History log of /system/core/fs_mgr/fs_mgr_verity.c
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
3fd58ae7e57344ff4c1671c1f12dbc7094171538 03-Jun-2015 Sami Tolvanen <samitolvanen@google.com> fs_mgr: Use ro.boot.veritymode

If verity state is managed by bootloader, it will pass the verity
mode to the kernel in the androidboot.veritymode command line
parameter. Init copies the value to the ro.boot.veritymode property.

Check for ro.boot.veritymode in fs_mgr and use the value to set
dm-verity mode. If this property is not set, store verity state in
metadata as before, if a storage location is specified in fstab.

Bug: 21605676
Change-Id: Ife3c978c133248432c302583d3b70e179605fe42
(cherry picked from commit ac5c1224cfc959b96f7a34068a807db9aaab9358)
/system/core/fs_mgr/fs_mgr_verity.c
9fc834377297cb2dcc418e4ce7e38e89dd09812b 16-May-2015 Elliott Hughes <enh@google.com> Don't use TEMP_FAILURE_RETRY on close in system/core.

Bug: http://b/20501816
Change-Id: I1839b48ee4f891b8431ecb809e37a4566a5b3e50
(cherry picked from commit 47b0134ec2b5e8c8b5b5671cd4a3e41261275532)
/system/core/fs_mgr/fs_mgr_verity.c
030ef35966ab30bc36f1a047df4fd45e466427ef 09-Apr-2015 Mohamad Ayyash <mkayyash@google.com> Revert "Revert "fs_mgr_verity: Add support for squashfs""

This reverts commit 7b97c7a3fa0f1bdae5b45a70f625ff48f9dab0c1.

Change-Id: Id47e70479fe9247b7936f2e54d4dbfbb4f63f635
/system/core/fs_mgr/fs_mgr_verity.c
e322ae1996fd52e1c4d8fdbe29f4631d4bd936a3 08-Apr-2015 Mohamad Ayyash <mkayyash@google.com> Merge "Revert "fs_mgr_verity: Add support for squashfs""
7b97c7a3fa0f1bdae5b45a70f625ff48f9dab0c1 08-Apr-2015 Mohamad Ayyash <mkayyash@google.com> Revert "fs_mgr_verity: Add support for squashfs"

This reverts commit 807f47004f03653997edbe3c83d46350cb056cd4.

Change-Id: I2d7972c0828c842b44747dd08fbe44668f2a55db
/system/core/fs_mgr/fs_mgr_verity.c
70f81ceeeb1c88a164b0e02e05110043ceef8885 08-Apr-2015 Mohamad Ayyash <mkayyash@google.com> Merge "fs_mgr_verity: Add support for squashfs"
807f47004f03653997edbe3c83d46350cb056cd4 07-Apr-2015 Mohamad Ayyash <mkayyash@google.com> fs_mgr_verity: Add support for squashfs

- Cleanup the code to get filesystem size in a block device
- Add support to reading size of squashfs in a block device

Change-Id: I3848a705ed4dc2fc9afad20331f0fdecfee545c5
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
/system/core/fs_mgr/fs_mgr_verity.c
6122edbac4d8740a221ced304c25d5a7a048d9f5 31-Mar-2015 Sami Tolvanen <samitolvanen@google.com> Restore verity state when verified partition is reflashed

Store verity state separately for each verified partition, and store
a hash of the last verity table signature for each partition. If the
signature changes, assume the partition has been reflashed and reset
verity state.

Bug: 20006638
Change-Id: I1c85fb816bfec1a54b1033c938bf1fdaf572f849
/system/core/fs_mgr/fs_mgr_verity.c
454742392f72079dbdb0d23ea24e01b5703c1aa5 30-Mar-2015 Sami Tolvanen <samitolvanen@google.com> Set verity mode as the verified property value

Set the verity mode as the value for partition.%s.verified to make it
easier for userspace to determine in which mode dm-verity was started.

Change-Id: Icc635515f8a8ede941277aed196867351d8387cb
/system/core/fs_mgr/fs_mgr_verity.c
4d3ead9d7c08d2bb0f3af2166b72f57e6e1755e0 26-Mar-2015 Sami Tolvanen <samitolvanen@google.com> Fix build

Fix build breakage in aosp_fugu-userdebug_clang (linux) caused
by Id8711f7d51dc1e4e9a4d84f9951240f64528e69d

Change-Id: Icd04aeaf131be045cf5788846ae9832e6cbbb944
/system/core/fs_mgr/fs_mgr_verity.c
946a0f3e1925c8cc9be08e3e34758d577cbe7f31 22-Mar-2015 Sami Tolvanen <samitolvanen@google.com> Use structured format for verity metadata

Specify the location of verity metadata in fstab, and use a
type-length-value format for the metadata that allows other
data to be stored in the same location in an extensible way.

Change-Id: Id8711f7d51dc1e4e9a4d84f9951240f64528e69d
/system/core/fs_mgr/fs_mgr_verity.c
acbf9bef43bc650ed84ba891183ebdf689dafb64 19-Mar-2015 Sami Tolvanen <samitolvanen@google.com> Add init command to set verified properties

Add a command that updates dm-verity state and sets partition.%.verified
properties used by adb remount.

This is needed in init since fs_mgr cannot set properties:
I6a28cccb1ccce960841af20a4b20c32d424b5524

Change-Id: I0fdf5bc29c56690dcadff9d0eb216d3c68483538
/system/core/fs_mgr/fs_mgr_verity.c
9fabbbfb03a877e13936b8829e4641cf1b9aebb7 11-Mar-2015 Sami Tolvanen <samitolvanen@google.com> Merge "Do not call libcutils property_set in init through libfs_mgr"
86cddf40741024961839dbbcfa005e908314e681 05-Mar-2015 Sami Tolvanen <samitolvanen@google.com> Do not call libcutils property_set in init through libfs_mgr

Both init and libcutils define a property_set function. The init
version sets the property directly while libcutils simply calls
__system_property_set, which sends a message to init to set the
property.

Since libfs_mgr is statically linked to libcutils, any calls to
property_set end up sending a message to init and waiting for a
response. When libfs_mgr is further statically linked to init,
this leads to init sending a message to itself when property_set
is called in fs_mgr.

Because send_prop_msg in bionic only waits for a response for
250ms, this does not cause a deadlock. However, using libcutils
to set a property in the init process is hardly a good idea.

This change removes the property_set call from fs_mgr_verity.c.
If this property is required later, it should be set elsewhere.

Change-Id: I6a28cccb1ccce960841af20a4b20c32d424b5524
/system/core/fs_mgr/fs_mgr_verity.c
8c2c089ae2b9e07131e4125da9c44387954d04f5 04-Mar-2015 Andreas Gampe <agampe@google.com> am 291ce5b8: Merge "Fs_mgr: Fix format code"

* commit '291ce5b82d8a504be69132f1827e20041833c488':
Fs_mgr: Fix format code
6904e0c263a02f08c9c6f555dceafa2cce467954 04-Mar-2015 Sami Tolvanen <samitolvanen@google.com> am a88fb24a: Merge "Add fs_mgr support for dm-verity modes"

* commit 'a88fb24ab43eec9710a0d4d15aedb6d4bc51a2ec':
Add fs_mgr support for dm-verity modes
eb69e857685a086538020b59396ee3fea4ba6c93 04-Mar-2015 Andreas Gampe <agampe@google.com> Fs_mgr: Fix format code

Suggested printing for off_t is to cast to intmax_t and print that.

Follow-up to https://android-review.googlesource.com/133111.

Change-Id: Icff6844044c3d0fa6372c3f399453a526fd89954
/system/core/fs_mgr/fs_mgr_verity.c
a88fb24ab43eec9710a0d4d15aedb6d4bc51a2ec 04-Mar-2015 Sami Tolvanen <samitolvanen@google.com> Merge "Add fs_mgr support for dm-verity modes"
51bf11ad95aa871e4131edf4d9d72cc7c7034cdc 16-Feb-2015 Sami Tolvanen <samitolvanen@google.com> Add fs_mgr support for dm-verity modes

Add support for dm-verity modes and storing persistent state in
a location specified by the following properties:

ro.verity.state.location
ro.verity.state.offset

If these properties do not exist, dm-verity is always loaded in
EIO mode. If the properties do exist, but the location does not
have valid state data, dm-verity is loaded in RESTART mode. The
mode is updated to LOGGING if a dm-verity triggered restart has
occurred.

Change-Id: Ibb82953594d234f81ad21c40f524190b88e4ac8f
/system/core/fs_mgr/fs_mgr_verity.c
622d44d86481295660534cd06a8b5914466acf29 28-Feb-2015 Sami Tolvanen <samitolvanen@google.com> am fbb3f8ca: Merge "Set underlying block device RO when enabling verity"

* commit 'fbb3f8ca499b04c82437155f87c8666cad607c6b':
Set underlying block device RO when enabling verity
214f33b8c095feedfdbaa680ff6ffb763f47d375 18-Dec-2014 Sami Tolvanen <samitolvanen@google.com> Set underlying block device RO when enabling verity

Currently, when verity is set up on a block device, the underlying
device is still accessible directly. Change the existing function
fs_set_blk_ro visible to other fs_mgr modules, change the behavior
to match the comment above the function definition, and call it to
disable write access to the block device when setting up verity.

Bug: 18609347
Change-Id: I7884175df15f9161174788d74d20a08e4cd472ca
/system/core/fs_mgr/fs_mgr_verity.c
0cc8da09473affeb8a396b92813e5f8ce5500292 19-Feb-2015 Bill Yi <byi@google.com> Merge commit '9c1bc6bbc82e3e4f005e9fcacfca94b2dd82ca31' into HEAD
e2d63af002a3b494f6bd464f2652b6e1997e7a52 18-Feb-2015 Yabin Cui <yabinc@google.com> Move sprintf to snprintf.

Bug: 19340053
Change-Id: Id0d866e6195ed4752b4be6081eeb2aab8b1dbe9a
/system/core/fs_mgr/fs_mgr_verity.c
9ccf0cbaf1059ac07058f290d1dd83d3b50a9f24 10-Dec-2014 Elliott Hughes <enh@google.com> am a97c1075: Merge "Fix Nick\'s nits"

* commit 'a97c10755442e3800c0b1011d986d554ce2096db':
Fix Nick's nits
603c7d0d95e6d406004da58287c60568fab4d1be 10-Dec-2014 Elliott Hughes <enh@google.com> am 294e610f: Merge "Fix verity on system partitions larger than 2G"

* commit '294e610f886eeb839d16172bb5b98559a6a7434d':
Fix verity on system partitions larger than 2G
88a12fb381875639e5c381b333bcfeaf83b1efbf 09-Oct-2014 Paul Lawrence <paullawrence@google.com> Fix Nick's nits

(cherry-pick of 97e487311b1cb780dfd3b0994917c72047d6188f.)

Change-Id: Ide7925e7ad328f0343d444d63ff72f1a26206d4c
/system/core/fs_mgr/fs_mgr_verity.c
02c698d93f627e92795234eb8a78fad585a2f191 25-Oct-2014 Sami Tolvanen <samitolvanen@google.com> Fix verity on system partitions larger than 2G

If the system partition is larger than 2G, the device fails to read
verity metadata, because fseek accepts only a 32-bit signed offset.
Switch from fseek to lseek64 to allow seeking using a 64-bit offset,
which solves the problem. At the same time, move away from stdio in
the function.

(cherry-pick of 4cafe2ff89b49329e0e880900195d8e061bd3750.)

Bug: 17705619
Change-Id: I226320498dcb750ec6cde84411c7fe0774c9cab7
/system/core/fs_mgr/fs_mgr_verity.c
32e9163b2ab439d3313adf8c03441e4ddfe0bb36 10-Dec-2014 Elliott Hughes <enh@google.com> resolved conflicts for merge of b471f524 to lmp-mr1-dev-plus-aosp

Change-Id: I6efd0d4a0ece0b065d02796916355ad5ae8b4eea
ec900bba20630934dc51a1b3a57d6d7a30fed325 09-Oct-2014 Paul Lawrence <paullawrence@google.com> Revert "Revert "Enable verity on userdebug, and add disable-verity to adb""

This reverts commit 152d2d4234ba89e0c20c4af13e291b6049a7bc33.

Fixed build error, and also fixed memory leak spotted from warning.

(cherry-pick of bbb36319119edde9377fb80015235893c30d2bc9.)

Bug: 17691572
Change-Id: I23b5ba537f7b557432041d4338b38b9be434e981
/system/core/fs_mgr/fs_mgr_verity.c
99184bab35c0b88dfc70c8be1d88cfb100dbf4cd 14-Nov-2014 Sami Tolvanen <samitolvanen@google.com> am 72f0d92c: DO NOT MERGE: Do not mount devices with invalid verity metadata

* commit '72f0d92c722447e0c87cfe765516a7352db3d51a':
DO NOT MERGE: Do not mount devices with invalid verity metadata
2dfadac1569126d72b2da42233afc908b7ec10a7 14-Nov-2014 Sami Tolvanen <samitolvanen@google.com> am 9573a13b: DO NOT MERGE: Switch fs_mgr to use SHA-256 instead of SHA-1

* commit '9573a13bbc015c555adff1e4e0fbef2a18963111':
DO NOT MERGE: Switch fs_mgr to use SHA-256 instead of SHA-1
72f0d92c722447e0c87cfe765516a7352db3d51a 07-Nov-2014 Sami Tolvanen <samitolvanen@google.com> DO NOT MERGE: Do not mount devices with invalid verity metadata

The return value of read_verity_metadata is propagated to caller
even if the verity metadata is invalid, provided that it can be
read from the device. This results in devices with invalid verity
metadata signatures to be mounted normally, which is not desirable.
This change fixes the bug by changing the return value in case of
verification failure to FS_MGR_SETUP_VERITY_FAIL.

Bug: 15984840
Bug: 18120110
Change-Id: Ic29f37a23cb417c2538d60fb05de9dd310d50f4a
(cherry picked from commit c95e9da39660f278ace4b14d688dc6818d1a38bf)
/system/core/fs_mgr/fs_mgr_verity.c
9573a13bbc015c555adff1e4e0fbef2a18963111 07-Nov-2014 Sami Tolvanen <samitolvanen@google.com> DO NOT MERGE: Switch fs_mgr to use SHA-256 instead of SHA-1

Verity metadata signatures will be switched to SHA-256. Switch
fs_mgr signature verification to use the correct algorithm.

Needs matching changes from
https://googleplex-android-review.git.corp.google.com/#/c/579905/
https://googleplex-android-review.git.corp.google.com/#/c/583213/
https://googleplex-android-review.git.corp.google.com/#/c/583214/
https://googleplex-android-review.git.corp.google.com/#/c/583233/

Bug: 15984840
Bug: 18120110
Bug: 17917515
Change-Id: I8f90519bffa105a0eb7abeaad3aea1ffceb851e2
(cherry picked from commit a3465e250cfc3c00931735711e11ad61cf84d8b2)
/system/core/fs_mgr/fs_mgr_verity.c
7a59c852c23695e2629ec52a70816a0f976868c2 31-Oct-2014 Sami Tolvanen <samitolvanen@google.com> am 4cafe2ff: Fix verity on system partitions larger than 2G

* commit '4cafe2ff89b49329e0e880900195d8e061bd3750':
Fix verity on system partitions larger than 2G
4cafe2ff89b49329e0e880900195d8e061bd3750 25-Oct-2014 Sami Tolvanen <samitolvanen@google.com> Fix verity on system partitions larger than 2G

If the system partition is larger than 2G, the device fails to read
verity metadata, because fseek accepts only a 32-bit signed offset.
Switch from fseek to lseek64 to allow seeking using a 64-bit offset,
which solves the problem. At the same time, move away from stdio in
the function.

Bug: 17705619
Change-Id: I226320498dcb750ec6cde84411c7fe0774c9cab7
/system/core/fs_mgr/fs_mgr_verity.c
a1ab5a8ecf4fe806732e9ecec0c471a7a7329ea9 10-Oct-2014 Paul Lawrence <paullawrence@google.com> am 97e48731: Fix Nick\'s nits

* commit '97e487311b1cb780dfd3b0994917c72047d6188f':
Fix Nick's nits
6e9857da67d46d658e28f73500f08182a9b15b7e 10-Oct-2014 Paul Lawrence <paullawrence@google.com> resolved conflicts for merge of bbb36319 to lmp-mr1-dev-plus-aosp

Change-Id: I6b62347c3acfda7c2c954e719547021009d20c01
c638c6647d0a8e30b2e176e36b1c08ef57766f06 10-Oct-2014 Paul Lawrence <paullawrence@google.com> resolved conflicts for merge of a49bfc0d to lmp-mr1-dev-plus-aosp

Change-Id: I9ff777a6309aab2b5b18323dd4ee7617cb1c3180
cc496dbcd709230c35016e3d84ad06d1e44de9b8 09-Oct-2014 Paul Lawrence <paullawrence@google.com> resolved conflicts for merge of ae413a71 to lmp-mr1-dev-plus-aosp

Change-Id: Icdc9306b460c116441aad21bfcf3ab549224a141
97e487311b1cb780dfd3b0994917c72047d6188f 09-Oct-2014 Paul Lawrence <paullawrence@google.com> Fix Nick's nits

Change-Id: Ide7925e7ad328f0343d444d63ff72f1a26206d4c
/system/core/fs_mgr/fs_mgr_verity.c
bbb36319119edde9377fb80015235893c30d2bc9 09-Oct-2014 Paul Lawrence <paullawrence@google.com> Revert "Revert "Enable verity on userdebug, and add disable-verity to adb""

This reverts commit 152d2d4234ba89e0c20c4af13e291b6049a7bc33.

Fixed build error, and also fixed memory leak spotted from warning.

Bug: 17691572
Change-Id: I23b5ba537f7b557432041d4338b38b9be434e981
/system/core/fs_mgr/fs_mgr_verity.c
3e64bf45e65641c0dd946de6eefa552718f14c1c 09-Oct-2014 Mark Salyzyn <salyzyn@google.com> am af191cd1: am 6b66025f: Merge "fs_mgr: fix build breakage"

* commit 'af191cd157f076ee5d99890711e2881a60d7770a':
fs_mgr: fix build breakage
ee80cf87553be3f21223b12d2118a252e75acf02 09-Oct-2014 Mark Salyzyn <salyzyn@google.com> am af191cd1: am 6b66025f: Merge "fs_mgr: fix build breakage"

* commit 'af191cd157f076ee5d99890711e2881a60d7770a':
fs_mgr: fix build breakage
152d2d4234ba89e0c20c4af13e291b6049a7bc33 09-Oct-2014 Nick Kralevich <nnk@google.com> Revert "Enable verity on userdebug, and add disable-verity to adb"

Build is broken.

system/core/fs_mgr/fs_mgr_verity.c: In function 'fs_mgr_setup_verity':
system/core/fs_mgr/fs_mgr_verity.c:103:20: error: 'verity_table_signature' may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (!RSA_verify(key,
^
system/core/fs_mgr/fs_mgr_verity.c:374:11: note: 'verity_table_signature' was declared here
char *verity_table_signature;
^
cc1: all warnings being treated as errors
make: *** [out/target/product/minnow/obj/STATIC_LIBRARIES/libfs_mgr_intermediates/fs_mgr_verity.o] Error 1
make: *** Waiting for unfinished jobs....

This reverts commit d4cea0bc16d1ad96cc6d6177232d7b339785460c.

Change-Id: I6862cc79ef9d944a2472b6fb2e46dae514cea8ce
/system/core/fs_mgr/fs_mgr_verity.c
89fa114e2a52f652bb12eca03941b269591290d3 09-Oct-2014 Mark Salyzyn <salyzyn@google.com> fs_mgr: fix build breakage

Some compilers are not as smart as other compilers

Change-Id: I9d93c73bdbd2dca37373d8a42a2ed510d0559274
/system/core/fs_mgr/fs_mgr_verity.c
d4cea0bc16d1ad96cc6d6177232d7b339785460c 07-Oct-2014 Paul Lawrence <paullawrence@google.com> Enable verity on userdebug, and add disable-verity to adb

Bug: 17691572

Change-Id: I58f588f318e7952d06a41325337d946d7c007e31
/system/core/fs_mgr/fs_mgr_verity.c
aed0769eefd99588c4d6bfb0c024244ce591fbf0 10-Sep-2014 Chih-Hung Hsieh <chh@google.com> am 04929638: am da3510b2: Merge "Avoid partial initialization warning."

* commit '049296382d3604868378c957e999ae63cf3a1f5f':
Avoid partial initialization warning.
e32b8952a630f6a125f2a151f3084b59b9074bb8 06-Sep-2014 Chih-Hung Hsieh <chh@google.com> Avoid partial initialization warning.

Clang compiler is picky about partial initialization and
here we only need to initialize the 'len' field.

BUG: 17410010
Change-Id: I718582cef96d5f4076b5ff1c7b8162327e7809b6
/system/core/fs_mgr/fs_mgr_verity.c
87f1dd5da173dcd297fa8455e0a7845572931046 08-May-2014 Mark Salyzyn <salyzyn@google.com> am af0df46d: am e6246ca6: am 01ef52e1: Merge "fs_mgr: turn on -Werror"

* commit 'af0df46d74368bb98edaadb3c09ddbc7252d3110':
fs_mgr: turn on -Werror
86e3f22b6ae048ba8c9284b4900258c3ccd17cdf 01-May-2014 Mark Salyzyn <salyzyn@google.com> fs_mgr: turn on -Werror

- deal with some -Wunused-variable issues

Change-Id: Ie0140d4777ddf862e4bbed76142a1dbb8320c1b0
/system/core/fs_mgr/fs_mgr_verity.c
05699b3e3e05b976a3de50a634b18a6f5109cf95 17-Mar-2014 Geremy Condra <gcondra@google.com> fs_mgr: Set the 'partition.*.verified' property for verified partitions.

This modifies fs_mgr to set the partition.*.verified properties.
Each of these should be used as a weak indicator that a given partition
is verified. For instance, if the 'partition.system.verified' property
is set to '1', this could indicate that the system partition is verified
and therefore should not be modified by, e.g., adb sync.

Note that these properties can be mutated by the system, and so
should not be used as the basis for security decisions.

Change-Id: I27215a3d3628a1b1e184df9eaad90541b9d8b841
/system/core/fs_mgr/fs_mgr_verity.c
a8be6279350211d610d2cf30173bd4bcb6405dfb 23-Jan-2014 Colin Cross <ccross@android.com> fs_mgr: update ext4_parse_sb to match change in ext4_utils

ext4_parse_sb now takes the struct fs_info to fill out to avoid
using the global info from external callers.

Change-Id: I0984ba01c0dbdd5b68b825817faf0c5cf5aa5510
/system/core/fs_mgr/fs_mgr_verity.c
ccecf1425412beb2bc3bb38d470293fdc244d6f1 16-Jan-2014 Elliott Hughes <enh@google.com> system/core 64-bit cleanup.

This cleans up most of the size-related problems in system/core.
There are still a few changes needed for a clean 64-bit build,
but they look like they might require changes to things like the
fastboot protocol.

Change-Id: I1560425a289fa158e13e2e3173cc3e71976f92c0
/system/core/fs_mgr/fs_mgr_verity.c
3ad3d1c4b5856d4e314febc5671c74e78a76db00 23-Feb-2013 Geremy Condra <gcondra@google.com> Add basic verity support to fs_mgr.

This change adds a "verify" fs_mgr flag specifying that
the device in question should be verified.

Devices marked with this flag are expected to have a
footer immediately after their data containing all
the information needed to set up a verity instance.

Change-Id: I10101f2c3240228ee0932e3767fe35e673d2e720
/system/core/fs_mgr/fs_mgr_verity.c