Android 14 QPR2's update_engine uses /system/etc/security/cacerts

Question

Android 14 QPR2's update_engine uses /system/etc/security/cacerts

Closed this issue 4 months ago · 0 comments

Android 14 QPR2 includes https://android.googlesource.com/platform/system/update_engine/+/03c7be5f6096f19784af13d275f4f13f88fd4dd0%5E%21/, which makes update_engine use the standard system CA certificate trust store.

I'm planning to drop our current support for self-signed certificates. There's no longer a way to add a custom CA certificate just for update_engine and Custota should not modify /system/etc/security/cacerts since that will impact the entire system.

Users who need self-signed certificates can flash their own Magisk module that explicitly adds their certificate to /system/etc/security/cacerts. I'll add a new subcommand to custota-tool for generating such a module.