From b67489419911875d8791de87996c39b61740e781 Mon Sep 17 00:00:00 2001 From: Bowgo Tsai Date: Wed, 19 Jul 2017 17:27:18 +0800 Subject: [PATCH] fs_mgr_verity: allow verification error when the device is unlocked On a A/B device, the image combination in VTS is: - system.img (userdebug): provided by Google (system as root) - vendor.img (user): provided by the OEM The generic system.img provided by Google doesn't have /verity_key. So verified boot will fail when it tries to verify the signature of vendor.img. This CL allows signature verification error (including no verity_key) when the device is unlocked. This CL also changes the return value to FS_MGR_SETUP_VERITY_SKIPPED when signature verification failed in logging mode. Otherwise, first stage mount will fail because it assumes verity device initialization should be successful when receiving FS_MGR_SETUP_VERITY_SUCCESS. Bug: 63821912 Test: boot generic system.img on a A/B device Change-Id: I33e5ef753913ae9f0c8b02c518ae94d4c8505611 --- fs_mgr/fs_mgr_verity.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp index 5de0903e6..7f8e1e213 100644 --- a/fs_mgr/fs_mgr_verity.cpp +++ b/fs_mgr/fs_mgr_verity.cpp @@ -841,9 +841,15 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev) // verify the signature on the table if (verify_verity_signature(verity) < 0) { + // Allow signature verification error when the device is unlocked + if (fs_mgr_is_device_unlocked()) { + retval = FS_MGR_SETUP_VERITY_SKIPPED; + LWARNING << "Allow signature verification error when the device is unlocked"; + goto out; + } if (params.mode == VERITY_MODE_LOGGING) { // the user has been warned, allow mounting without dm-verity - retval = FS_MGR_SETUP_VERITY_SUCCESS; + retval = FS_MGR_SETUP_VERITY_SKIPPED; goto out; }