fs_mgr_verity: allow verification error when the device is unlocked

On a A/B device, the image combination in VTS is: - system.img (userdebug): provided by Google (system as root) - vendor.img (user): provided by the OEM The generic system.img provided by Google doesn't have /verity_key. So verified boot will fail when it tries to verify the signature of vendor.img. This CL allows signature verification error (including no verity_key) when the device is unlocked. This CL also changes the return value to FS_MGR_SETUP_VERITY_SKIPPED when signature verification failed in logging mode. Otherwise, first stage mount will fail because it assumes verity device initialization should be successful when receiving FS_MGR_SETUP_VERITY_SUCCESS. Bug: 63821912 Test: boot generic system.img on a A/B device Change-Id: I33e5ef753913ae9f0c8b02c518ae94d4c8505611
2017-07-19 17:27:18 +08:00 · 2017-07-19 17:27:18 +08:00 · b674894199
parent b84666cbc0
commit b674894199
1 changed files with 7 additions and 1 deletions
--- a/fs_mgr/fs_mgr_verity.cpp
+++ b/fs_mgr/fs_mgr_verity.cpp
@ -841,9 +841,15 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev)

    // verify the signature on the table
    if (verify_verity_signature(verity) < 0) {
+        // Allow signature verification error when the device is unlocked
+        if (fs_mgr_is_device_unlocked()) {
+            retval = FS_MGR_SETUP_VERITY_SKIPPED;
+            LWARNING << "Allow signature verification error when the device is unlocked";
+            goto out;
+        }
        if (params.mode == VERITY_MODE_LOGGING) {
            // the user has been warned, allow mounting without dm-verity
-            retval = FS_MGR_SETUP_VERITY_SUCCESS;
+            retval = FS_MGR_SETUP_VERITY_SKIPPED;
            goto out;
        }