Comments on Building and flashing a secured AOSP build with verified boot and separate lockscreen password for the Nexus 5X

I believe you mean 200G instead of 200MB in the requirements to build AOSP... ;9

 Yes, indeed! Thank you for the correction!

Is editing the manifest file default.xml really enough to remove these apps (fe. QuickSearchBox)? Isn't editing PRODUCT_PACKAGES lists in .mk files required too (fe. build/target/product/core.mk)? Is it really possible to build without jack (export ANDROID_COMPILE_WITH_JACK=false)? I tried this when building 8.1.0_r52 for a different device and it resulted in errors, building with jack enabled finished without errors. Didn't try buildiung 9.0 yet, but you used 8.1.0 too.

Just wanted to say thanks so much for this guide!  Also, any update on your quest to build OTA updates?

Is the ability to supported verified boot based on user-supplied (and not vendor-enforced) keys limited to Google devices, Nexus 5x, Pixel, etc. or can this be done with other phones, like Xiaomi, OnePlus, etc.

Hello, thank you very much for this tutorial.

I use LineageOS on a cheeseburger device. What solved the signed ota update problem for me was to add the releasekey to the recovery, since the recovery will check the signature of an update and therefore needs to know the public key.

On LineageOS, this can be done with:

```

mkdir -p vendor/lineage-priv/keys/

echo "PRODUCT_EXTRA_RECOVERY_KEYS += ${HOME}/.android-certs/releasekey" > vendor/lineage-priv/keys/keys.mk

```

PRODUCT_EXTRA_RECOVERY_KEYS can not be set as an environment variable, it must be set in the device config. I dont know if there is a nice option for AOSP, but I think so.

If you are interested, my build steps are documented here: https://gist.github.com/brandsimon/01f98627e8f8ba67b36141e7ec3c648f