Lines Matching defs:verity
72 #define VERITY_KMSG_RESTART "dm-verity device corrupted"
128 LERROR << "Couldn't load verity keys";
146 static int verify_verity_signature(const struct fec_verity_metadata& verity)
148 if (verify_table(verity.signature, sizeof(verity.signature),
149 verity.table, verity.table_length) == 0 ||
150 verify_table(verity.ecc_signature, sizeof(verity.ecc_signature),
151 verity.table, verity.table_length) == 0) {
227 LERROR << "Error building verity table; insufficient buffer size?";
246 LERROR << "Error building verity table; insufficient buffer size?";
270 strcpy(tgt->target_type, "verity");
272 // build the verity params
277 LERROR << "Failed to format verity parameters";
281 LINFO << "loading verity table: '" << verity_params << "'";
288 // send the ioctl to load the verity table
290 PERROR << "Error loading verity table";
530 LERROR << "Unsupported verity state version (" << s.version << ")";
536 LERROR << "Unsupported verity mode (" << s.mode << ")";
581 struct fec_verity_metadata verity;
593 // read verity metadata
594 if (fec_verity_get_metadata(f, &verity) == -1) {
595 PERROR << "Failed to get verity metadata '" << fstab->blk_device << "'";
599 SHA256(verity.signature, sizeof(verity.signature), curr);
681 /* device was restarted after dm-verity detected a corrupted
687 /* partition has been reflashed, reset dm-verity state */
695 // Update the verity table using the actual block device path.
697 // Case-1: verity table is shared for devices with different by-name prefix.
699 // verity table token: /dev/block/bootdevice/by-name/vendor
703 // Case-2: append A/B suffix in the verity table.
705 // verity table token: /dev/block/platform/soc.0/7824900.sdhci/by-name/vendor
751 // prepares the verity enabled (MF_VERIFY / MF_VERIFYATBOOT) fstab record for
753 // verity device to get created before return
760 struct fec_verity_metadata verity;
774 // read verity metadata
775 if (fec_verity_get_metadata(f, &verity) < 0) {
776 PERROR << "Failed to get verity metadata '" << fstab->blk_device << "'";
777 // Allow verity disabled when the device is unlocked without metadata
786 if (verity.disabled) {
788 LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG/ENG";
808 LERROR << "Couldn't create verity device!";
814 LERROR << "Couldn't get verity device number!";
826 if (!verity.table) {
830 params.table = strdup(verity.table);
836 if (verify_verity_signature(verity) < 0) {
844 // the user has been warned, allow mounting without dm-verity
850 if (invalidate_table(params.table, verity.table_length) < 0) {
855 LINFO << "Enabling dm-verity for " << mount_point.c_str()
858 // Update the verity params using the actual block device path
862 // load the verity mapping table
863 if (load_verity_table(io, mount_point, verity.data_size, fd, ¶ms,
873 if (load_verity_table(io, mount_point, verity.data_size, fd, ¶ms,
880 if (load_verity_table(io, mount_point, verity.data_size, fd, ¶ms,
890 if (load_verity_table(io, mount_point, verity.data_size, fd, ¶ms,
896 LERROR << "Failed to load verity table for " << mount_point.c_str();
910 // If there is an error, allow it to mount as a normal verity partition.
913 int err = read_partition(verity_blk_name.c_str(), verity.data_size);
915 LINFO << "Verified verity partition "
921 // assign the new verity block device as the block device
926 LERROR << "Failed to remove verity device " << mount_point.c_str();