744361fc57f90f6dbfe11122bc9a80e661b2e2a5 |
|
11-Oct-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: removing is_device_secure() Previously there is no vboot 1.0 metadata for ENG builds. It relies on is_device_secure() to query "ro.secure" and skip setting up dm-verity if the value is 0 (meaning ENG build). This change will be submitted together with other changes to add vboot 1.0 metadata for ENG builds with a "disable magic". The resulting metadata will be the same as triggering an "adb disable-verity" on an USERDEBUG image. Bug: 63056044 Test: boot sailfish eng/userdebug builds Change-Id: I35eef771e1b30bfc6d01b8ed76b40c942fe7b783
/system/core/fs_mgr/fs_mgr_verity.cpp
|
b67489419911875d8791de87996c39b61740e781 |
|
19-Jul-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr_verity: allow verification error when the device is unlocked On a A/B device, the image combination in VTS is: - system.img (userdebug): provided by Google (system as root) - vendor.img (user): provided by the OEM The generic system.img provided by Google doesn't have /verity_key. So verified boot will fail when it tries to verify the signature of vendor.img. This CL allows signature verification error (including no verity_key) when the device is unlocked. This CL also changes the return value to FS_MGR_SETUP_VERITY_SKIPPED when signature verification failed in logging mode. Otherwise, first stage mount will fail because it assumes verity device initialization should be successful when receiving FS_MGR_SETUP_VERITY_SUCCESS. Bug: 63821912 Test: boot generic system.img on a A/B device Change-Id: I33e5ef753913ae9f0c8b02c518ae94d4c8505611
/system/core/fs_mgr/fs_mgr_verity.cpp
|
4ca2a30368a0ae150a97a07b997ddaaf3df88d4d |
|
06-Jul-2017 |
Treehugger Robot <treehugger-gerrit@google.com> |
Merge "fs_mgr: Adding logs when failing to wait for a device file"
|
9d344969b03fd19a6f5c485ddd7c8dd22b7d3a9d |
|
13-Jun-2017 |
Jinguang Dong <dongjinguang@huawei.com> |
fs_mgr: Adding logs when failing to wait for a device file During mount operations, fs_mgr_wait_for_file() is invoked to ensure the device file exists before starting to mount it. Adding logs when the wait fails and also skip mounting as it won't be successful. Also merge fs_mgr_test_access() and wait_for_file() as fs_mgr_wait_for_file(). Test: Boot device and manually trigger the timeout issue Test: Check and confirm whether timeout log info is inside ksmg. Change-Id: Ide6d7fdca41e03e169e4400f91b7dea327985aaf
/system/core/fs_mgr/fs_mgr_verity.cpp
|
d1fe3bdbd6bcdc7f268f045e6b3b77de4d837a21 |
|
05-Jul-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: allow no verity metadata when the device is unlocked. To boot with generic system.img for project Treble, we should allow no verity metadata when the device is unlocked. The previous fix checks system property "ro.boot.flash.locked" but it's unavailable during first stage mount. This CL checks "androidboot.verifiedbootstate" in kernel command line instead. Bug: 63268209 Test: boot sailfish without metadata on /vendor Change-Id: Ifd1dbeb2a2f09cd06903ecdd59bc94b3905a3fbd
/system/core/fs_mgr/fs_mgr_verity.cpp
|
cab56c0ba53bf702a7df10eb39755af0b5525088 |
|
27-Jun-2017 |
Mark Salyzyn <salyzyn@google.com> |
fs_mgr: check console-ramoops-0 On later kernels /sys/fs/pstore/console-ramoops becomes /sys/fs/pstore/console-ramoops-0 Test: none Bug: 63058217 Change-Id: If1422e4df09b68c44f16608b1d191aeb6378c66b
/system/core/fs_mgr/fs_mgr_verity.cpp
|
95366e97ddff7fcfc095481f69bbd7f699715c99 |
|
21-Jun-2017 |
Sandeep Patil <sspatil@google.com> |
fs_mgr: differentiate if fs_mgr_set_verity() was skipped or disabled In case of non-secure builds (eng variant) fs_mgr_setup_verity() skips verity checks regardless of fstab options. This is slightly different than 'adb disable-verity' where it would first read the verity metadata to check if verity is disabled. So, this change adds a new return value of FS_MGR_SETUP_VERITY_SKIPPED instead of piggy backing on the FS_MGR_SETUP_VERITY_DISABLED. Bug: 62864413 Test: Boot sailfish Change-Id: I42bf2bdce0ecb18b4c3b568e2bc96bf1590dfb35 Signed-off-by: Sandeep Patil <sspatil@google.com>
/system/core/fs_mgr/fs_mgr_verity.cpp
|
c3eca505cd169cfd0d5bef7ad365bad84ff8227b |
|
08-Jun-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr_verity: support updating actual block device path in verity table The value of PRODUCT_{SYSTEM,VENDOR}_VERITY_PARTITION will be included in the verity metadata of an image. For example: PRODUCT_VENDOR_VERITY_PARTITION := /dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor This makes the image cannot be shared for devices with different by-name prefix: /dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor /dev/block/platform/soc.0/7824900.sdhci/by-name/vendor This change supports using a generic PRODUCT_{SYSTEM,VENDOR}_VERITY_PARTITION to build image and replace it with the actual path at run time: PRODUCT_VENDOR_VERITY_PARTITION := /dev/block/bootdevice/by-name/vendor ==> /dev/block/platform/soc.0/7824900.sdhci/by-name/vendor Bug: 62171170 Test: Boot sailfish with PRODUCT_VENDOR_VERITY_PARTITION := /dev/block/bootdevice/by-name/vendor Change-Id: I2789d2a025e80a628a1b4e7419818065c209fb7f
/system/core/fs_mgr/fs_mgr_verity.cpp
|
77cbfd6341a7a500fdb8e2f3cc4a4f721254f10e |
|
08-May-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr_verity: fix androidboot.veritymode=enforcing doesn't work Should set verity mode to VERITY_MODE_DEFAULT when androidboot.veritymode=enforcing. Bug: 38103331 Test: `adb shell getprop partition.system.verified` returns 2 when veritymode=enforcing Test: `adb shell getprop partition.vendor.verified` returns 2 when veritymode=enforcing Change-Id: I2f34eb6509f91989ce726e540cf2c0d353347ede
/system/core/fs_mgr/fs_mgr_verity.cpp
|
aaf70e77dc232fde152249bb6f66a227eab35a10 |
|
01-Mar-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: support AVB in fs_mgr_update_verity_state() fs_mgr_update_verity_state() is invoked by 'verity_update_state' in init.rc. It will then set property "partition.system.verified" and "partition.vendor.verified" to verify_mode. We should support this for AVB as well. Also change the order of static libs in init to fix the build error after this change: system/extras/ext4_utils/ext4_crypt.cpp:69: error: undefined reference to 'property_get' Bug: 35416769 Test: Mount /system and /vendor with vboot 2.0 (AVB), check the following properties exist. - [partition.system.verified]: [2] - [partition.vendor.verified]: [2] Test: Mount /system and /vendor with vboot 1.0, check the following properties exist. - [partition.system.verified]: [0] - [partition.vendor.verified]: [0] Change-Id: I4328d66a8cb93f26e7960e620a0b2292d5f15900
/system/core/fs_mgr/fs_mgr_verity.cpp
|
e989a22553bc8a6229e379ac215a9281f9d1f846 |
|
20-Mar-2017 |
Mark Salyzyn <salyzyn@google.com> |
fs_mgr: remove private/android_filesystem_config.h Test: compile Bug: 33241851 Change-Id: I3807871dcdfe5c751b1eea6e57c1ff5aac15806e
/system/core/fs_mgr/fs_mgr_verity.cpp
|
7ad3159db9be8fcb7246fbb750884f5a9edf368f |
|
06-Mar-2017 |
Bowgo Tsai <bowgotsai@google.com> |
fs_mgr: allow disable dm-verity when the device is unlocked without metadata To start Treble VTS test, a single AOSP system.img will be flashed onto the device. The size of AOSP system.img might be different than the system partition size on device, making locating verity metadata fail (at the last fixed size of the partition). This change allows disabling dm-verity on system partition when the device is unlocked (orange device state) with invalid metadata. BUG: 35603549 Test: Boot bullhead with a different-sized system.img, checks verity is not enabled via: "adb shell getprop | grep partition.system.verified" Change-Id: Id89d023e82c78ff1902ab7a528431cf7f65e49ad
/system/core/fs_mgr/fs_mgr_verity.cpp
|
e7a1b3757faa3d354ad3f423fa078132a9a84dd4 |
|
27-Feb-2017 |
Sandeep Patil <sspatil@google.com> |
fs_mgr: make is_device_secure() work even in the absence of properties. During early mount property area is not initialized, and as a result an 'eng' build will always incorrectly be detected as a 'secure' build by early mount code path resulting into verity error and consequent boot loop. The change here makes sure the is_device_secure() check works with / without properties based on the 'eng' build based build flag so the early mount code works fine both ways. Bug: 35791581 Bug: 27805372 Test: Boot sailfish-{eng,userdebug} builds successfully w/ early mount enabled Change-Id: Icd101ccad56b669f49b60bbb3005d5be9f53b02b Signed-off-by: Sandeep Patil <sspatil@google.com>
/system/core/fs_mgr/fs_mgr_verity.cpp
|
c20c0c2cdd593f6b54bf467167a5f2ed3c602ab8 |
|
24-Feb-2017 |
Sandeep Patil <sspatil@google.com> |
early_mount: fs_mgr: move all fstab logic into fs_mgr With init parsing fstab fragments from kernel separately, the fs_mgr would completely miss the device tree entries. That leads to things like 'adb remount' to go through without warning for verity even if /system is verified. This happens because 'verity_update_state' completely misses the partitions passed to android through the device tree. solution is to teach fs_mgr about device tree fstab entries and add 2 new public APIs. 1. fs_mgr_read_fstab_dt() - reads device tree and returns fstab generated from it. 2. fs_mgr_read_fstab_default() - reads both device tree fstab and /fstab.{ro.hardware} and returns the combined table. This also reduces the hardcoded /fstab.{ro.hardware} occurence only to fs_mgr and for eveyone who wants to read the "default" fstab must be changed to call fs_mgr_read_fstab_default() instead. e.g. adb. b/27805372 Test: Angler was used since it has 2 early mounted partitions instead of one. 1 verified and 1 unverified. - Boot angler successfully without early mount - Boot angler successfully with /vendor early mount and test if 'adb remount' warns us about verity - Boot angler successfully with both /system and /vendor early mounted and ensure 'adb remount' warns us about verity. - check partitions.system.verified status after /system early mount ot ensure it is set to VERITY_MODE_DEFAULT. - 'adb disable-verity' with early mounted /system doesn't work due to missing changes in adb TODO: change adb to use the new fs_mgr_read_fstab_default() API Change-Id: I82038d87c7a44488e938acce2cc1082c08f6f73a Signed-off-by: Sandeep Patil <sspatil@google.com>
/system/core/fs_mgr/fs_mgr_verity.cpp
|
9de748f74558abf047045302b6fc46af7629eedb |
|
17-Feb-2017 |
Sandeep Patil <sspatil@google.com> |
fs_mgr: add a generic fs_mgr_get_boot_config internal API depending on when fs_mgr is trying to read the configuration passed into the kernel commandline, it may be able to read it successfully. Specially in the case when init has not initialized properties. This change adds a new fs_mgr_get_boot_config() API to be used by all fs_mgr code in order to get filesystem parameters specified in kernel command line or device tree. This way the fs_mgr code doesn't have to handle the "early" cases separately anywhere. Test: Tested angler boot with both /system and /vendor mounted in init first stage. Tested sailfish to make sure /vendor can be continued to be mounted early without verity Change-Id: I9a44cdfc32681f714c5d73ae55c3deda95c02545
/system/core/fs_mgr/fs_mgr_verity.cpp
|
4129f20aafe07431a5950271cf7b9014bee53550 |
|
16-Feb-2017 |
Sandeep Patil <sspatil@google.com> |
fs_mgr: make fs_mgr_setup_verity public API Consequently this removes the 'early' version of the exact same API. This is to be used by early mount code where we need to do 1. setup verity 2. create verity device 3. mount partition as separate steps since that happens during init first stage. b/27805372 Test: Boot sailfish successfully Change-Id: I01abecfdfa210d3e240a291ddcb3d2e9ed39ede6 Signed-off-by: Sandeep Patil <sspatil@google.com>
/system/core/fs_mgr/fs_mgr_verity.cpp
|
d2462570b8dffd2e83dfb9c6e60f8f39697659b5 |
|
15-Feb-2017 |
Sandeep Patil <sspatil@google.com> |
fs_mgr: fix the fs_mgr_setup_verity param name The 'verify_dev' parameter for fs_mgr_setup_verity is confusing, since it doesn't necessarily control the "verification" part of the function. Instead, it merely allows the caller to skip the wait_for_dm_verity_device part of the function. So, rename that parameter for what it is. b/27805372 Test: Boot sailfish Change-Id: I024e02fd728f5cd5bb333d9c3b512861731fa215 Signed-off-by: Sandeep Patil <sspatil@google.com>
/system/core/fs_mgr/fs_mgr_verity.cpp
|
183ca56ce22fa59d8b1a1372051b28984d1ab91c |
|
28-Jan-2017 |
Treehugger Robot <treehugger-gerrit@google.com> |
Merge "fs_mgr: Switch to LOG()/PLOG() defined in <android-base/logging.h>"
|
47878de7d12c7e438fcc584183b44893e91b4a28 |
|
23-Jan-2017 |
bowgotsai <bowgotsai@google.com> |
fs_mgr: Switch to LOG()/PLOG() defined in <android-base/logging.h> This is the minimal change just to replace KLOG_{INFO, WARNING, ERROR} defined in <cutils/klog.h> to LOG()/PLOG() defined in <android-base/logging.h>. The logging.h uses program invocation name as the tag when logging. e.g., init logs will have "init: ..." at the beginning in each line. To facilitate debugging, this commit adds [libfs_mgr] after the tag, and the resulting output will like this: [ 11.278002] init: [libfs_mgr]Enabling dm-verity for system (mode 2) [ 11.283309] init: [libfs_mgr]loading verity table: '1 /dev/block/platform/soc.0/f9824900.sdhci/by-name/system ...' [ 11.337884] init: [libfs_mgr]Not running /system/bin/tune2fs on /dev/block/dm-0 (executable not in system image) [ 11.362281] init: [libfs_mgr]__mount(source=/dev/block/dm-0,target=/system,type=ext4)=0 [ 11.376331] init: [libfs_mgr]Requested quota status is match on /dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor [ 11.398237] init: [libfs_mgr]__mount(source=/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor,target=/vendor,type=ext4)=0 [ 11.410735] init: [libfs_mgr]Requested quota status is match on /dev/block/platform/soc.0/f9824900.sdhci/by-name/userdata [ 11.426783] init: [libfs_mgr]check_fs(): mount(/dev/block/platform/soc.0/f9824900.sdhci/by-name/userdata,/data,ext4)=-1: Invalid argument [ 11.439154] init: [libfs_mgr]Running /system/bin/e2fsck on /dev/block/platform/soc.0/f9824900.sdhci/by-name/userdata Bug: 34336098 Test: check device can boot Change-Id: Idcbaca1050e2d8eabe1e4510a0af03aa0312d03a
/system/core/fs_mgr/fs_mgr_verity.cpp
|
ce25baf06fe8ba80b0a4c7ff65fba9e1b1b7a67f |
|
25-Jan-2017 |
bowgotsai <bowgotsai@google.com> |
fs_mgr_verity: correct dm_target_spec->next dm_target_spec->next should be set to the next multiple of 8. It doesn't matter before because dm_ioctl->target_count is set to 1 so only the first dm_target_spec will be processed. Bug: None Test: check device can boot with dm-verity Change-Id: I96b9b0307a40b05640db06d1c614c16d8144bb47
/system/core/fs_mgr/fs_mgr_verity.cpp
|
47aa2a75201b9cb53c6464304b82db492073d622 |
|
09-Jan-2017 |
bowgotsai <bowgotsai@google.com> |
fs_mgr: use std::string for function parameters in fs_mgr_dm_ioctl.cpp Make the code more C++-ish by replacing char* or char** with std::string&. Bug: 31264231 Test: check device can boot with dm-verity Change-Id: Ie3ca3f449b52959d1a7b2887d722eb5ce366c4f9
/system/core/fs_mgr/fs_mgr_verity.cpp
|
3de625d109f47e04bf7bf9d0db3cfc9f2718964d |
|
11-Nov-2016 |
bowgotsai <bowgotsai@google.com> |
fs_mgr: moves common functions out of fs_mgr_verity.cpp This commits moves some common functions out of fs_mgr_verity.cpp to be reused by other verified boot flows. It includes: - Move common functions into fs_mgr.c - Move dm_ioctl related functions to a new file: fs_mgr_dm_ioctl.cpp Bug: 31264231 Test: check device can boot with dm-verity Change-Id: Iaa0d8031efbaae12aa28f872f62d3fc3d3763b51
/system/core/fs_mgr/fs_mgr_verity.cpp
|
17f248d2e4847943ccc52bd2eb01b49310e68701 |
|
12-Nov-2016 |
Prashant Malani <pmalani@google.com> |
fs_mgr: Fix disable-verity for verifyatboot partitions This allows a remount to be performed on partitions which have been verified at boot, without causing the verity service to complain of "corrupted" blocks that could have been modified as a result of a remount (while the verity checksum remained unchanged). (cherry picked from commit dd78ae75ff91f19106a4c3944fe3170602ac2334) Bug: 32638755 Test: Compile Change-Id: I77cf7dd20ee5c5f5dac80f73f292e32583fe5906
/system/core/fs_mgr/fs_mgr_verity.cpp
|
2cdc67eed50da046b1e78728f2563fc3db6f8927 |
|
28-Oct-2016 |
Prashant Malani <pmalani@google.com> |
fs_mgr: Add support for at-boot verification Running dm-verity on heavily accessed partitions leads to performance slowdowns, especially on low-RAM and slow-CPU devices. This patch introduces a flag to allow an entire verified partition to be read once at boot, to check for corruptions. If the reads are successful, we can mount the partition as raw & read-only, and if not, we can revert to mounting it as a verity partition, just like before. Usage of this flag will entail a slowdown of time-to-boot, but should lead to improvements in runtime performance. (cherry picked from commit 34543c03e6319d102bc0b1e3ca54808ff398e676) Bug: 32433608 Test: Compile Change-Id: I97717683a00ad6fa347e63b72b1a9bf1d2946315
/system/core/fs_mgr/fs_mgr_verity.cpp
|
ecfce13ce2e9e2dfdadf51bb0948b9e5dce6e5e2 |
|
16-Dec-2016 |
Hung-ying Tyan <tyanh@google.com> |
fs_mgr: add verify_dev flag to fs_mgr_setup_verity() Bug: 33682519 Test: Tested on bullhead with https://android-review.googlesource.com/#/c/315463. Change-Id: Ie12230c6f77a2834c179e44b59817292d58726f7
/system/core/fs_mgr/fs_mgr_verity.cpp
|
496e667966906f63bf09040d339cd5b717e2e7f0 |
|
27-Oct-2016 |
Wei Wang <wvw@google.com> |
Merge "Make sure wait for the dm device" am: d70a5feb60 Change-Id: If1e188c32548995413e49c1f7edece8d2c526bb2
|
dba750e0e0d0cc996c70d7699cd35e34226565de |
|
26-Oct-2016 |
Wei Wang <wvw@google.com> |
Make sure wait for the dm device Bug: 32408249 Test: on m/s Change-Id: I65fa4fec94c82ef51d2c8d0aabf9e90b8448f27f
/system/core/fs_mgr/fs_mgr_verity.cpp
|
1263097328ef8c21fbbed22b006430e507502ffd |
|
18-Aug-2016 |
Hung-ying Tyan <tyanh@google.com> |
Merge "Mount /vendor and /odm early" am: 35569e9d68 am: 46bfc918d0 am: d1f49a43fd Change-Id: I6dc53f60771ad0e660e248efdc1b13734fba3061
|
99c4a8a6b3852c33828b03cbd0aef0c625957a39 |
|
01-Feb-2016 |
Hung-ying Tyan <tyanh@google.com> |
Mount /vendor and /odm early Right now these two partitions are mounted in the fs stage of the init process. As a result, many vendor/ODM files needed earlier in the boot process (e.g., init.<hardware>.rc, fstab.<hardware>.rc, uevent.<hardware>.rc, SELinux policy files etc) can only live on the root partition. To prevent vendors/ODMs from polluting the root partition, this patch makes it possible to mount the vendor and ODM partitions in the first stage of the init process. The fstab info of both partitions to be mounted early is composed from new kernel cmdline arguments android.early.prefix and android.early.fstab. For example, with: android.early.prefix=/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/ android.early.fstab=mmcblk0p10+/odm+ext4+ro+verify\nmmcblk0p09+/vendor+ext4+ro+verify the final fstab string will be: /sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p10 /odm ext4 ro verify /sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p09 /vendor ext4 ro verify The android.early.prefix is optional. When it is missing, the final fstab string will be directly converted from android.early.fstab. This patch also makes sure that the early mounted partitions are dm-verity enabled so that they are trust worthy to store system files. BUG=27805372 Change-Id: I3cf32482a5ec65445ba3aedab2164c7ba8f12694
/system/core/fs_mgr/fs_mgr_verity.cpp
|
3afa5a9afa68ea87b65f98bbf3ea7b4e876d718f |
|
28-Jul-2016 |
Chih-Hung Hsieh <chh@google.com> |
Merge \\\"Fix clang-tidy performance warnings in fs_mgr.\\\" am: 44c909d467 am: be25035ddb am: aa0628ec50 Change-Id: I28c0f3cf75c1e225b3d24b77934d055dd9edf854
|
73da05d35403a0c3909edcf5744e99b8f786a61f |
|
28-Jul-2016 |
Chih-Hung Hsieh <chh@google.com> |
Fix clang-tidy performance warnings in fs_mgr. * Use const reference type for for-loop index variables to avoid unnecessary copy. Bug: 30413223 Change-Id: I5514384ef3af77c00aa3e8417acd8d70981e0afb Test: build with WITH_TIDY=1
/system/core/fs_mgr/fs_mgr_verity.cpp
|
6de58ac5d70253f307604d28e7c21bcf8889e295 |
|
20-Jun-2016 |
Sami Tolvanen <samitolvanen@google.com> |
fs_mgr_verity: fix verity_update_state for A/B devices am: 9af867e7bd Change-Id: I676d0ece31d3cc23701923e5cda2be2155d0c00e
|
9af867e7bd0b7ea6c01666ee32188d9e09f94d26 |
|
18-Jun-2016 |
Sami Tolvanen <samitolvanen@google.com> |
fs_mgr_verity: fix verity_update_state for A/B devices Use the correct device name when system is mounted as root, and validate dm-verity status to avoid confusing it with dm-linear. Bug: 29277442 Change-Id: I36e115189f9a9430bad4bf89f26a376bcb8e8168
/system/core/fs_mgr/fs_mgr_verity.cpp
|
98f1ea00e5c14083f4524de5c571aa7f6721ebc1 |
|
03-Jun-2016 |
Sami Tolvanen <samitolvanen@google.com> |
fs_mgr: validate corrected signatures If signature verification fails and we have an error corrected signature available, attempt to verify that instead. Needs changes from Ie913c21ba1d07d6df4c6feeb7226b2ec963f4d19 Bug: 28943429 Change-Id: I7d48701916fe430b17aa05acb120f22a1802733d (cherry picked from commit 830126637ae4e5198df075fba57c1e498624dab6)
/system/core/fs_mgr/fs_mgr_verity.cpp
|
725ca56851b9a54c4baa07e22ac42587124af085 |
|
07-Jun-2016 |
Mattias Nissler <mnissler@google.com> |
Merge "fs_mgr: Remove incorrect free() on error paths in load_key()" am: 35d84096e9 am: 6f29ec0197 * commit '6f29ec0197a1b146d302b3e158c258bfef4566f7': fs_mgr: Remove incorrect free() on error paths in load_key() Change-Id: Ic01cbaf499e494f4edcc3e4261139d2b365d3a59
|
31404e58e99e833a13ed282bf331df037d2714a8 |
|
07-Jun-2016 |
Mattias Nissler <mnissler@google.com> |
fs_mgr: Remove incorrect free() on error paths in load_key() This fixes a bug introduced by https://android-review.googlesource.com/#/c/212781/ which would make fs_mgr crash when hitting one of the error paths. Bug: 28585197 Change-Id: I40e6612e2eb3e6f584e70c608afc6d4378d73c4f
/system/core/fs_mgr/fs_mgr_verity.cpp
|
4171b2b72423d0f6555ee4638dbfb7d95b023996 |
|
07-Jun-2016 |
Sami Tolvanen <samitolvanen@google.com> |
resolve merge conflicts of eacbb82 to nyc-dev-plus-aosp Change-Id: Ia3077f826c1d422932b62684ae0d53935abfe807
|
d6f5af35d5a006e7ccc561c51b80403bb1c4db42 |
|
07-Jun-2016 |
Sami Tolvanen <samitolvanen@google.com> |
Merge "fs_mgr: validate corrected signatures" into nyc-dev am: eacbb824c9 * commit 'eacbb824c9ee2ccec9e1de641d03e7370888eabc': fs_mgr: validate corrected signatures Change-Id: I3986a59d498a22769611216f5ed475f31332b2c9
|
830126637ae4e5198df075fba57c1e498624dab6 |
|
03-Jun-2016 |
Sami Tolvanen <samitolvanen@google.com> |
fs_mgr: validate corrected signatures If signature verification fails and we have an error corrected signature available, attempt to verify that instead. Needs changes from Ie913c21ba1d07d6df4c6feeb7226b2ec963f4d19 Bug: 28943429 Change-Id: I7d48701916fe430b17aa05acb120f22a1802733d
/system/core/fs_mgr/fs_mgr_verity.cpp
|
32cabf25aae4166f5fc08a75be41a2e4b4160ee4 |
|
26-Apr-2016 |
Jeremy Compostella <jeremy.compostella@intel.com> |
fs_mgr: update block device reference in verity metadata The dm-verity metadata contains the block device path that is given to the dm-android-verity driver. If the device is using slot A/B, this path is missing the slot suffix. This patch makes fs_mgr replace all the block device path reference with the one including the active slot suffix. Change-Id: Ib624d0d18b12a8a287cac7f15605a2e0fb7c97c6 Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com> Bug: 28845874
/system/core/fs_mgr/fs_mgr_verity.cpp
|
dfd2478bd172c3e6242cee5e0a7dcea2c4ee3056 |
|
26-Apr-2016 |
Jeremy Compostella <jeremy.compostella@intel.com> |
fs_mgr: update block device reference in verity metadata The dm-verity metadata contains the block device path that is given to the dm-android-verity driver. If the device is using slot A/B, this path is missing the slot suffix. This patch makes fs_mgr replace all the block device path reference with the one including the active slot suffix. Change-Id: Ib624d0d18b12a8a287cac7f15605a2e0fb7c97c6 Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
/system/core/fs_mgr/fs_mgr_verity.cpp
|
097b6bbc76231f4148c9dd28b6ea0c1189d40fc3 |
|
31-Mar-2016 |
Mattias Nissler <mnissler@google.com> |
Switch fs_mgr and adb to libcrypto_utils. Update code and dependencies to use BoringSSL + libcrypto_utils instead of mincrypt. Change-Id: Ic75164bd50c84b81b6310e27a67d4b3c174984f9
/system/core/fs_mgr/fs_mgr_verity.cpp
|
907ec7daa761624012476e540d8fe473b67b94bf |
|
10-Dec-2015 |
Sami Tolvanen <samitolvanen@google.com> |
Merge "fs_mgr: support upstream dm-verity without error correction"
|
0d1214c68ea95543468b09f7ae27bd65c8c8d7c0 |
|
10-Dec-2015 |
Sami Tolvanen <samitolvanen@google.com> |
Merge "Set up dm-verity in EIO mode instead of logging mode"
|
ff980d22d1c322173bed6289fd9448d8b5e58144 |
|
10-Dec-2015 |
Sami Tolvanen <samitolvanen@google.com> |
fs_mgr: support upstream dm-verity without error correction Set up dm-verity even if kernel configuration doesn't have CONFIG_DM_VERITY_FEC set. Fall back to the always safe EIO mode if dm-verity doesn't support feature arguments. Bug: 21893453 Change-Id: I4812bd74801c0abc8da479230f48b752858f9cd8
/system/core/fs_mgr/fs_mgr_verity.cpp
|
4f71319df011d796a60a43fc1bc68e16fbf7d321 |
|
05-Dec-2015 |
Elliott Hughes <enh@google.com> |
Track rename of base/ to android-base/. Change-Id: Idf9444fece4aa89c93e15640de59a91f6e758ccf
/system/core/fs_mgr/fs_mgr_verity.cpp
|
90f52df257ab020934558a811bad2ba0bae33c5a |
|
02-Dec-2015 |
Sami Tolvanen <samitolvanen@google.com> |
Set up dm-verity in EIO mode instead of logging mode If the device is corrupted, set up dm-verity in EIO mode instead of logging mode. This prevents corrupted blocks from being returned to user space. Note that restart mode is used by default and a warning will be displayed to the user after corruption is first detected. Bug: 19277516 Change-Id: I38966d73eb814836bc34b4bad1192583e5010b36
/system/core/fs_mgr/fs_mgr_verity.cpp
|
25b230c62c8e2f67b16c618382827471f305b3c8 |
|
30-Oct-2015 |
Sami Tolvanen <samitolvanen@google.com> |
fs_mgr: set partition.*.verified property even without state Set properties on verity_update_state even if verity state management is not used. Bug: 24865045 Change-Id: Ic68a9e1a230c959eeb2a769260ff7d8e100cb1e1 (cherry picked from 0eb0516665678aec7712d88b51c96aaf8b312060)
/system/core/fs_mgr/fs_mgr_verity.cpp
|
99e3a927e89bd0fa67a13511071260fa02d13fa1 |
|
22-May-2015 |
Sami Tolvanen <samitolvanen@google.com> |
Error correction: Use libfec in fs_mgr Use libfec to read and parse verity metadata to protect against data corruption. Bug: 21893453 Change-Id: I3a3543e0d999316707302b3be8735a7133d22946
/system/core/fs_mgr/fs_mgr_verity.cpp
|
092345346212f329010b453f4b1d2cb5292f7876 |
|
14-Oct-2015 |
Sami Tolvanen <samitolvanen@google.com> |
Revert "Error correction: Use libfec in fs_mgr" This reverts commit 3de3a0f351ee07cbd31db56d49cef3fbeb7e633b. Change-Id: I1f121cbc4431b8d8ff146eab29832a8dda1eb8ba
/system/core/fs_mgr/fs_mgr_verity.cpp
|
3de3a0f351ee07cbd31db56d49cef3fbeb7e633b |
|
22-May-2015 |
Sami Tolvanen <samitolvanen@google.com> |
Error correction: Use libfec in fs_mgr Use libfec to read and parse verity metadata to protect against data corruption. Bug: 21893453 Change-Id: Ieee6a1441e2f68148ba635235216e36c69b13db1
/system/core/fs_mgr/fs_mgr_verity.cpp
|
67b3cad9a0de47f0afd5aaf9471661383acd2531 |
|
08-Oct-2015 |
Johan Redestig <johan.redestig@sonymobile.com> |
Switch to android::base::ReadFully The if (read(...size) != size) pattern is unreliable, switch to the android base ReadFully which wraps read in a loop. Change-Id: I2324e4c45da3c9b53b18df6eb09ce69a6604b5d1
/system/core/fs_mgr/fs_mgr_verity.cpp
|
246c18caf5193e2243dfcbf434e6340039b64f8c |
|
09-Oct-2015 |
Elliott Hughes <enh@google.com> |
Switch fs_mgr_verity.c to C++. This is the minimal change just to keep it building, and doesn't attempt to clean up any of the code. Change-Id: I975710322ae33d8946497df25bf85b2fe28976a4
/system/core/fs_mgr/fs_mgr_verity.cpp
|