From cd20a10536745366784d5ba49007a3f473f69426 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Mon, 29 Apr 2019 12:02:04 -0400
Subject: [PATCH] add marlin and sailfish to build instructions

---
 static/build.html | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/static/build.html b/static/build.html
index c904c2a2..f98282d9 100644
--- a/static/build.html
+++ b/static/build.html
@@ -163,6 +163,10 @@ git am ../chromium_patches/*.patch</pre>
             and the <code>kernel/google/crosshatch</code> repository is for the Pixel 3 and Pixel
             3 XL.</p>
 
+            <p><em>For the first generation Pixel (sailfish) and Pixel XL (marlin), signed
+            releases require building the verity public key into the kernel so the keys need to be
+            generated per the instructions below before building the kernel.</em></p>
+
             <h2>Setting up the OS build environment</h2>
 
             <p>The build has to be done from bash as envsetup.sh is not compatible with other
@@ -260,6 +264,41 @@ mv vendor/android-prepare-vendor/DEVICE/BUILD_ID/vendor/google_devices/* vendor/
             sample certificate subject can be replaced with your own information or simply left
             as-is.</p>
 
+            <p>The Pixel and Pixel XL use Android Verified Boot 1.0. The Pixel 2, Pixel 2 XL,
+            Pixel 3 and Pixel 3 XL use Android Verified Boot 2.0 (AVB). Follow the appropriate
+            instructions below.</p>
+
+            <p><em>For the first generation Pixel (sailfish) and Pixel XL (marlin), signed
+            releases require building the verity public key into the kernel, so this needs to be
+            done before building the kernel</em></p>
+
+            <h3>Android Verified Boot 1.0</h3>
+
+            <p>To generate keys for marlin (you should use unique keys per device variant):</p>
+
+            <pre>mkdir -p keys/marlin
+cd keys/marlin
+../../development/tools/make_key releasekey '/CN=GrapheneOS/'
+../../development/tools/make_key platform '/CN=GrapheneOS/'
+../../development/tools/make_key shared '/CN=GrapheneOS/'
+../../development/tools/make_key media '/CN=GrapheneOS/'
+../../development/tools/make_key verity '/CN=GrapheneOS/'
+cd ../..</pre>
+
+            <p>Generate the verity public key:</p>
+
+            <pre>make -j20 generate_verity_key
+out/host/linux-x86/bin/generate_verity_key -convert keys/marlin/verity.x509.pem keys/marlin/verity_key</pre>
+
+            <p>Generate verity keys in the format used by the kernel for the Pixel and Pixel XL:</p>
+
+            <pre>openssl x509 -outform der -in keys/marlin/verity.x509.pem -out kernel/google/marlin/verity_user.der.x509</pre>
+
+            <p>The same kernel and device repository is used for the Pixel and Pixel XL. There's
+            no separate sailfish kernel.</p>
+
+            <h3>Android Verified Boot 2.0 (AVB)</h3>
+
             <p>To generate keys for crosshatch (you should use unique keys per device
             variant):</p>