openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Vboot1.0: remove code to read verity state in userspace 

The code to read verity state in userspace is deprecated in favor of
having the bootloader read and report the state, so this change
removes this now unused code.

Bug: 73456517
Test: boot
Change-Id: Ib626fd61850bce3016179ca92a9831c2ac29c032
This commit is contained in:
Tom Cherry 2019-04-17 16:15:51 -07:00
parent 9b33cbc0cb
commit f7545cea34
9 changed files with 12 additions and 446 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
fs_mgr/fs_mgr.cpp
View File

@ -1610,38 +1610,6 @@ bool fs_mgr_swapon_all(const Fstab& fstab) {
return ret;
}
bool fs_mgr_load_verity_state(int* mode) {
/* return the default mode, unless any of the verified partitions are in
* logging mode, in which case return that */
*mode = VERITY_MODE_DEFAULT;
Fstab fstab;
if (!ReadDefaultFstab(&fstab)) {
LERROR << "Failed to read default fstab";
return false;
}
for (const auto& entry : fstab) {
if (entry.fs_mgr_flags.avb) {
*mode = VERITY_MODE_RESTART; // avb only supports restart mode.
break;
} else if (!entry.fs_mgr_flags.verify) {
continue;
}
int current;
if (load_verity_state(entry, &current) < 0) {
continue;
}
if (current != VERITY_MODE_DEFAULT) {
*mode = current;
break;
}
}
return true;
}
bool fs_mgr_is_verity_enabled(const FstabEntry& entry) {
if (!entry.fs_mgr_flags.verify && !entry.fs_mgr_flags.avb) {
return false;

4
fs_mgr/fs_mgr_fstab.cpp
View File

@ -260,10 +260,6 @@ void ParseFsMgrFlags(const std::string& flags, FstabEntry* entry) {
LWARNING << "Warning: zramsize= flag malformed: " << arg;
}
}
} else if (StartsWith(flag, "verify=")) {
// If the verify flag is followed by an = and the location for the verity state.
entry->fs_mgr_flags.verify = true;
entry->verity_loc = arg;
} else if (StartsWith(flag, "forceencrypt=")) {
// The forceencrypt flag is followed by an = and the location of the keys.
entry->fs_mgr_flags.force_crypt = true;

1
fs_mgr/fs_mgr_priv.h
View File

@ -99,7 +99,6 @@ bool fs_mgr_update_for_slotselect(android::fs_mgr::Fstab* fstab);
bool fs_mgr_is_device_unlocked();
const std::string& get_android_dt_dir();
bool is_dt_compatible();
int load_verity_state(const android::fs_mgr::FstabEntry& entry, int* mode);
bool fs_mgr_is_ext4(const std::string& blk_device);
bool fs_mgr_is_f2fs(const std::string& blk_device);

358
fs_mgr/fs_mgr_verity.cpp
View File

@ -275,248 +275,6 @@ static int load_verity_table(android::dm::DeviceMapper& dm, const std::string& n
return 0;
}
static int check_verity_restart(const char *fname)
{
char buffer[VERITY_KMSG_BUFSIZE + 1];
int fd;
int rc = 0;
ssize_t size;
struct stat s;
fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY | O_CLOEXEC));
if (fd == -1) {
if (errno != ENOENT) {
PERROR << "Failed to open " << fname;
}
goto out;
}
if (fstat(fd, &s) == -1) {
PERROR << "Failed to fstat " << fname;
goto out;
}
size = VERITY_KMSG_BUFSIZE;
if (size > s.st_size) {
size = s.st_size;
}
if (lseek(fd, s.st_size - size, SEEK_SET) == -1) {
PERROR << "Failed to lseek " << (intmax_t)(s.st_size - size) << " " << fname;
goto out;
}
if (!android::base::ReadFully(fd, buffer, size)) {
PERROR << "Failed to read " << size << " bytes from " << fname;
goto out;
}
buffer[size] = '\0';
if (strstr(buffer, VERITY_KMSG_RESTART) != NULL) {
rc = 1;
}
out:
if (fd != -1) {
close(fd);
}
return rc;
}
static int was_verity_restart()
{
static const char* files[] = {
// clang-format off
"/sys/fs/pstore/console-ramoops-0",
"/sys/fs/pstore/console-ramoops",
"/proc/last_kmsg",
NULL
// clang-format on
};
int i;
for (i = 0; files[i]; ++i) {
if (check_verity_restart(files[i])) {
return 1;
}
}
return 0;
}
static int metadata_add(FILE *fp, long start, const char *tag,
unsigned int length, off64_t *offset)
{
if (fseek(fp, start, SEEK_SET) < 0 ||
fprintf(fp, "%s %u\n", tag, length) < 0) {
return -1;
}
*offset = ftell(fp);
if (fseek(fp, length, SEEK_CUR) < 0 ||
fprintf(fp, METADATA_EOD " 0\n") < 0) {
return -1;
}
return 0;
}
static int metadata_find(const char *fname, const char *stag,
unsigned int slength, off64_t *offset)
{
char tag[METADATA_TAG_MAX_LENGTH + 1];
int rc = -1;
int n;
long start = 0x4000; /* skip cryptfs metadata area */
uint32_t magic;
unsigned int length = 0;
if (!fname) {
return -1;
}
auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(fname, "re+"), fclose};
if (!fp) {
PERROR << "Failed to open " << fname;
return -1;
}
/* check magic */
if (fseek(fp.get(), start, SEEK_SET) < 0 || fread(&magic, sizeof(magic), 1, fp.get()) != 1) {
PERROR << "Failed to read magic from " << fname;
return -1;
}
if (magic != METADATA_MAGIC) {
magic = METADATA_MAGIC;
if (fseek(fp.get(), start, SEEK_SET) < 0 ||
fwrite(&magic, sizeof(magic), 1, fp.get()) != 1) {
PERROR << "Failed to write magic to " << fname;
return -1;
}
rc = metadata_add(fp.get(), start + sizeof(magic), stag, slength, offset);
if (rc < 0) {
PERROR << "Failed to add metadata to " << fname;
}
return rc;
}
start += sizeof(magic);
while (1) {
n = fscanf(fp.get(), "%" STRINGIFY(METADATA_TAG_MAX_LENGTH) "s %u\n", tag, &length);
if (n == 2 && strcmp(tag, METADATA_EOD)) {
/* found a tag */
start = ftell(fp.get());
if (!strcmp(tag, stag) && length == slength) {
*offset = start;
return 0;
}
start += length;
if (fseek(fp.get(), length, SEEK_CUR) < 0) {
PERROR << "Failed to seek " << fname;
return -1;
}
} else {
rc = metadata_add(fp.get(), start, stag, slength, offset);
if (rc < 0) {
PERROR << "Failed to write metadata to " << fname;
}
return rc;
}
}
}
static int write_verity_state(const char *fname, off64_t offset, int32_t mode)
{
int fd;
int rc = -1;
struct verity_state s = { VERITY_STATE_HEADER, VERITY_STATE_VERSION, mode };
fd = TEMP_FAILURE_RETRY(open(fname, O_WRONLY | O_SYNC | O_CLOEXEC));
if (fd == -1) {
PERROR << "Failed to open " << fname;
goto out;
}
if (TEMP_FAILURE_RETRY(pwrite64(fd, &s, sizeof(s), offset)) != sizeof(s)) {
PERROR << "Failed to write " << sizeof(s) << " bytes to " << fname
<< " to offset " << offset;
goto out;
}
rc = 0;
out:
if (fd != -1) {
close(fd);
}
return rc;
}
static int read_verity_state(const char *fname, off64_t offset, int *mode)
{
int fd = -1;
int rc = -1;
struct verity_state s;
fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY | O_CLOEXEC));
if (fd == -1) {
PERROR << "Failed to open " << fname;
goto out;
}
if (TEMP_FAILURE_RETRY(pread64(fd, &s, sizeof(s), offset)) != sizeof(s)) {
PERROR << "Failed to read " << sizeof(s) << " bytes from " << fname
<< " offset " << offset;
goto out;
}
if (s.header != VERITY_STATE_HEADER) {
/* space allocated, but no state written. write default state */
*mode = VERITY_MODE_DEFAULT;
rc = write_verity_state(fname, offset, *mode);
goto out;
}
if (s.version != VERITY_STATE_VERSION) {
LERROR << "Unsupported verity state version (" << s.version << ")";
goto out;
}
if (s.mode < VERITY_MODE_EIO ||
s.mode > VERITY_MODE_LAST) {
LERROR << "Unsupported verity mode (" << s.mode << ")";
goto out;
}
*mode = s.mode;
rc = 0;
out:
if (fd != -1) {
close(fd);
}
return rc;
}
static int read_partition(const char *path, uint64_t size)
{
char buf[READ_BUF_SIZE];
@ -540,119 +298,23 @@ static int read_partition(const char *path, uint64_t size)
return 0;
}
static int compare_last_signature(const FstabEntry& entry, int* match) {
char tag[METADATA_TAG_MAX_LENGTH + 1];
int fd = -1;
int rc = -1;
off64_t offset = 0;
struct fec_handle *f = NULL;
struct fec_verity_metadata verity;
uint8_t curr[SHA256_DIGEST_LENGTH];
uint8_t prev[SHA256_DIGEST_LENGTH];
*match = 1;
if (fec_open(&f, entry.blk_device.c_str(), O_RDONLY, FEC_VERITY_DISABLE, FEC_DEFAULT_ROOTS) ==
-1) {
PERROR << "Failed to open '" << entry.blk_device << "'";
return rc;
}
// read verity metadata
if (fec_verity_get_metadata(f, &verity) == -1) {
PERROR << "Failed to get verity metadata '" << entry.blk_device << "'";
goto out;
}
SHA256(verity.signature, sizeof(verity.signature), curr);
if (snprintf(tag, sizeof(tag), VERITY_LASTSIG_TAG "_%s", basename(entry.mount_point.c_str())) >=
(int)sizeof(tag)) {
LERROR << "Metadata tag name too long for " << entry.mount_point;
goto out;
}
if (metadata_find(entry.verity_loc.c_str(), tag, SHA256_DIGEST_LENGTH, &offset) < 0) {
goto out;
}
fd = TEMP_FAILURE_RETRY(open(entry.verity_loc.c_str(), O_RDWR | O_SYNC | O_CLOEXEC));
if (fd == -1) {
PERROR << "Failed to open " << entry.verity_loc;
goto out;
}
if (TEMP_FAILURE_RETRY(pread64(fd, prev, sizeof(prev), offset)) != sizeof(prev)) {
PERROR << "Failed to read " << sizeof(prev) << " bytes from " << entry.verity_loc
<< " offset " << offset;
goto out;
}
*match = !memcmp(curr, prev, SHA256_DIGEST_LENGTH);
if (!*match) {
/* update current signature hash */
if (TEMP_FAILURE_RETRY(pwrite64(fd, curr, sizeof(curr),
offset)) != sizeof(curr)) {
PERROR << "Failed to write " << sizeof(curr) << " bytes to " << entry.verity_loc
<< " offset " << offset;
goto out;
}
}
rc = 0;
out:
fec_close(f);
return rc;
}
static int get_verity_state_offset(const FstabEntry& entry, off64_t* offset) {
char tag[METADATA_TAG_MAX_LENGTH + 1];
if (snprintf(tag, sizeof(tag), VERITY_STATE_TAG "_%s", basename(entry.mount_point.c_str())) >=
(int)sizeof(tag)) {
LERROR << "Metadata tag name too long for " << entry.mount_point;
return -1;
}
return metadata_find(entry.verity_loc.c_str(), tag, sizeof(struct verity_state), offset);
}
int load_verity_state(const FstabEntry& entry, int* mode) {
bool fs_mgr_load_verity_state(int* mode) {
// unless otherwise specified, use EIO mode.
*mode = VERITY_MODE_EIO;
// use the kernel parameter if set.
std::string veritymode;
if (fs_mgr_get_boot_config("veritymode", &veritymode)) {
if (veritymode == "enforcing") {
*mode = VERITY_MODE_DEFAULT;
}
return 0;
// The bootloader communicates verity mode via the kernel commandline
std::string verity_mode;
if (!fs_mgr_get_boot_config("veritymode", &verity_mode)) {
return false;
}
off64_t offset = 0;
if (get_verity_state_offset(entry, &offset) < 0) {
/* fall back to stateless behavior */
return 0;
}
if (was_verity_restart()) {
/* device was restarted after dm-verity detected a corrupted
* block, so use EIO mode */
return write_verity_state(entry.verity_loc.c_str(), offset, *mode);
}
int match = 0;
if (!compare_last_signature(entry, &match) && !match) {
/* partition has been reflashed, reset dm-verity state */
if (verity_mode == "enforcing") {
*mode = VERITY_MODE_DEFAULT;
return write_verity_state(entry.verity_loc.c_str(), offset, *mode);
} else if (verity_mode == "logging") {
*mode = VERITY_MODE_LOGGING;
}
return read_verity_state(entry.verity_loc.c_str(), offset, mode);
return true;
}
// Update the verity table using the actual block device path.
@ -759,7 +421,7 @@ int fs_mgr_setup_verity(FstabEntry* entry, bool wait_for_verity_dev) {
params.ecc_dev = entry->blk_device.c_str();
if (load_verity_state(*entry, &params.mode) < 0) {
if (!fs_mgr_load_verity_state(&params.mode)) {
/* if accessing or updating the state failed, switch to the default
* safe mode. This makes sure the device won't end up in an endless
* restart loop, and no corrupted data will be exposed to userspace

1
fs_mgr/include_fstab/fstab/fstab.h
View File

@ -38,7 +38,6 @@ struct FstabEntry {
std::string fs_options;
std::string key_loc;
std::string key_dir;
std::string verity_loc;
off64_t length = 0;
std::string label;
int partnum = -1;

28
fs_mgr/tests/fs_mgr_test.cpp
View File

@ -394,7 +394,7 @@ TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_AllBad) {
std::string fstab_contents = R"fs(
source none0 swap defaults encryptable,forceencrypt,fileencryption,forcefdeorfbe,keydirectory,length,swapprio,zramsize,max_comp_streams,reservedsize,eraseblk,logicalblk,sysfs_path,zram_loopback_path,zram_loopback_size,zram_backing_dev_path
source none1 swap defaults encryptable=,forceencrypt=,fileencryption=,keydirectory=,length=,swapprio=,zramsize=,max_comp_streams=,verify=,avb=,reservedsize=,eraseblk=,logicalblk=,sysfs_path=,zram_loopback_path=,zram_loopback_size=,zram_backing_dev_path=
source none1 swap defaults encryptable=,forceencrypt=,fileencryption=,keydirectory=,length=,swapprio=,zramsize=,max_comp_streams=,avb=,reservedsize=,eraseblk=,logicalblk=,sysfs_path=,zram_loopback_path=,zram_loopback_size=,zram_backing_dev_path=
source none2 swap defaults forcefdeorfbe=
@ -413,7 +413,6 @@ source none2 swap defaults forcefdeorfbe=
}
EXPECT_EQ("", entry->key_loc);
EXPECT_EQ("", entry->key_dir);
EXPECT_EQ("", entry->verity_loc);
EXPECT_EQ(0, entry->length);
EXPECT_EQ("", entry->label);
EXPECT_EQ(-1, entry->partnum);
@ -437,13 +436,11 @@ source none2 swap defaults forcefdeorfbe=
flags.crypt = true;
flags.force_crypt = true;
flags.file_encryption = true;
flags.verify = true;
flags.avb = true;
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
}
EXPECT_EQ("", entry->key_loc);
EXPECT_EQ("", entry->key_dir);
EXPECT_EQ("", entry->verity_loc);
EXPECT_EQ(0, entry->length);
EXPECT_EQ("", entry->label);
EXPECT_EQ(-1, entry->partnum);
@ -639,29 +636,6 @@ source none5 swap defaults zramsize=%
EXPECT_EQ(0, entry->zram_size);
}
TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_Verify) {
TemporaryFile tf;
ASSERT_TRUE(tf.fd != -1);
std::string fstab_contents = R"fs(
source none0 swap defaults verify=/dir/key
)fs";
ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
ASSERT_EQ(1U, fstab.size());
auto entry = fstab.begin();
EXPECT_EQ("none0", entry->mount_point);
FstabEntry::FsMgrFlags flags = {};
flags.verify = true;
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("/dir/key", entry->verity_loc);
}
TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_ForceEncrypt) {
TemporaryFile tf;
ASSERT_TRUE(tf.fd != -1);

3
init/README.md
View File

@ -586,9 +586,6 @@ Commands
`umount <path>`
> Unmount the filesystem mounted at that path.
`verity_load_state`
> Internal implementation detail used to load dm-verity state.
`verity_update_state <mount-point>`
> Internal implementation detail used to update dm-verity state and
set the partition._mount-point_.verified properties used by adb remount

12
init/builtins.cpp
View File

@ -707,17 +707,6 @@ static Result<Success> do_sysclktz(const BuiltinArguments& args) {
return Success();
}
static Result<Success> do_verity_load_state(const BuiltinArguments& args) {
int mode = -1;
bool loaded = fs_mgr_load_verity_state(&mode);
if (loaded && mode != VERITY_MODE_DEFAULT) {
ActionManager::GetInstance().QueueEventTrigger("verity-logging");
}
if (!loaded) return Error() << "Could not load verity state";
return Success();
}
static Result<Success> do_verity_update_state(const BuiltinArguments& args) {
int mode;
if (!fs_mgr_load_verity_state(&mode)) {
@ -1150,7 +1139,6 @@ const BuiltinFunctionMap::Map& BuiltinFunctionMap::map() const {
{"symlink", {2, 2, {true, do_symlink}}},
{"sysclktz", {1, 1, {false, do_sysclktz}}},
{"trigger", {1, 1, {false, do_trigger}}},
{"verity_load_state", {0, 0, {false, do_verity_load_state}}},
{"verity_update_state", {0, 0, {false, do_verity_update_state}}},
{"wait", {1, 2, {true, do_wait}}},
{"wait_for_prop", {2, 2, {false, do_wait_for_prop}}},

19
init/first_stage_mount.cpp
View File

@ -672,7 +672,6 @@ void FirstStageMount::UseGsiIfPresent() {
}
bool FirstStageMountVBootV1::GetDmVerityDevices() {
std::string verity_loc_device;
need_dm_verity_ = false;
for (const auto& fstab_entry : fstab_) {
@ -685,21 +684,9 @@ bool FirstStageMountVBootV1::GetDmVerityDevices() {
if (fstab_entry.fs_mgr_flags.verify) {
need_dm_verity_ = true;
}
// Checks if verity metadata is on a separate partition. Note that it is
// not partition specific, so there must be only one additional partition
// that carries verity state.
if (!fstab_entry.verity_loc.empty()) {
if (verity_loc_device.empty()) {
verity_loc_device = fstab_entry.verity_loc;
} else if (verity_loc_device != fstab_entry.verity_loc) {
LOG(ERROR) << "More than one verity_loc found: " << verity_loc_device << ", "
<< fstab_entry.verity_loc;
return false;
}
}
}
// Includes the partition names of fstab records and verity_loc_device (if any).
// Includes the partition names of fstab records.
// Notes that fstab_rec->blk_device has A/B suffix updated by fs_mgr when A/B is used.
for (const auto& fstab_entry : fstab_) {
if (!fstab_entry.fs_mgr_flags.logical) {
@ -707,10 +694,6 @@ bool FirstStageMountVBootV1::GetDmVerityDevices() {
}
}
if (!verity_loc_device.empty()) {
required_devices_partition_names_.emplace(basename(verity_loc_device.c_str()));
}
return true;
}