| 4ca2a30368a0ae150a97a07b997ddaaf3df88d4d |
|
06-Jul-2017 |
Treehugger Robot <treehugger-gerrit@google.com> |
Merge "fs_mgr: Adding logs when failing to wait for a device file"
|
| 9d344969b03fd19a6f5c485ddd7c8dd22b7d3a9d |
|
13-Jun-2017 |
Jinguang Dong <dongjinguang@huawei.com> |
fs_mgr: Adding logs when failing to wait for a device file
During mount operations, fs_mgr_wait_for_file() is invoked to
ensure the device file exists before starting to mount it. Adding
logs when the wait fails and also skip mounting as it won't be
successful. Also merge fs_mgr_test_access() and wait_for_file()
as fs_mgr_wait_for_file().
Test: Boot device and manually trigger the timeout issue
Test: Check and confirm whether timeout log info is inside ksmg.
Change-Id: Ide6d7fdca41e03e169e4400f91b7dea327985aaf
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| d1fe3bdbd6bcdc7f268f045e6b3b77de4d837a21 |
|
05-Jul-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: allow no verity metadata when the device is unlocked.
To boot with generic system.img for project Treble, we should allow no verity
metadata when the device is unlocked. The previous fix checks system property
"ro.boot.flash.locked" but it's unavailable during first stage mount.
This CL checks "androidboot.verifiedbootstate" in kernel command line instead.
Bug: 63268209
Test: boot sailfish without metadata on /vendor
Change-Id: Ifd1dbeb2a2f09cd06903ecdd59bc94b3905a3fbd
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 60f19a079203dbb187cb6af5a1c594496832c191 |
|
22-Jun-2017 |
Bowgo Tsai <bowgotsai@google.com> |
AVB: allow no metadata in the generic system.img for project Treble
The generic system.img released from project Treble can't contain any verity
metadata (e.g., vboot 1.0, AVB, or any other implementation) because it's
*generic*. To make any device can boot with it, `avbctl disable-verification`
is introduced to set a new flag AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED
in the top-level vbmeta to disable the entire AVB verification process. This
should be done prior to flash the generic system.img. See the following link
for details:
https://android-review.googlesource.com/#/c/418399/
This CL checks whether AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED is
set in the top-level vbmeta. When set, skip verifying the vbmeta structs
against androidboot.vbmeta.{hash_alg, size, digest} because it will be
absent in kernel cmdline. Also, only top-level vbmeta struct is read then
returned by libavb in this case.
Note that another flag AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED, usually
set by `adb disable-verity`, is used to signal fs_mgr to skip setting up
dm-verity, but libavb still verifies all vbmeta structs. fs_mgr will
also verify all vbmeta structs against androidboot.vbmeta.{hash_alg,
size, digest} from kernel cmdline as well.
Also rename SetUpAvb() to SetUpAvbHashtree() to better fit its usage.
This function will return kDisabled when any of the above two flags is set.
Finally, regardless of which flag is set or not set, we still only allow two
return values from avb_slot_verify():
- AVB_SLOT_VERIFY_RESULT_OK: it's still possible to get this value
when any of these flags are set in build time. e.g.,
BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS=--flags 2
- AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: in most cases we should
get this value, because the flags are likely set at run time.
Bug: 62523303
Test: boot device with 'avbctl disable-verification'.
Test: boot device with 'avbctl enable-verification'.
Test: boot device with 'adb disable-verity'.
Test: boot device with 'adb enable-verity'.
Test: build image with BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS=--flags 2, then boot device.
repeat the above steps to boot device again.
Change-Id: Ie8436f3e0e82c78490208f3b85eac5238a9fdfdb
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 6879cc1e2ee91f47fa05a01dfbce9dfef7504501 |
|
11-May-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: support different dm-verity error modes
AVB is going to support different modes to handle dm-verity errors.
See the following CL for more details:
- https://android-review.googlesource.com/#/c/392873/
The verity mode is controlled by bootloader through androidboot.veritymode in
kernel command line. fs_mgr should read the value from there and specify the
corresponding flag when loading dm-verity table into kernel.
Also removes some unused #include libraries.
Bug: 38157502
Test: Manually tested different dm verity modes:
- "restart_on_corruption" (androidboot.veritymode=enforcing)
- "ignore_corruption" (androidboot.veritymode=logging)
- None, default mode is EIO in kernel (androidboot.veritymode=eio)
Change-Id: I80e1e817a148b54fb67ba58112d376dc2cf37c98
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 7ea2c2814d10efba9fc7bc54b49293e2dfdf55fc |
|
10-May-2017 |
David Zeuthen <zeuthen@google.com> |
fs_mgr: Update for new libavb API.
In https://android-review.googlesource.com/#/c/392873/ we slightly
changed the libavb API. This CL updates fs_mgr to use the new API.
Bug: 38157502
Test: Manually tested.
Change-Id: Ia3371e11fcd81fcc1d147f030cd62af67943aad5
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 20651f62d081c88596e70b3b589863a75e2a9c35 |
|
08-May-2017 |
Bowgo Tsai <bowgotsai@google.com> |
first stage mount: removing the requirement of by-name prefix for AVB
Current first stage mount for AVB requires specifying a common prefix of
by-name symlink for all AVB partitions. It limits all AVB partitions to be on
the same block device.
firmware {
android {
compatible = "android,firmware";
vbmeta {
compatible = "android,vbmeta";
parts = "vbmeta,boot,system,vendor";
by_name_prefix="/dev/block/platform/soc.0/f9824900.sdhci/by-name" <-- *removing this*
};
fstab {
compatible = "android,fstab";
vendor {
compatible = "android,vendor";
dev = "/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor";
type = "ext4";
mnt_flags = "ro,barrier=1,inode_readahead_blks=8";
fsmgr_flags = "wait,avb";
};
};
};
};
For normal mount with AVB, it extracts the by-name prefix of /misc
partition and use it as the prefix for all other partitions:
- /dev/block/platform/soc.0/f9824900.sdhci/by-name/misc ->
- /dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor_a
Fix this by adding an internal map in FsManagerAvbOps to record the mapping
from partition name to its by-name symlink:
ByNameSymlinkMap["vendor_a"] = "/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor_a"
Two overloaded factory methods are then provided for FsManagerAvbUniquePtr:
- FsManagerAvbUniquePtr Open(ByNameSymlinkMap&& by_name_symlink_map):
for first stage mount, where the by-name symlink map will be
constructed externally, from the uevents processed by init, before
invoking this factory method.
- FsManagerAvbUniquePtr Open(const fstab& fstab): for normal mount,
where the by-name symlink map will be constructed from the input fstab
internally.
Bug: 37552224
Test: first stage mount /vendor with vboot 1.0
Test: first stage mount /vendor with vboot 2.0 (AVB)
Test: normal mount /vendor with vboot 2.0 (AVB)
Change-Id: Id17e8566da87ea22b8923fcd6e47db8d45bc7d6a
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 11409548776bbbbd77c5a02f93394e43c140559c |
|
05-May-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr_avb: allow verification error when the device is unlocked
Current AVB flow in fs_mgr doesn't allow verification error even if the
device is unlocked. This makes first stage mount fail when the device
is flashed with a different-sized boot.img because there is verification
error (HASH_MISMATCH) for the boot partition.
Fix this by allowing verification error only when the device is
unlocked. Whether to enable dm-verity for HASHTREE partitions is still
controlled by the HASHTREE_DISABLED flag in the top-level vbmeta.
Bug: 37985430
Test: First stage mount /vendor with AVB on a device.
Check dm-verity is enabled on /vendor.
Test: Unlock device, flash a different-sized boot.img. Boot device and check
dm-verity is still enabled on /vendor.
Test: First stage mount /vendor with AVB on a device with HASHTREE_DISABLED
is set on the top-level vbmeta, check dm-verity is not enable on /vendor.
Change-Id: I709431bc1c37e4f86133d171cee8e90621cdb857
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 359bed36156fe1602285c75745806d8488cf927b |
|
27-Apr-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: code clean up
- Returns FS_MGR_MNTALL_FAIL for failure paths in fs_mgr_mount_all()
- Removes the 'goto out' in fs_mgr_do_mount() as there is nothing to do in
the 'out' label now. Also removes the "ret = FS_MGR_DOMNT_FAILED;" and
just return FS_MGR_DOMNT_FAILED directly for the default failure path.
- Changes some LERROR to PERROR
Test: Use fs_mgr_do_mount() to mount /system with AVB
Change-Id: I126a0124a5c9d61302f40ab9db16989500d9777e
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 1a898c25f96150787b39d9a08ebdb9ab6fcb3846 |
|
13-Apr-2017 |
Bowgo Tsai <bowgotsai@google.com> |
Set libavb version into system property for Treble OTA
Set ro.boot.avb_version to "AVB_VERSION_MAJOR.AVB_VERSION_MINOR".
During Treble OTA match, the major version must be the same as that in
the avb metadata on disk, while the minor version can be equal or
greater to that in the avb metadata on disk.
See how avb versioning work on the following link:
https://android-review.googlesource.com/#/c/342757/
Also renames AvbHashtreeDisabled() -> hashtree_disabled().
Bug: 35322304
Test: Early mount with AVB, checks [ro.boot.avb_version]: [1.0] exists.
Test: Not enable AVB, checks [ro.boot.avb_version] doesn't exists.
Change-Id: I5aaf476ca53c4fe817779518ba14b68ebcfdc6d6
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 80d1ad17ed5dd1ca63cc3cca24e801c9f63bc48f |
|
13-Apr-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: adds/changes some public APIs for early mount in init
Several changes in this CL:
- Moves class FsManagerAvbHandle to public API
- Adds a parameter 'wait_for_verity_dev' for FsManagerAvbHandle::SetUpAvb()
to allow not to wait for verity device gets created
- Adds FsManagerAvbHandle::AvbHashtreeDisabled() to query whether AVB is disabled
- Adds fs_mgr_is_avb() to query whether a fstab_rec has MF_AVB flag
Bug: 33254008
Test: test AVB on bullhead
Change-Id: I89c43ca574ae632db8a700fc2590a1f80212c993
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 95c966a8599a069c40707c933c31155d625bd355 |
|
30-Mar-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr_avb: refactors how vbmeta is loaded
Adds two classes FsManagerAvbhandle and FsManagerAvbVerifier to replace the
following functions or struct:
- fs_mgr_load_vbmeta_images() -> FsManagerAvbhandle::Open()
- fs_mgr_unload_vbmeta_images() -> deleted
- fs_mgr_setup_avb() -> FsManagerAvbhandle::SetUpAvb()
- androidboot_vbmeta -> FsManagerAvbVerifier
- load_vbmeta_prop() -> FsManagerAvbVerifier::Create()
- verify_vbmeta_images() -> FsManagerAvbVerifier::VerifyVbmetaImages()
And only invokes FsManagerAvbhandle::Open() when there is a fstab entry having
'avb' flag (need HASHTREE descriptor). fs_mgr_is_avb_used() can be
removed as it only checks system property "ro.boot.vbmeta.hash_alg" to
decide whether vbmeta needs to be loaded, which might not be accurate.
For example, there are only HASH descriptors in the verified chain but
no HASHTREE descriptors. In this case, the fs_mgr doesn't have to do
anything because it only takes care of HASHTREE descriptors.
Also adds a new class FsManagerAvbOps to provide the C++ binding
FsManagerAvbOps::AvbSlotVerify() for libavb->avb_slot_verify().
Bug: 33254008
Test: test AVB on bullhead
Change-Id: I8fe15ba01c277152630a2a5c1c5c7f25fbf34030
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 87d0836cda90b33ee97d63ef61a10dd23d82581a |
|
04-Apr-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: adding fs_mgr_get_slot_suffix() public API
The function returns "_a" or "_b" based on two possible values in
kernel cmdline:
- androidboot.slot = a or b OR
- androidboot.slot_suffix = _a or _b
Bug: 33254008
Bug: 36533366
Test: boot sailfish
Change-Id: Ia0a524e4145ebf61af5821f42ecad212c95ed748
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 37a0b318ef2b4dcd0e7ae5b56dc028faa69859c7 |
|
30-Mar-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr_avb: allow top-level vbmeta struct to be in 'boot' partition
get_hashtree_descriptor() currently restricts HASHTREE descriptor to be
either in /vbmeta or in the same partition for dm-verity setup.
Also allows it to be from /boot partition because the top-level vbmeta
might be appended at /boot in legacy devices without /vbmeta.
Bug: 35880930
Test: test AVB on bullhead with top-level vbmeta being at /boot
Change-Id: I1ebd16a3c9f17bced6055146e8843b5918a737eb
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 97db0809f49c6d50388efb16a23e01214d5749ab |
|
27-Mar-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr_avb: fix return value check of fs_mgr_get_boot_config()
fs_mgr_get_boot_config() returns true/false but the return value check
in current fs_mgr_avb is for 0/1. This was introduced during a refactoring.
Check true/false for the return value.
Bug: 33254008
Test: manual test AVB on bullhead
Change-Id: I72c366627214df4a99c4d9cf1eb577e94f7afb31
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 9c7ae587c25b6aa2fc7a661f8932b92aab59def2 |
|
23-Mar-2017 |
Fernando Lugo <flugo@google.com> |
fs_mgr: update to new androidboot.slot param
androidboot.slot_suffix is being deprecated for a androidboot.slot.
Bootloader must pass slot used to boot into the androidboot.slot which
does not include the '_' character
Test: boot android
Bug: 36533366
Change-Id: I6137bd08418f67a88120c8609eda10b2ada4607d
Signed-off-by: Fernando Lugo <flugo@google.com>
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 9de748f74558abf047045302b6fc46af7629eedb |
|
17-Feb-2017 |
Sandeep Patil <sspatil@google.com> |
fs_mgr: add a generic fs_mgr_get_boot_config internal API
depending on when fs_mgr is trying to read the configuration passed into
the kernel commandline, it may be able to read it successfully.
Specially in the case when init has not initialized properties.
This change adds a new fs_mgr_get_boot_config() API to be used by all
fs_mgr code in order to get filesystem parameters specified in kernel
command line or device tree. This way the fs_mgr code doesn't have to
handle the "early" cases separately anywhere.
Test:
Tested angler boot with both /system and /vendor mounted in init
first stage.
Tested sailfish to make sure /vendor can be continued to be
mounted early without verity
Change-Id: I9a44cdfc32681f714c5d73ae55c3deda95c02545
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 4caf4c03c12cff5d52bd9e8d2810be0b47e40f4b |
|
16-Feb-2017 |
Bowgo Tsai <bowgotsai@google.com> |
Fix-up coding style
The .clang-format is a symlink to ../init/.clang-format, which is merged
recently. As init is the major user of fs_mgr, it's better to keep the
style consistent.
Only recent newly-added files written by me are formatted. For other
files, let's format them gradually to keep 'git blame' intact.
Bug: None
Test: Device can boot with AVB
Change-Id: I5c72f23b38534d5bcef3e4f9f0f477fa40496433
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 72ffff70fcd540a38b0a344386d10315c3b560c1 |
|
09-Feb-2017 |
bowgotsai <bowgotsai@google.com> |
fs_mgr: removing the dependency of requiring /vbmeta in fstab for AVB
Remove polling_vbmeta_blk_device() as it tries to get /vbmeta entry
from fstab. Also move the polling of a partition inside read_from_partition()
in fs_mgr_avb_ops.cpp as it's where the reads happen.
Bug: 31264231
Test: Device can boot with AVB
Change-Id: Id717e160b085eca42eb9bc5eb2fa7e658bea3ad6
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| 47878de7d12c7e438fcc584183b44893e91b4a28 |
|
23-Jan-2017 |
bowgotsai <bowgotsai@google.com> |
fs_mgr: Switch to LOG()/PLOG() defined in <android-base/logging.h>
This is the minimal change just to replace KLOG_{INFO, WARNING, ERROR}
defined in <cutils/klog.h> to LOG()/PLOG() defined in
<android-base/logging.h>.
The logging.h uses program invocation name as the tag when logging.
e.g., init logs will have "init: ..." at the beginning in each line.
To facilitate debugging, this commit adds [libfs_mgr] after the tag,
and the resulting output will like this:
[ 11.278002] init: [libfs_mgr]Enabling dm-verity for system (mode 2)
[ 11.283309] init: [libfs_mgr]loading verity table: '1 /dev/block/platform/soc.0/f9824900.sdhci/by-name/system ...'
[ 11.337884] init: [libfs_mgr]Not running /system/bin/tune2fs on /dev/block/dm-0 (executable not in system image)
[ 11.362281] init: [libfs_mgr]__mount(source=/dev/block/dm-0,target=/system,type=ext4)=0
[ 11.376331] init: [libfs_mgr]Requested quota status is match on /dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor
[ 11.398237] init: [libfs_mgr]__mount(source=/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor,target=/vendor,type=ext4)=0
[ 11.410735] init: [libfs_mgr]Requested quota status is match on /dev/block/platform/soc.0/f9824900.sdhci/by-name/userdata
[ 11.426783] init: [libfs_mgr]check_fs(): mount(/dev/block/platform/soc.0/f9824900.sdhci/by-name/userdata,/data,ext4)=-1: Invalid argument
[ 11.439154] init: [libfs_mgr]Running /system/bin/e2fsck on /dev/block/platform/soc.0/f9824900.sdhci/by-name/userdata
Bug: 34336098
Test: check device can boot
Change-Id: Idcbaca1050e2d8eabe1e4510a0af03aa0312d03a
/system/core/fs_mgr/fs_mgr_avb.cpp
|
| b51722b4e2c31355971100c21628a9e881756c3a |
|
11-Jan-2017 |
bowgotsai <bowgotsai@google.com> |
fs_mgr: support using libavb to enable dm-verity
external/avb/libavb provides the new Android Verified Boot (AVB) flow.
It has different verity metadata format than previous formats in
fs_mgr_verity.cpp fs_mgr should support using libavb to read the metadata
(a.k.a. HASHTREE descriptor in AVB) to enable dm-verity in kernel.
Two important files in this commit:
- fs_mgr_avb_ops.c: an implementation of struct AvbOps* for libavb to do
platform dependent I/O operations, e.g., read_from_partition.
- fs_mgr_avb.cpp: it reads the metadata (a.k.a. vbmeta images in AVB) from
all partitions, verifies its integrity against the values of
androidboot.vbmeta.{hash_alg, size, digest} passed from bootloader in
kernel command line. Then enable dm-verity for partitions having the
corresponding HASHTREE descriptor and with an 'avb' fstab flag.
Bug: 31264231
Test: Enable dm-verity on /system partition
Test: Enable dm-verity with FEC on /system partition
Change-Id: I4652806984fe5a30c61be0839135b5ca78323d38
/system/core/fs_mgr/fs_mgr_avb.cpp
|