Thanks Mimi. Any plan for zip archive format support. Also when using EVM, the files has to be signed on target. So after new files has been flashed on device during OTA, does private key also needs to be present on system. On Wed, Jan 9, 2019 at 2:28 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > On Tue, 2019-01-08 at 06:56 +0530, rishi gupta wrote: > > Hi Team, > > > > Android and android recovery based implementation for Linux, generates > > ota package which is a zipped archive. > > > > I observed that xattr gets dropped when creating zip archive and > > therefore after OTA system will not boot if IMA_APPRAISE_SIGNED_INIT > > is used. > > > > This essentially means that IMA may not be used in commercial products > > requiring OTA or I missed something or there is a workaround to such > > problem. > > > > https://source.android.com/devices/tech/ota/tools > > Ok. Some applications support xattrs (eg. RPM, tar); others don't > (eg. Debian packages, CPIO/initramfs). We worked with the RPM > community to add xattr support. Multiple attempts have been made to > add xattr support to Debian packages. > > Mimi >