How do I …

This page explains some configuration tasks in Celadon.

How to support secure boot

Secure boot is enabled on the BIOS of some PCs by default. It adds the BIOS vendor’s key and Windows* key by default. However, the default setting does not include the key to verify the kernelflinger. If the BIOS has enabled secure boot, you will get the following error message:

../_images/authorization-fail.jpg

You’ll need a USB drive with at least 1GB of free space to perform the following steps to add the key used to verify the kernelflinger to BIOS.

  1. Download the files that comprise Keytool from their respective locations:

    1. KeyTool.efi is a tool included in the efitools tarball. Download the tarball from https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git.
    2. Download DB.auth.
    3. Download KEK.auth.
  2. Format the USB drive to use the FAT filesystem. Put the KeyTool.efi, DB.auth, and KEK.auth files on the USB drive.

  3. Disable the device secure boot.

    1. Plug in the USB drive and reboot the device.

    2. Press F10 to enter the Boot Menu.

    3. Select “UEFI : Build-in EFI Shell” and then find your USB device.

    4. Execute KeyTool.efi and you will see the KeyTool menu.

    5. Select Edit Keys to replace the keys.

      ../_images/keytool.jpg
  4. Select the (db) option and press Enter.

    ../_images/select-menu.jpg
  5. Choose Add New Key to add the DB key.

    ../_images/add-db.jpg
  6. Browse your USB drives to locate your keys and add them one at a time.

    ../_images/browse-db-from-usb.jpg
    ../_images/auth-key.jpg

    Repeat the same steps and add the new key for KEK

    ../_images/menu-kek.jpg

How to change the partition size in Celadon image

An Android system is typically comprised of multiple disk partitions. Each parition is associated with an *.img file in the Celadon image. In addition, Celadon supports a whole GPT image to be flashed to the entire disk. Some partitions (e.g. the system partition) are huge, but some of them are empty. The SPARSE image format is used to reduce the image size.

The default partition size is defined in the following files:

device/intel/mixins/groups/boot-arch/project-celadon/gpt.ini
device/intel/mixins/groups/boot-arch/project-celadon/option.spec
device/intel/mixins/groups/vendor-partition/true/option.spec
device/intel/mixins/groups/config-partition/true/gpt.ini
device/intel/mixins/groups/factory-partition/true/gpt.ini

Modify device/intel/project-celadon/[lunch_target]/mixins.spec to change some of the default settings.

Note

  1. Changing the partition size will cause the OTA update to fail.
  2. The system partition requires at least 2560MB of disk space.