Remove unused code and logic

2023-07-17 18:58:48 -07:00 · 2023-07-17 18:58:48 -07:00 · f33343b4e6
parent af65d07456
commit f33343b4e6
9 changed files with 11 additions and 687 deletions
--- a/app/src/main/java/com/topjohnwu/magisk/core/tasks/MagiskInstaller.kt
+++ b/app/src/main/java/com/topjohnwu/magisk/core/tasks/MagiskInstaller.kt
@ -20,13 +20,11 @@ import com.topjohnwu.magisk.core.isRunningAsStub
 import com.topjohnwu.magisk.core.ktx.copyAndClose
 import com.topjohnwu.magisk.core.ktx.reboot
 import com.topjohnwu.magisk.core.ktx.toast
-import com.topjohnwu.magisk.core.ktx.withStreams
 import com.topjohnwu.magisk.core.ktx.writeTo
 import com.topjohnwu.magisk.core.utils.MediaStoreUtils
 import com.topjohnwu.magisk.core.utils.MediaStoreUtils.inputStream
 import com.topjohnwu.magisk.core.utils.MediaStoreUtils.outputStream
 import com.topjohnwu.magisk.core.utils.RootUtils
-import com.topjohnwu.magisk.signing.SignBoot
 import com.topjohnwu.superuser.Shell
 import com.topjohnwu.superuser.ShellUtils
 import com.topjohnwu.superuser.internal.NOPList
@ -481,22 +479,6 @@ abstract class MagiskInstallImpl protected constructor(
    }

    private fun patchBoot(): Boolean {
-        var isSigned = false
-        if (!srcBoot.isCharacter) {
-            try {
-                srcBoot.newInputStream().use {
-                    if (SignBoot.verifySignature(it, null)) {
-                        isSigned = true
-                        console.add("- Boot image is signed with AVB 1.0")
-                    }
-                }
-            } catch (e: IOException) {
-                console.add("! Unable to check signature")
-                Timber.e(e)
-                return false
-            }
-        }
-
        val newBoot = installDir.getChildFile("new-boot.img")
        if (!useRootDir) {
            // Create output files before hand
@ -511,31 +493,11 @@ abstract class MagiskInstallImpl protected constructor(
            "PATCHVBMETAFLAG=${Config.patchVbmeta} " +
            "RECOVERYMODE=${Config.recovery} " +
            "SYSTEM_ROOT=${Info.isSAR} " +
-            "sh boot_patch.sh $srcBoot")
+            "sh boot_patch.sh $srcBoot",
+            "./magiskboot cleanup",
+            "cd /")

-        if (!cmds.sh().isSuccess)
-            return false
-
-        val job = shell.newJob().add("./magiskboot cleanup", "cd /")
-
-        if (isSigned) {
-            console.add("- Signing boot image with verity keys")
-            val signed = File.createTempFile("signed", ".img", context.cacheDir)
-            try {
-                val src = newBoot.newInputStream().buffered()
-                val out = signed.outputStream().buffered()
-                withStreams(src, out) { _, _ ->
-                    SignBoot.doSignature(null, null, src, out, "/boot")
-                }
-            } catch (e: IOException) {
-                console.add("! Unable to sign image")
-                Timber.e(e)
-                return false
-            }
-            job.add("cat $signed > $newBoot", "rm -f $signed")
-        }
-        job.exec()
-        return true
+        return cmds.sh().isSuccess
    }

    private fun flashBoot() = "direct_install $installDir $srcBoot".sh().isSuccess
--- a/app/src/main/java/com/topjohnwu/magisk/signing/CryptoUtils.java
+++ b/app/src/main/java/com/topjohnwu/magisk/signing/CryptoUtils.java
@ -1,115 +0,0 @@
-package com.topjohnwu.magisk.signing;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.security.spec.ECPrivateKeySpec;
-import java.security.spec.ECPublicKeySpec;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.HashMap;
-import java.util.Map;
-
-public class CryptoUtils {
-
-    static final Map<String, String> ID_TO_ALG;
-    static final Map<String, String> ALG_TO_ID;
-
-    static {
-        ID_TO_ALG = new HashMap<>();
-        ALG_TO_ID = new HashMap<>();
-        ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA256.getId(), "SHA256withECDSA");
-        ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA384.getId(), "SHA384withECDSA");
-        ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA512.getId(), "SHA512withECDSA");
-        ID_TO_ALG.put(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "SHA1withRSA");
-        ID_TO_ALG.put(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId(), "SHA256withRSA");
-        ID_TO_ALG.put(PKCSObjectIdentifiers.sha512WithRSAEncryption.getId(), "SHA512withRSA");
-        ALG_TO_ID.put("SHA256withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256.getId());
-        ALG_TO_ID.put("SHA384withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384.getId());
-        ALG_TO_ID.put("SHA512withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512.getId());
-        ALG_TO_ID.put("SHA1withRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption.getId());
-        ALG_TO_ID.put("SHA256withRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption.getId());
-        ALG_TO_ID.put("SHA512withRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption.getId());
-    }
-
-    static String getSignatureAlgorithm(Key key) throws Exception {
-        if ("EC".equals(key.getAlgorithm())) {
-            int curveSize;
-            KeyFactory factory = KeyFactory.getInstance("EC");
-            if (key instanceof PublicKey) {
-                ECPublicKeySpec spec = factory.getKeySpec(key, ECPublicKeySpec.class);
-                curveSize = spec.getParams().getCurve().getField().getFieldSize();
-            } else if (key instanceof PrivateKey) {
-                ECPrivateKeySpec spec = factory.getKeySpec(key, ECPrivateKeySpec.class);
-                curveSize = spec.getParams().getCurve().getField().getFieldSize();
-            } else {
-                throw new InvalidKeySpecException();
-            }
-            if (curveSize <= 256) {
-                return "SHA256withECDSA";
-            } else if (curveSize <= 384) {
-                return "SHA384withECDSA";
-            } else {
-                return "SHA512withECDSA";
-            }
-        } else if ("RSA".equals(key.getAlgorithm())) {
-            return "SHA256withRSA";
-        } else {
-            throw new IllegalArgumentException("Unsupported key type " + key.getAlgorithm());
-        }
-    }
-
-    static AlgorithmIdentifier getSignatureAlgorithmIdentifier(Key key) throws Exception {
-        String id = ALG_TO_ID.get(getSignatureAlgorithm(key));
-        if (id == null) {
-            throw new IllegalArgumentException("Unsupported key type " + key.getAlgorithm());
-        }
-        return new AlgorithmIdentifier(new ASN1ObjectIdentifier(id));
-    }
-
-    public static X509Certificate readCertificate(InputStream input)
-            throws IOException, GeneralSecurityException {
-        try {
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-            return (X509Certificate) cf.generateCertificate(input);
-        } finally {
-            input.close();
-        }
-    }
-
-    /** Read a PKCS#8 format private key. */
-    public static PrivateKey readPrivateKey(InputStream input)
-            throws IOException, GeneralSecurityException {
-        try {
-            ByteArrayStream buf = new ByteArrayStream();
-            buf.readFrom(input);
-            byte[] bytes = buf.toByteArray();
-            /* Check to see if this is in an EncryptedPrivateKeyInfo structure. */
-            PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(bytes);
-            /*
-             * Now it's in a PKCS#8 PrivateKeyInfo structure. Read its Algorithm
-             * OID and use that to construct a KeyFactory.
-             */
-            ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(spec.getEncoded()));
-            PrivateKeyInfo pki = PrivateKeyInfo.getInstance(bIn.readObject());
-            String algOid = pki.getPrivateKeyAlgorithm().getAlgorithm().getId();
-            return KeyFactory.getInstance(algOid).generatePrivate(spec);
-        } finally {
-            input.close();
-        }
-    }
-}
--- a/app/src/main/java/com/topjohnwu/magisk/signing/SignBoot.java
+++ b/app/src/main/java/com/topjohnwu/magisk/signing/SignBoot.java
@ -1,382 +0,0 @@
-package com.topjohnwu.magisk.signing;
-
-import androidx.annotation.NonNull;
-import androidx.annotation.Nullable;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERPrintableString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.FilterInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.nio.ByteBuffer;
-import java.nio.ByteOrder;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-
-public class SignBoot {
-
-    private static final int BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET = 1632;
-    private static final int BOOT_IMAGE_HEADER_V2_DTB_SIZE_OFFSET = 1648;
-
-    // Arbitrary maximum header version value; when greater assume the field is dt/extra size
-    private static final int BOOT_IMAGE_HEADER_VERSION_MAXIMUM = 8;
-
-    // Maximum header size byte value to read (currently the bootimg minimum page size)
-    private static final int BOOT_IMAGE_HEADER_SIZE_MAXIMUM = 2048;
-
-    private static class PushBackRWStream extends FilterInputStream {
-        private OutputStream out;
-        private int pos = 0;
-        private byte[] backBuf;
-
-        PushBackRWStream(InputStream in, OutputStream o) {
-            super(in);
-            out = o;
-        }
-
-        @Override
-        public int read() throws IOException {
-            int b;
-            if (backBuf != null && backBuf.length > pos) {
-                b = backBuf[pos++];
-            } else {
-                b = super.read();
-                out.write(b);
-            }
-            return b;
-        }
-
-        @Override
-        public int read(byte[] bytes, int off, int len) throws IOException {
-            int read = 0;
-            if (backBuf != null && backBuf.length > pos) {
-                read = Math.min(len, backBuf.length - pos);
-                System.arraycopy(backBuf, pos, bytes, off, read);
-                pos += read;
-                off += read;
-                len -= read;
-            }
-            if (len > 0) {
-                int ar = super.read(bytes, off, len);
-                read += ar;
-                out.write(bytes, off, ar);
-            }
-            return read;
-        }
-
-        void unread(byte[] buf) {
-            backBuf = buf;
-        }
-    }
-
-    private static int fullRead(InputStream in, byte[] b) throws IOException {
-        return fullRead(in, b, 0, b.length);
-    }
-
-    private static int fullRead(InputStream in, byte[] b, int off, int len) throws IOException {
-        int n = 0;
-        while (n < len) {
-            int count = in.read(b, off + n, len - n);
-            if (count <= 0)
-                break;
-            n += count;
-        }
-        return n;
-    }
-
-    public static boolean doSignature(
-            @Nullable X509Certificate cert, @Nullable PrivateKey key,
-            @NonNull InputStream imgIn, @NonNull OutputStream imgOut, @NonNull String target
-    ) {
-        try {
-            PushBackRWStream in = new PushBackRWStream(imgIn, imgOut);
-            byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM];
-            // First read the header
-            fullRead(in, hdr);
-            int signableSize = getSignableImageSize(hdr);
-            // Unread header
-            in.unread(hdr);
-            BootSignature bootsig = new BootSignature(target, signableSize);
-            if (cert == null) {
-                cert = CryptoUtils.readCertificate(
-                        new ByteArrayInputStream(KeyData.verityCert()));
-            }
-            bootsig.setCertificate(cert);
-            if (key == null) {
-                key = CryptoUtils.readPrivateKey(
-                        new ByteArrayInputStream(KeyData.verityKey()));
-            }
-            byte[] sig = bootsig.sign(key, in, signableSize);
-            bootsig.setSignature(sig, CryptoUtils.getSignatureAlgorithmIdentifier(key));
-            byte[] encoded_bootsig = bootsig.getEncoded();
-            imgOut.write(encoded_bootsig);
-            imgOut.flush();
-            return true;
-        } catch (Exception e) {
-            e.printStackTrace();
-            return false;
-        }
-    }
-
-    public static boolean verifySignature(InputStream imgIn, X509Certificate cert) {
-        try {
-            // Read the header for size
-            byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM];
-            if (fullRead(imgIn, hdr) != hdr.length) {
-                System.err.println("Unable to read image header");
-                return false;
-            }
-            int signableSize = getSignableImageSize(hdr);
-
-            // Read the rest of the image
-            byte[] rawImg = Arrays.copyOf(hdr, signableSize);
-            int remain = signableSize - hdr.length;
-            if (fullRead(imgIn, rawImg, hdr.length, remain) != remain) {
-                System.err.println("Unable to read image");
-                return false;
-            }
-
-            // Read footer, which contains the signature
-            byte[] signature = new byte[4096];
-            if (imgIn.read(signature) == -1 || Arrays.equals(signature, new byte [signature.length])) {
-                System.err.println("Invalid image: not signed");
-                return false;
-            }
-
-            BootSignature bootsig = new BootSignature(signature);
-            if (cert != null) {
-                bootsig.setCertificate(cert);
-            }
-            if (bootsig.verify(rawImg, signableSize)) {
-                System.err.println("Signature is VALID");
-                return true;
-            } else {
-                System.err.println("Signature is INVALID");
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-            return false;
-        }
-        return false;
-    }
-
-    public static int getSignableImageSize(byte[] data) throws Exception {
-        if (!Arrays.equals(Arrays.copyOfRange(data, 0, 8),
-                "ANDROID!".getBytes("US-ASCII"))) {
-            throw new IllegalArgumentException("Invalid image header: missing magic");
-        }
-        ByteBuffer image = ByteBuffer.wrap(data);
-        image.order(ByteOrder.LITTLE_ENDIAN);
-        image.getLong(); // magic
-        int kernelSize = image.getInt();
-        image.getInt(); // kernel_addr
-        int ramdskSize = image.getInt();
-        image.getInt(); // ramdisk_addr
-        int secondSize = image.getInt();
-        image.getLong(); // second_addr + tags_addr
-        int pageSize = image.getInt();
-        if (pageSize >= 0x02000000) {
-            throw new IllegalArgumentException("Invalid image header: PXA header detected");
-        }
-        int length = pageSize // include the page aligned image header
-                + ((kernelSize + pageSize - 1) / pageSize) * pageSize
-                + ((ramdskSize + pageSize - 1) / pageSize) * pageSize
-                + ((secondSize + pageSize - 1) / pageSize) * pageSize;
-        int headerVersion = image.getInt(); // boot image header version or dt/extra size
-        if (headerVersion > 0 && headerVersion < BOOT_IMAGE_HEADER_VERSION_MAXIMUM) {
-            image.position(BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET);
-            int recoveryDtboLength = image.getInt();
-            length += ((recoveryDtboLength + pageSize - 1) / pageSize) * pageSize;
-            image.getLong(); // recovery_dtbo address
-            int headerSize = image.getInt();
-            if (headerVersion == 2) {
-                image.position(BOOT_IMAGE_HEADER_V2_DTB_SIZE_OFFSET);
-                int dtbLength = image.getInt();
-                length += ((dtbLength + pageSize - 1) / pageSize) * pageSize;
-                image.getLong(); // dtb address
-            }
-            if (image.position() != headerSize) {
-                throw new IllegalArgumentException("Invalid image header: invalid header length");
-            }
-        } else {
-            // headerVersion is 0 or actually dt/extra size in this case
-            length += ((headerVersion + pageSize - 1) / pageSize) * pageSize;
-        }
-        length = ((length + pageSize - 1) / pageSize) * pageSize;
-        if (length <= 0) {
-            throw new IllegalArgumentException("Invalid image header: invalid length");
-        }
-        return length;
-    }
-
-    static class BootSignature extends ASN1Object {
-        private ASN1Integer formatVersion;
-        private ASN1Encodable certificate;
-        private AlgorithmIdentifier algId;
-        private DERPrintableString target;
-        private ASN1Integer length;
-        private DEROctetString signature;
-        private PublicKey publicKey;
-        private static final int FORMAT_VERSION = 1;
-
-        /**
-         * Initializes the object for signing an image file
-         * @param target Target name, included in the signed data
-         * @param length Length of the image, included in the signed data
-         */
-        public BootSignature(String target, int length) {
-            this.formatVersion = new ASN1Integer(FORMAT_VERSION);
-            this.target = new DERPrintableString(target);
-            this.length = new ASN1Integer(length);
-        }
-
-        /**
-         * Initializes the object for verifying a signed image file
-         * @param signature Signature footer
-         */
-        public BootSignature(byte[] signature) throws Exception {
-            ASN1InputStream stream = new ASN1InputStream(signature);
-            ASN1Sequence sequence = (ASN1Sequence) stream.readObject();
-            formatVersion = (ASN1Integer) sequence.getObjectAt(0);
-            if (formatVersion.getValue().intValue() != FORMAT_VERSION) {
-                throw new IllegalArgumentException("Unsupported format version");
-            }
-            certificate = sequence.getObjectAt(1);
-            byte[] encoded = ((ASN1Object) certificate).getEncoded();
-            ByteArrayInputStream bis = new ByteArrayInputStream(encoded);
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-            X509Certificate c = (X509Certificate) cf.generateCertificate(bis);
-            publicKey = c.getPublicKey();
-            ASN1Sequence algId = (ASN1Sequence) sequence.getObjectAt(2);
-            this.algId = new AlgorithmIdentifier((ASN1ObjectIdentifier) algId.getObjectAt(0));
-            ASN1Sequence attrs = (ASN1Sequence) sequence.getObjectAt(3);
-            target = (DERPrintableString) attrs.getObjectAt(0);
-            length = (ASN1Integer) attrs.getObjectAt(1);
-            this.signature = (DEROctetString) sequence.getObjectAt(4);
-        }
-
-        public ASN1Object getAuthenticatedAttributes() {
-            ASN1EncodableVector attrs = new ASN1EncodableVector();
-            attrs.add(target);
-            attrs.add(length);
-            return new DERSequence(attrs);
-        }
-
-        public byte[] getEncodedAuthenticatedAttributes() throws IOException {
-            return getAuthenticatedAttributes().getEncoded();
-        }
-
-        public void setSignature(byte[] sig, AlgorithmIdentifier algId) {
-            this.algId = algId;
-            signature = new DEROctetString(sig);
-        }
-
-        public void setCertificate(X509Certificate cert)
-                throws CertificateEncodingException, IOException {
-            ASN1InputStream s = new ASN1InputStream(cert.getEncoded());
-            certificate = s.readObject();
-            publicKey = cert.getPublicKey();
-        }
-
-        public byte[] sign(PrivateKey key, InputStream is, int len) throws Exception {
-            Signature signer = Signature.getInstance(CryptoUtils.getSignatureAlgorithm(key));
-            signer.initSign(key);
-            int read;
-            byte buffer[] = new byte[4096];
-            while ((read = is.read(buffer, 0, Math.min(len, buffer.length))) > 0) {
-                signer.update(buffer, 0, read);
-                len -= read;
-            }
-            signer.update(getEncodedAuthenticatedAttributes());
-            return signer.sign();
-        }
-
-        public boolean verify(byte[] image, int length) throws Exception {
-            if (this.length.getValue().intValue() != length) {
-                throw new IllegalArgumentException("Invalid image length");
-            }
-            String algName = CryptoUtils.ID_TO_ALG.get(algId.getAlgorithm().getId());
-            if (algName == null) {
-                throw new IllegalArgumentException("Unsupported algorithm " + algId.getAlgorithm());
-            }
-            Signature verifier = Signature.getInstance(algName);
-            verifier.initVerify(publicKey);
-            verifier.update(image, 0, length);
-            verifier.update(getEncodedAuthenticatedAttributes());
-            return verifier.verify(signature.getOctets());
-        }
-
-        @Override
-        public ASN1Primitive toASN1Primitive() {
-            ASN1EncodableVector v = new ASN1EncodableVector();
-            v.add(formatVersion);
-            v.add(certificate);
-            v.add(algId);
-            v.add(getAuthenticatedAttributes());
-            v.add(signature);
-            return new DERSequence(v);
-        }
-
-    }
-
-    public static void main(String[] args) throws Exception {
-        if (args.length > 0 && "-verify".equals(args[0])) {
-            X509Certificate cert = null;
-            if (args.length >= 2) {
-                // args[1] is the path to a public key certificate
-                cert = CryptoUtils.readCertificate(new FileInputStream(args[1]));
-            }
-            boolean signed = SignBoot.verifySignature(System.in, cert);
-            System.exit(signed ? 0 : 1);
-        } else if (args.length > 0 && "-sign".equals(args[0])) {
-            X509Certificate cert = null;
-            PrivateKey key = null;
-            String name = "/boot";
-
-            if (args.length >= 3) {
-                cert = CryptoUtils.readCertificate(new FileInputStream(args[1]));
-                key = CryptoUtils.readPrivateKey(new FileInputStream(args[2]));
-            }
-            if (args.length == 2) {
-                name = args[1];
-            } else if (args.length >= 4) {
-                name = args[3];
-            }
-
-            boolean result = SignBoot.doSignature(cert, key, System.in, System.out, name);
-            System.exit(result ? 0 : 1);
-        } else {
-            System.err.println(
-                    "BootSigner <actions> [args]\n" +
-                    "Input from stdin, output to stdout\n" +
-                    "\n" +
-                    "Actions:\n" +
-                    "   -verify [x509.pem]\n" +
-                    "      verify image. cert is optional.\n" +
-                    "   -sign [x509.pem] [pk8] [name]\n" +
-                    "      sign image. name and the cert/key pair are optional.\n" +
-                    "      name should be either /boot (default) or /recovery.\n"
-            );
-        }
-    }
-
-}
--- a/buildSrc/src/main/java/Codegen.kt
+++ b/buildSrc/src/main/java/Codegen.kt
@ -64,19 +64,6 @@ private fun PrintStream.byteField(name: String, bytes: ByteArray) {
    println("}")
 }

-fun genKeyData(keysDir: File, outSrc: File) {
-    outSrc.parentFile.mkdirs()
-    PrintStream(outSrc).use {
-        it.println("package com.topjohnwu.magisk.signing;")
-        it.println("public final class KeyData {")
-
-        it.byteField("verityCert", File(keysDir, "verity.x509.pem").readBytes())
-        it.byteField("verityKey", File(keysDir, "verity.pk8").readBytes())
-
-        it.println("}")
-    }
-}
-
@CacheableTask
 abstract class ManifestUpdater: DefaultTask() {
    @get:Input
--- a/buildSrc/src/main/java/Setup.kt
+++ b/buildSrc/src/main/java/Setup.kt
@ -305,19 +305,6 @@ fun Project.setupApp() {
            }
        }
        mergeAssetsProvider.configure { dependsOn(syncAssets) }
-
-        val keysDir = rootProject.file("tools/keys")
-        val outSrcDir = File(buildDir, "generated/source/keydata/$name")
-        val outSrc = File(outSrcDir, "com/topjohnwu/magisk/signing/KeyData.java")
-
-        val genSrcTask = tasks.register("generate${variantCapped}KeyData") {
-            inputs.dir(keysDir)
-            outputs.file(outSrc)
-            doLast {
-                genKeyData(keysDir, outSrc)
-            }
-        }
-        registerJavaGeneratingTask(genSrcTask, outSrcDir)
    }
 }

--- a/scripts/addon.d.sh
+++ b/scripts/addon.d.sh
@ -109,7 +109,6 @@ main() {
  ui_print "- Device platform: $ABI"

  remove_system_su
-  find_magisk_apk
  install_magisk

  # Cleanups
--- a/scripts/flash_script.sh
+++ b/scripts/flash_script.sh
@ -11,7 +11,6 @@
 umask 022

 OUTFD=$2
-APK="$3"
 COMMONDIR=$INSTALLER/assets
 CHROMEDIR=$INSTALLER/assets/chromeos

--- a/scripts/uninstaller.sh
+++ b/scripts/uninstaller.sh
@ -11,7 +11,6 @@
 umask 022

 OUTFD=$2
-APK="$3"
 COMMONDIR=$INSTALLER/assets
 CHROMEDIR=$INSTALLER/assets/chromeos

--- a/scripts/util_functions.sh
+++ b/scripts/util_functions.sh
@ -185,7 +185,7 @@ recovery_actions() {
 recovery_cleanup() {
  local DIR
  ui_print "- Unmounting partitions"
-  (umount_apex
+  (
  if [ ! -d /postinstall/tmp ]; then
    umount -l /system
    umount -l /system_root
@ -199,7 +199,8 @@ recovery_cleanup() {
      mv -f ${DIR}_link $DIR
    fi
  done
-  umount -l /dev/random) 2>/dev/null
+  umount -l /dev/random
+  ) 2>/dev/null
  [ -z $OLD_LD_LIB ] || export LD_LIBRARY_PATH=$OLD_LD_LIB
  [ -z $OLD_LD_PRE ] || export LD_PRELOAD=$OLD_LD_PRE
  [ -z $OLD_LD_CFG ] || export LD_CONFIG_FILE=$OLD_LD_CFG
@ -306,92 +307,7 @@ mount_partitions() {
    SYSTEM_ROOT=false
    grep ' / ' /proc/mounts | grep -qv 'rootfs' || grep -q ' /system_root ' /proc/mounts && SYSTEM_ROOT=true
  fi
-  # /vendor is used only on some older devices for recovery AVBv1 signing so is not critical if fails
-  [ -L /system/vendor ] && mount_name vendor$SLOT /vendor '-o ro'
  $SYSTEM_ROOT && ui_print "- Device is system-as-root"
-
-  # Allow /system/bin commands (dalvikvm) on Android 10+ in recovery
-  $BOOTMODE || mount_apex
-}
-
-# loop_setup <ext4_img>, sets LOOPDEV
-loop_setup() {
-  unset LOOPDEV
-  local LOOP
-  local MINORX=1
-  [ -e /dev/block/loop1 ] && MINORX=$(stat -Lc '%T' /dev/block/loop1)
-  local NUM=0
-  while [ $NUM -lt 64 ]; do
-    LOOP=/dev/block/loop$NUM
-    [ -e $LOOP ] || mknod $LOOP b 7 $((NUM * MINORX))
-    if losetup $LOOP "$1" 2>/dev/null; then
-      LOOPDEV=$LOOP
-      break
-    fi
-    NUM=$((NUM + 1))
-  done
-}
-
-mount_apex() {
-  $BOOTMODE || [ ! -d /system/apex ] && return
-  local APEX DEST
-  setup_mntpoint /apex
-  mount -t tmpfs tmpfs /apex -o mode=755
-  local PATTERN='s/.*"name":[^"]*"\([^"]*\).*/\1/p'
-  for APEX in /system/apex/*; do
-    if [ -f $APEX ]; then
-      # handle CAPEX APKs, extract actual APEX APK first
-      unzip -qo $APEX original_apex -d /apex
-      [ -f /apex/original_apex ] && APEX=/apex/original_apex # unzip doesn't do return codes
-      # APEX APKs, extract and loop mount
-      unzip -qo $APEX apex_payload.img -d /apex
-      DEST=$(unzip -qp $APEX apex_manifest.pb | strings | head -n 1 | tr -dc '[:alnum:].-_\n')
-      [ -z $DEST ] && DEST=$(unzip -qp $APEX apex_manifest.json | sed -n $PATTERN)
-      [ -z $DEST ] && continue
-      DEST=/apex/$DEST
-      mkdir -p $DEST
-      loop_setup /apex/apex_payload.img
-      if [ ! -z $LOOPDEV ]; then
-        ui_print "- Mounting $DEST"
-        mount -t ext4 -o ro,noatime $LOOPDEV $DEST
-      fi
-      rm -f /apex/original_apex /apex/apex_payload.img
-    elif [ -d $APEX ]; then
-      # APEX folders, bind mount directory
-      if [ -f $APEX/apex_manifest.json ]; then
-        DEST=/apex/$(sed -n $PATTERN $APEX/apex_manifest.json)
-      elif [ -f $APEX/apex_manifest.pb ]; then
-        DEST=/apex/$(strings $APEX/apex_manifest.pb | head -n 1 | tr -dc '[:alnum:].-_\n')
-      else
-        continue
-      fi
-      mkdir -p $DEST
-      ui_print "- Mounting $DEST"
-      mount -o bind $APEX $DEST
-    fi
-  done
-  export ANDROID_RUNTIME_ROOT=/apex/com.android.runtime
-  export ANDROID_TZDATA_ROOT=/apex/com.android.tzdata
-  export ANDROID_ART_ROOT=/apex/com.android.art
-  export ANDROID_I18N_ROOT=/apex/com.android.i18n
-  local APEXJARS=$(find /apex -name '*.jar' | sort | tr '\n' ':')
-  local FWK=/system/framework
-  export BOOTCLASSPATH=${APEXJARS}\
-$FWK/framework.jar:$FWK/ext.jar:$FWK/telephony-common.jar:\
-$FWK/voip-common.jar:$FWK/ims-common.jar:$FWK/telephony-ext.jar
-}
-
-umount_apex() {
-  [ -d /apex ] || return
-  umount -l /apex
-  for loop in /dev/block/loop*; do
-    losetup -d $loop 2>/dev/null
-  done
-  unset ANDROID_RUNTIME_ROOT
-  unset ANDROID_TZDATA_ROOT
-  unset ANDROID_ART_ROOT
-  unset ANDROID_I18N_ROOT
-  unset BOOTCLASSPATH
 }

 # After calling this method, the following variables will be set:
@ -452,16 +368,11 @@ find_boot_image() {
 }

 flash_image() {
+  local CMD1
  case "$1" in
    *.gz) CMD1="gzip -d < '$1' 2>/dev/null";;
    *)    CMD1="cat '$1'";;
  esac
-  if $BOOTSIGNED; then
-    CMD2="$BOOTSIGNER -sign"
-    ui_print "- Sign image with verity keys"
-  else
-    CMD2="cat -"
-  fi
  if [ -b "$2" ]; then
    local img_sz=$(stat -c '%s' "$1")
    local blk_sz=$(blockdev --getsize64 "$2")
@ -469,13 +380,13 @@ flash_image() {
    blockdev --setrw "$2"
    local blk_ro=$(blockdev --getro "$2")
    [ "$blk_ro" -eq 1 ] && return 2
-    eval "$CMD1" | eval "$CMD2" | cat - /dev/zero > "$2" 2>/dev/null
+    eval "$CMD1" | cat - /dev/zero > "$2" 2>/dev/null
  elif [ -c "$2" ]; then
    flash_eraseall "$2" >&2
-    eval "$CMD1" | eval "$CMD2" | nandwrite -p "$2" - >&2
+    eval "$CMD1" | nandwrite -p "$2" - >&2
  else
    ui_print "- Not block or char device, storing image"
-    eval "$CMD1" | eval "$CMD2" > "$2" 2>/dev/null
+    eval "$CMD1" > "$2" 2>/dev/null
  fi
  return 0
 }
@ -484,11 +395,6 @@ flash_image() {
 install_magisk() {
  cd $MAGISKBIN

-  if [ ! -c $BOOTIMAGE ]; then
-    eval $BOOTSIGNER -verify < $BOOTIMAGE && BOOTSIGNED=true
-    $BOOTSIGNED && ui_print "- Boot image is signed with AVB 1.0"
-  fi
-
  # Source the boot patcher
  SOURCEDMODE=true
  . ./boot_patch.sh "$BOOTIMAGE"
@ -596,19 +502,6 @@ check_data() {
  $DATA_DE && set_nvbase "/data/adb"
 }

-find_magisk_apk() {
-  local DBAPK
-  [ -z $APK ] && APK=/data/app/com.topjohnwu.magisk*/base.apk
-  [ -f $APK ] || APK=/data/app/*/com.topjohnwu.magisk*/base.apk
-  if [ ! -f $APK ]; then
-    DBAPK=$(magisk --sqlite "SELECT value FROM strings WHERE key='requester'" 2>/dev/null | cut -d= -f2)
-    [ -z $DBAPK ] && DBAPK=$(strings $NVBASE/magisk.db | grep -oE 'requester..*' | cut -c10-)
-    [ -z $DBAPK ] || APK=/data/user_de/0/$DBAPK/dyn/current.apk
-    [ -f $APK ] || [ -z $DBAPK ] || APK=/data/data/$DBAPK/dyn/current.apk
-  fi
-  [ -f $APK ] || ui_print "! Unable to detect Magisk app APK for BootSigner"
-}
-
 run_migrations() {
  local LOCSHA1
  local TARGET
@ -830,8 +723,3 @@ install_module() {

 TMPDIR=/dev/tmp
 set_nvbase "/data/adb"
-
-# Bootsigner related stuff
-BOOTSIGNERCLASS=com.topjohnwu.magisk.signing.SignBoot
-BOOTSIGNER='/system/bin/dalvikvm -Xnoimage-dex2oat -cp $APK $BOOTSIGNERCLASS'
-BOOTSIGNED=false