4ca2a30368a0ae150a97a07b997ddaaf3df88d4d |
|
06-Jul-2017 |
Treehugger Robot <treehugger-gerrit@google.com> |
Merge "fs_mgr: Adding logs when failing to wait for a device file"
|
9d344969b03fd19a6f5c485ddd7c8dd22b7d3a9d |
|
13-Jun-2017 |
Jinguang Dong <dongjinguang@huawei.com> |
fs_mgr: Adding logs when failing to wait for a device file During mount operations, fs_mgr_wait_for_file() is invoked to ensure the device file exists before starting to mount it. Adding logs when the wait fails and also skip mounting as it won't be successful. Also merge fs_mgr_test_access() and wait_for_file() as fs_mgr_wait_for_file(). Test: Boot device and manually trigger the timeout issue Test: Check and confirm whether timeout log info is inside ksmg. Change-Id: Ide6d7fdca41e03e169e4400f91b7dea327985aaf
/system/core/fs_mgr/fs_mgr_avb.cpp
|
d1fe3bdbd6bcdc7f268f045e6b3b77de4d837a21 |
|
05-Jul-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: allow no verity metadata when the device is unlocked. To boot with generic system.img for project Treble, we should allow no verity metadata when the device is unlocked. The previous fix checks system property "ro.boot.flash.locked" but it's unavailable during first stage mount. This CL checks "androidboot.verifiedbootstate" in kernel command line instead. Bug: 63268209 Test: boot sailfish without metadata on /vendor Change-Id: Ifd1dbeb2a2f09cd06903ecdd59bc94b3905a3fbd
/system/core/fs_mgr/fs_mgr_avb.cpp
|
60f19a079203dbb187cb6af5a1c594496832c191 |
|
22-Jun-2017 |
Bowgo Tsai <bowgotsai@google.com> |
AVB: allow no metadata in the generic system.img for project Treble The generic system.img released from project Treble can't contain any verity metadata (e.g., vboot 1.0, AVB, or any other implementation) because it's *generic*. To make any device can boot with it, `avbctl disable-verification` is introduced to set a new flag AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED in the top-level vbmeta to disable the entire AVB verification process. This should be done prior to flash the generic system.img. See the following link for details: https://android-review.googlesource.com/#/c/418399/ This CL checks whether AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED is set in the top-level vbmeta. When set, skip verifying the vbmeta structs against androidboot.vbmeta.{hash_alg, size, digest} because it will be absent in kernel cmdline. Also, only top-level vbmeta struct is read then returned by libavb in this case. Note that another flag AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED, usually set by `adb disable-verity`, is used to signal fs_mgr to skip setting up dm-verity, but libavb still verifies all vbmeta structs. fs_mgr will also verify all vbmeta structs against androidboot.vbmeta.{hash_alg, size, digest} from kernel cmdline as well. Also rename SetUpAvb() to SetUpAvbHashtree() to better fit its usage. This function will return kDisabled when any of the above two flags is set. Finally, regardless of which flag is set or not set, we still only allow two return values from avb_slot_verify(): - AVB_SLOT_VERIFY_RESULT_OK: it's still possible to get this value when any of these flags are set in build time. e.g., BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS=--flags 2 - AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: in most cases we should get this value, because the flags are likely set at run time. Bug: 62523303 Test: boot device with 'avbctl disable-verification'. Test: boot device with 'avbctl enable-verification'. Test: boot device with 'adb disable-verity'. Test: boot device with 'adb enable-verity'. Test: build image with BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS=--flags 2, then boot device. repeat the above steps to boot device again. Change-Id: Ie8436f3e0e82c78490208f3b85eac5238a9fdfdb
/system/core/fs_mgr/fs_mgr_avb.cpp
|
6879cc1e2ee91f47fa05a01dfbce9dfef7504501 |
|
11-May-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: support different dm-verity error modes AVB is going to support different modes to handle dm-verity errors. See the following CL for more details: - https://android-review.googlesource.com/#/c/392873/ The verity mode is controlled by bootloader through androidboot.veritymode in kernel command line. fs_mgr should read the value from there and specify the corresponding flag when loading dm-verity table into kernel. Also removes some unused #include libraries. Bug: 38157502 Test: Manually tested different dm verity modes: - "restart_on_corruption" (androidboot.veritymode=enforcing) - "ignore_corruption" (androidboot.veritymode=logging) - None, default mode is EIO in kernel (androidboot.veritymode=eio) Change-Id: I80e1e817a148b54fb67ba58112d376dc2cf37c98
/system/core/fs_mgr/fs_mgr_avb.cpp
|
7ea2c2814d10efba9fc7bc54b49293e2dfdf55fc |
|
10-May-2017 |
David Zeuthen <zeuthen@google.com> |
fs_mgr: Update for new libavb API. In https://android-review.googlesource.com/#/c/392873/ we slightly changed the libavb API. This CL updates fs_mgr to use the new API. Bug: 38157502 Test: Manually tested. Change-Id: Ia3371e11fcd81fcc1d147f030cd62af67943aad5
/system/core/fs_mgr/fs_mgr_avb.cpp
|
20651f62d081c88596e70b3b589863a75e2a9c35 |
|
08-May-2017 |
Bowgo Tsai <bowgotsai@google.com> |
first stage mount: removing the requirement of by-name prefix for AVB Current first stage mount for AVB requires specifying a common prefix of by-name symlink for all AVB partitions. It limits all AVB partitions to be on the same block device. firmware { android { compatible = "android,firmware"; vbmeta { compatible = "android,vbmeta"; parts = "vbmeta,boot,system,vendor"; by_name_prefix="/dev/block/platform/soc.0/f9824900.sdhci/by-name" <-- *removing this* }; fstab { compatible = "android,fstab"; vendor { compatible = "android,vendor"; dev = "/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor"; type = "ext4"; mnt_flags = "ro,barrier=1,inode_readahead_blks=8"; fsmgr_flags = "wait,avb"; }; }; }; }; For normal mount with AVB, it extracts the by-name prefix of /misc partition and use it as the prefix for all other partitions: - /dev/block/platform/soc.0/f9824900.sdhci/by-name/misc -> - /dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor_a Fix this by adding an internal map in FsManagerAvbOps to record the mapping from partition name to its by-name symlink: ByNameSymlinkMap["vendor_a"] = "/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor_a" Two overloaded factory methods are then provided for FsManagerAvbUniquePtr: - FsManagerAvbUniquePtr Open(ByNameSymlinkMap&& by_name_symlink_map): for first stage mount, where the by-name symlink map will be constructed externally, from the uevents processed by init, before invoking this factory method. - FsManagerAvbUniquePtr Open(const fstab& fstab): for normal mount, where the by-name symlink map will be constructed from the input fstab internally. Bug: 37552224 Test: first stage mount /vendor with vboot 1.0 Test: first stage mount /vendor with vboot 2.0 (AVB) Test: normal mount /vendor with vboot 2.0 (AVB) Change-Id: Id17e8566da87ea22b8923fcd6e47db8d45bc7d6a
/system/core/fs_mgr/fs_mgr_avb.cpp
|
11409548776bbbbd77c5a02f93394e43c140559c |
|
05-May-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr_avb: allow verification error when the device is unlocked Current AVB flow in fs_mgr doesn't allow verification error even if the device is unlocked. This makes first stage mount fail when the device is flashed with a different-sized boot.img because there is verification error (HASH_MISMATCH) for the boot partition. Fix this by allowing verification error only when the device is unlocked. Whether to enable dm-verity for HASHTREE partitions is still controlled by the HASHTREE_DISABLED flag in the top-level vbmeta. Bug: 37985430 Test: First stage mount /vendor with AVB on a device. Check dm-verity is enabled on /vendor. Test: Unlock device, flash a different-sized boot.img. Boot device and check dm-verity is still enabled on /vendor. Test: First stage mount /vendor with AVB on a device with HASHTREE_DISABLED is set on the top-level vbmeta, check dm-verity is not enable on /vendor. Change-Id: I709431bc1c37e4f86133d171cee8e90621cdb857
/system/core/fs_mgr/fs_mgr_avb.cpp
|
359bed36156fe1602285c75745806d8488cf927b |
|
27-Apr-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: code clean up - Returns FS_MGR_MNTALL_FAIL for failure paths in fs_mgr_mount_all() - Removes the 'goto out' in fs_mgr_do_mount() as there is nothing to do in the 'out' label now. Also removes the "ret = FS_MGR_DOMNT_FAILED;" and just return FS_MGR_DOMNT_FAILED directly for the default failure path. - Changes some LERROR to PERROR Test: Use fs_mgr_do_mount() to mount /system with AVB Change-Id: I126a0124a5c9d61302f40ab9db16989500d9777e
/system/core/fs_mgr/fs_mgr_avb.cpp
|
1a898c25f96150787b39d9a08ebdb9ab6fcb3846 |
|
13-Apr-2017 |
Bowgo Tsai <bowgotsai@google.com> |
Set libavb version into system property for Treble OTA Set ro.boot.avb_version to "AVB_VERSION_MAJOR.AVB_VERSION_MINOR". During Treble OTA match, the major version must be the same as that in the avb metadata on disk, while the minor version can be equal or greater to that in the avb metadata on disk. See how avb versioning work on the following link: https://android-review.googlesource.com/#/c/342757/ Also renames AvbHashtreeDisabled() -> hashtree_disabled(). Bug: 35322304 Test: Early mount with AVB, checks [ro.boot.avb_version]: [1.0] exists. Test: Not enable AVB, checks [ro.boot.avb_version] doesn't exists. Change-Id: I5aaf476ca53c4fe817779518ba14b68ebcfdc6d6
/system/core/fs_mgr/fs_mgr_avb.cpp
|
80d1ad17ed5dd1ca63cc3cca24e801c9f63bc48f |
|
13-Apr-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: adds/changes some public APIs for early mount in init Several changes in this CL: - Moves class FsManagerAvbHandle to public API - Adds a parameter 'wait_for_verity_dev' for FsManagerAvbHandle::SetUpAvb() to allow not to wait for verity device gets created - Adds FsManagerAvbHandle::AvbHashtreeDisabled() to query whether AVB is disabled - Adds fs_mgr_is_avb() to query whether a fstab_rec has MF_AVB flag Bug: 33254008 Test: test AVB on bullhead Change-Id: I89c43ca574ae632db8a700fc2590a1f80212c993
/system/core/fs_mgr/fs_mgr_avb.cpp
|
95c966a8599a069c40707c933c31155d625bd355 |
|
30-Mar-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr_avb: refactors how vbmeta is loaded Adds two classes FsManagerAvbhandle and FsManagerAvbVerifier to replace the following functions or struct: - fs_mgr_load_vbmeta_images() -> FsManagerAvbhandle::Open() - fs_mgr_unload_vbmeta_images() -> deleted - fs_mgr_setup_avb() -> FsManagerAvbhandle::SetUpAvb() - androidboot_vbmeta -> FsManagerAvbVerifier - load_vbmeta_prop() -> FsManagerAvbVerifier::Create() - verify_vbmeta_images() -> FsManagerAvbVerifier::VerifyVbmetaImages() And only invokes FsManagerAvbhandle::Open() when there is a fstab entry having 'avb' flag (need HASHTREE descriptor). fs_mgr_is_avb_used() can be removed as it only checks system property "ro.boot.vbmeta.hash_alg" to decide whether vbmeta needs to be loaded, which might not be accurate. For example, there are only HASH descriptors in the verified chain but no HASHTREE descriptors. In this case, the fs_mgr doesn't have to do anything because it only takes care of HASHTREE descriptors. Also adds a new class FsManagerAvbOps to provide the C++ binding FsManagerAvbOps::AvbSlotVerify() for libavb->avb_slot_verify(). Bug: 33254008 Test: test AVB on bullhead Change-Id: I8fe15ba01c277152630a2a5c1c5c7f25fbf34030
/system/core/fs_mgr/fs_mgr_avb.cpp
|
87d0836cda90b33ee97d63ef61a10dd23d82581a |
|
04-Apr-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: adding fs_mgr_get_slot_suffix() public API The function returns "_a" or "_b" based on two possible values in kernel cmdline: - androidboot.slot = a or b OR - androidboot.slot_suffix = _a or _b Bug: 33254008 Bug: 36533366 Test: boot sailfish Change-Id: Ia0a524e4145ebf61af5821f42ecad212c95ed748
/system/core/fs_mgr/fs_mgr_avb.cpp
|
37a0b318ef2b4dcd0e7ae5b56dc028faa69859c7 |
|
30-Mar-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr_avb: allow top-level vbmeta struct to be in 'boot' partition get_hashtree_descriptor() currently restricts HASHTREE descriptor to be either in /vbmeta or in the same partition for dm-verity setup. Also allows it to be from /boot partition because the top-level vbmeta might be appended at /boot in legacy devices without /vbmeta. Bug: 35880930 Test: test AVB on bullhead with top-level vbmeta being at /boot Change-Id: I1ebd16a3c9f17bced6055146e8843b5918a737eb
/system/core/fs_mgr/fs_mgr_avb.cpp
|
97db0809f49c6d50388efb16a23e01214d5749ab |
|
27-Mar-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr_avb: fix return value check of fs_mgr_get_boot_config() fs_mgr_get_boot_config() returns true/false but the return value check in current fs_mgr_avb is for 0/1. This was introduced during a refactoring. Check true/false for the return value. Bug: 33254008 Test: manual test AVB on bullhead Change-Id: I72c366627214df4a99c4d9cf1eb577e94f7afb31
/system/core/fs_mgr/fs_mgr_avb.cpp
|
9c7ae587c25b6aa2fc7a661f8932b92aab59def2 |
|
23-Mar-2017 |
Fernando Lugo <flugo@google.com> |
fs_mgr: update to new androidboot.slot param androidboot.slot_suffix is being deprecated for a androidboot.slot. Bootloader must pass slot used to boot into the androidboot.slot which does not include the '_' character Test: boot android Bug: 36533366 Change-Id: I6137bd08418f67a88120c8609eda10b2ada4607d Signed-off-by: Fernando Lugo <flugo@google.com>
/system/core/fs_mgr/fs_mgr_avb.cpp
|
9de748f74558abf047045302b6fc46af7629eedb |
|
17-Feb-2017 |
Sandeep Patil <sspatil@google.com> |
fs_mgr: add a generic fs_mgr_get_boot_config internal API depending on when fs_mgr is trying to read the configuration passed into the kernel commandline, it may be able to read it successfully. Specially in the case when init has not initialized properties. This change adds a new fs_mgr_get_boot_config() API to be used by all fs_mgr code in order to get filesystem parameters specified in kernel command line or device tree. This way the fs_mgr code doesn't have to handle the "early" cases separately anywhere. Test: Tested angler boot with both /system and /vendor mounted in init first stage. Tested sailfish to make sure /vendor can be continued to be mounted early without verity Change-Id: I9a44cdfc32681f714c5d73ae55c3deda95c02545
/system/core/fs_mgr/fs_mgr_avb.cpp
|
4caf4c03c12cff5d52bd9e8d2810be0b47e40f4b |
|
16-Feb-2017 |
Bowgo Tsai <bowgotsai@google.com> |
Fix-up coding style The .clang-format is a symlink to ../init/.clang-format, which is merged recently. As init is the major user of fs_mgr, it's better to keep the style consistent. Only recent newly-added files written by me are formatted. For other files, let's format them gradually to keep 'git blame' intact. Bug: None Test: Device can boot with AVB Change-Id: I5c72f23b38534d5bcef3e4f9f0f477fa40496433
/system/core/fs_mgr/fs_mgr_avb.cpp
|
72ffff70fcd540a38b0a344386d10315c3b560c1 |
|
09-Feb-2017 |
bowgotsai <bowgotsai@google.com> |
fs_mgr: removing the dependency of requiring /vbmeta in fstab for AVB Remove polling_vbmeta_blk_device() as it tries to get /vbmeta entry from fstab. Also move the polling of a partition inside read_from_partition() in fs_mgr_avb_ops.cpp as it's where the reads happen. Bug: 31264231 Test: Device can boot with AVB Change-Id: Id717e160b085eca42eb9bc5eb2fa7e658bea3ad6
/system/core/fs_mgr/fs_mgr_avb.cpp
|
47878de7d12c7e438fcc584183b44893e91b4a28 |
|
23-Jan-2017 |
bowgotsai <bowgotsai@google.com> |
fs_mgr: Switch to LOG()/PLOG() defined in <android-base/logging.h> This is the minimal change just to replace KLOG_{INFO, WARNING, ERROR} defined in <cutils/klog.h> to LOG()/PLOG() defined in <android-base/logging.h>. The logging.h uses program invocation name as the tag when logging. e.g., init logs will have "init: ..." at the beginning in each line. To facilitate debugging, this commit adds [libfs_mgr] after the tag, and the resulting output will like this: [ 11.278002] init: [libfs_mgr]Enabling dm-verity for system (mode 2) [ 11.283309] init: [libfs_mgr]loading verity table: '1 /dev/block/platform/soc.0/f9824900.sdhci/by-name/system ...' [ 11.337884] init: [libfs_mgr]Not running /system/bin/tune2fs on /dev/block/dm-0 (executable not in system image) [ 11.362281] init: [libfs_mgr]__mount(source=/dev/block/dm-0,target=/system,type=ext4)=0 [ 11.376331] init: [libfs_mgr]Requested quota status is match on /dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor [ 11.398237] init: [libfs_mgr]__mount(source=/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor,target=/vendor,type=ext4)=0 [ 11.410735] init: [libfs_mgr]Requested quota status is match on /dev/block/platform/soc.0/f9824900.sdhci/by-name/userdata [ 11.426783] init: [libfs_mgr]check_fs(): mount(/dev/block/platform/soc.0/f9824900.sdhci/by-name/userdata,/data,ext4)=-1: Invalid argument [ 11.439154] init: [libfs_mgr]Running /system/bin/e2fsck on /dev/block/platform/soc.0/f9824900.sdhci/by-name/userdata Bug: 34336098 Test: check device can boot Change-Id: Idcbaca1050e2d8eabe1e4510a0af03aa0312d03a
/system/core/fs_mgr/fs_mgr_avb.cpp
|
b51722b4e2c31355971100c21628a9e881756c3a |
|
11-Jan-2017 |
bowgotsai <bowgotsai@google.com> |
fs_mgr: support using libavb to enable dm-verity external/avb/libavb provides the new Android Verified Boot (AVB) flow. It has different verity metadata format than previous formats in fs_mgr_verity.cpp fs_mgr should support using libavb to read the metadata (a.k.a. HASHTREE descriptor in AVB) to enable dm-verity in kernel. Two important files in this commit: - fs_mgr_avb_ops.c: an implementation of struct AvbOps* for libavb to do platform dependent I/O operations, e.g., read_from_partition. - fs_mgr_avb.cpp: it reads the metadata (a.k.a. vbmeta images in AVB) from all partitions, verifies its integrity against the values of androidboot.vbmeta.{hash_alg, size, digest} passed from bootloader in kernel command line. Then enable dm-verity for partitions having the corresponding HASHTREE descriptor and with an 'avb' fstab flag. Bug: 31264231 Test: Enable dm-verity on /system partition Test: Enable dm-verity with FEC on /system partition Change-Id: I4652806984fe5a30c61be0839135b5ca78323d38
/system/core/fs_mgr/fs_mgr_avb.cpp
|