP#OS-7115

Signed-off-by: Dmitry Gerasimov <d.gerasimov@omp.ru>
---
 droid-hal-device.inc | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/droid-hal-device.inc b/droid-hal-device.inc
index 09931ba..d63a66e 100644
--- a/droid-hal-device.inc
+++ b/droid-hal-device.inc
@@ -187,6 +187,10 @@ BuildRequires:  oneshot
 BuildRequires:  systemd
 BuildRequires:  qt5-qttools-kmap2qmap >= 5.1.0+git5
 BuildRequires:  rsync
+%if 0%{?with_system_keys:1}
+BuildRequires:  system-keys-kernel
+BuildRequires:  system-keys-bootloader
+%endif
 # starting from Android 8
 BuildRequires:  python
 %{?custom_build_requires}
@@ -385,6 +389,25 @@ if (grep -q '^TARGET_ARCH := arm64' %{android_root}/device/*/*/BoardConfig*.mk);
 fi
 %endif
 
+%if 0%{?with_system_keys:1}
+KERNEL_DIRS=$(find %android_root -maxdepth 1 -type d \( -name "kernel-*.*" -o -name "kernel" \) &&
+              find %android_root -maxdepth 2 -type d -path "*/linux/kernel")
+
+# Copy trusted keys into kernel source directory
+echo "$KERNEL_DIRS" |
+while IFS= read -r kernel; do
+    cp -r /etc/keys/kernel/* ${kernel}/
+done
+
+# Override aboot OEM keystore
+if [ -d bootable/bootloader/lk/include ]; then
+    cp /etc/keys/bootloader/oem_keystore.h bootable/bootloader/lk/include
+fi
+if [ -d vendor/mediatek/proprietary/bootable/bootloader/lk/include ]; then
+    cp /etc/keys/bootloader/oem_keystore.h vendor/mediatek/proprietary/bootable/bootloader/lk/include
+fi
+%endif
+
 %if 0%{?_obs_build_project:1}
 
 # Set up kernel extra version for OBS kernel builds