From 830126637ae4e5198df075fba57c1e498624dab6 Mon Sep 17 00:00:00 2001 From: Sami Tolvanen Date: Fri, 3 Jun 2016 13:58:26 -0700 Subject: [PATCH] fs_mgr: validate corrected signatures If signature verification fails and we have an error corrected signature available, attempt to verify that instead. Needs changes from Ie913c21ba1d07d6df4c6feeb7226b2ec963f4d19 Bug: 28943429 Change-Id: I7d48701916fe430b17aa05acb120f22a1802733d --- fs_mgr/fs_mgr_verity.cpp | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp index b5141c934..719096f9b 100644 --- a/fs_mgr/fs_mgr_verity.cpp +++ b/fs_mgr/fs_mgr_verity.cpp @@ -150,6 +150,18 @@ out: return retval; } +static int verify_verity_signature(const struct fec_verity_metadata& verity) +{ + if (verify_table(verity.signature, verity.table, + verity.table_length) == 0 || + verify_table(verity.ecc_signature, verity.table, + verity.table_length) == 0) { + return 0; + } + + return -1; +} + static int invalidate_table(char *table, size_t table_length) { size_t n = 0; @@ -919,8 +931,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) } // verify the signature on the table - if (verify_table(verity.signature, verity.table, - verity.table_length) < 0) { + if (verify_verity_signature(verity) < 0) { if (params.mode == VERITY_MODE_LOGGING) { // the user has been warned, allow mounting without dm-verity retval = FS_MGR_SETUP_VERITY_SUCCESS;