X6833B: Re-configure AVB flags to match stock

* We have a very, very broken bootloader. LK is extremely
  fussy about our AVB setup, and if either --flags 3 is set
  (hashtree verification disabled), or the wrong AVB algorithm
  is used, it will cause the bootloader to crash shortly after
  loading the boot image, which can be seen from the bootloader logs:

* [1111] [avb] img_auth_required = 0
  [1116] invalid pubk size
  [1116] avb_slot_verify.c[1116] :[1116] 851[1116] : ERROR: [1116] vbmeta_a[1116] : Public key used to sign data rejected.
  [1370] [AVB20] malloc: heap size not enough
  [1370] avb_util.c[1370] :[1370] 224[1370] : ERROR: [1370] Failed to allocate memory.
  [1370] [avb] boot/recovery vfy time = 270 ms
  [1370] mblock_create mblock start: 0xb0c00000 size: 0x8c00000 name: avb
  [1371] [avb] avb_ret = 1
  [1371] [avb] ret = 0
  [6694] panic (caller 0x4822b7f1): ASSERT at (platform/common/boot/boot_info.c:616): g_boot_info.hdr_loaded

* Re-enable hashtree verification and match the AVB algorithm
  with what MediaTek does on stock. Also create vbmeta images
  for system, product and vendor partitions since that is done
  as well. Use test keys for signing to make our lives easier.

* Also change BOARD_AVB_RECOVERY* to BOARD_AVB_BOOT*, AVB
  recovery flags are no-ops on A/B devices since the recovery
  ramdisk is in the boot image, so we should be enabling
  chained vbmeta for boot instead.

Change-Id: I66c03f819178d00db956095e835e8e304ab1aab7
Signed-off-by: bengris32 <bengris32@protonmail.ch>
Signed-off-by: dodyirawan85 <40514988+dodyirawan85@users.noreply.github.com>

BoardConfig.mk

@@ -115,11 +115,25 @@ VENDOR_SECURITY_PATCH := 2023-10-05
 
 # Verified Boot
 BOARD_AVB_ENABLE := true
-BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3
+BOARD_AVB_ALGORITHM := SHA256_RSA2048
-BOARD_AVB_RECOVERY_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
+BOARD_AVB_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
-BOARD_AVB_RECOVERY_ALGORITHM := SHA256_RSA4096
+
-BOARD_AVB_RECOVERY_ROLLBACK_INDEX := 1
+BOARD_AVB_BOOT_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
-BOARD_AVB_RECOVERY_ROLLBACK_INDEX_LOCATION := 1
+BOARD_AVB_BOOT_ALGORITHM := SHA256_RSA2048
+BOARD_AVB_BOOT_ROLLBACK_INDEX := 1
+BOARD_AVB_BOOT_ROLLBACK_INDEX_LOCATION := 1
+
+BOARD_AVB_VBMETA_SYSTEM := product system
+BOARD_AVB_VBMETA_SYSTEM_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
+BOARD_AVB_VBMETA_SYSTEM_ALGORITHM := SHA256_RSA2048
+BOARD_AVB_VBMETA_SYSTEM_ROLLBACK_INDEX := 1
+BOARD_AVB_VBMETA_SYSTEM_ROLLBACK_INDEX_LOCATION := 2
+
+BOARD_AVB_VBMETA_VENDOR := vendor
+BOARD_AVB_VBMETA_VENDOR_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
+BOARD_AVB_VBMETA_VENDOR_ALGORITHM := SHA256_RSA2048
+BOARD_AVB_VBMETA_VENDOR_ROLLBACK_INDEX := 1
+BOARD_AVB_VBMETA_VENDOR_ROLLBACK_INDEX_LOCATION := 3
 
 # VNDK
 BOARD_VNDK_VERSION := current