[danvittegleo]

Thanks for the response! Unfortunately, I'm personally not interested in distributing binaries of the OS for public consumption, as I think installing an OS from a unknown person on the internet is probably not the best approach for a privacy/security focused Android OS. I personally would prefer to do my own builds with my own keys so that I know what is running on my phone - hence why i created this tool. That said, it doesn't mean someone else can't spin up a public version of this setup using this tool.

[bubblethink]

>installing an OS from a unknown person on the internet

Eventually, what is needed is something like reproducible builds so that you can claim that this binary corresponds to this source tarball. I don't know where AOSP stands in that regard. The keys should be the only thing that users should ideally manage. i.e., You get the generic binary (that is known to correspond to source tarball), sign it with your keys, and flash it. Just throwing ideas. This may not be in the scope of your project.

[danvittegleo]

I like this idea and could definitely get behind something like this. The signing process is done after builds complete, so it might be possible. Although on Pixel and Pixel XL it is likely not possible as the kernel must be built with the signing key to support the earlier version of Android Verified Boot (AVB 1.0).