Commit Graph

26 Commits

Author SHA1 Message Date
Sami Tolvanen 284c5cb2a1 Merge "Set verity mode as the verified property value" 2015-04-07 08:45:24 +00:00
Paul Lawrence b8c9d273a0 Revert "Revert "Adding e4crypt support""
Fix build break caused by original change

This reverts commit 84b0bab58f.

Change-Id: I99fbd7c3d1ed92db1f546033c8493bb71a327924
2015-03-31 13:02:13 -07:00
Sami Tolvanen 454742392f Set verity mode as the verified property value
Set the verity mode as the value for partition.%s.verified to make it
easier for userspace to determine in which mode dm-verity was started.

Change-Id: Icc635515f8a8ede941277aed196867351d8387cb
2015-03-31 09:12:00 +01:00
Sami Tolvanen 946a0f3e19 Use structured format for verity metadata
Specify the location of verity metadata in fstab, and use a
type-length-value format for the metadata that allows other
data to be stored in the same location in an extensible way.

Change-Id: Id8711f7d51dc1e4e9a4d84f9951240f64528e69d
2015-03-24 09:02:47 +00:00
Sami Tolvanen acbf9bef43 Add init command to set verified properties
Add a command that updates dm-verity state and sets partition.%.verified
properties used by adb remount.

This is needed in init since fs_mgr cannot set properties:
    I6a28cccb1ccce960841af20a4b20c32d424b5524

Change-Id: I0fdf5bc29c56690dcadff9d0eb216d3c68483538
2015-03-19 10:11:17 +00:00
Sami Tolvanen 6904e0c263 am a88fb24a: Merge "Add fs_mgr support for dm-verity modes"
* commit 'a88fb24ab43eec9710a0d4d15aedb6d4bc51a2ec':
  Add fs_mgr support for dm-verity modes
2015-03-04 22:44:37 +00:00
Sami Tolvanen 51bf11ad95 Add fs_mgr support for dm-verity modes
Add support for dm-verity modes and storing persistent state in
a location specified by the following properties:

  ro.verity.state.location
  ro.verity.state.offset

If these properties do not exist, dm-verity is always loaded in
EIO mode. If the properties do exist, but the location does not
have valid state data, dm-verity is loaded in RESTART mode. The
mode is updated to LOGGING if a dm-verity triggered restart has
occurred.

Change-Id: Ibb82953594d234f81ad21c40f524190b88e4ac8f
2015-03-04 03:07:35 +00:00
Paul Lawrence 317b4024a2 Revert "Make encryption configurable"
This reverts commit bda6272446.

The original fix seems to have led to boot failures in QA. Rather than
risk shipping, revert the change. Bug 18764230 reopened.

Requires change
    https://googleplex-android-review.git.corp.google.com/#/c/629764/

Bug: 19278390
Bug: 19199624

Change-Id: I8b6ab585666f2b0f585ffb2a5f61ac2e3462e06e
2015-02-06 17:32:09 +00:00
Paul Lawrence 36d0eaecd7 Make encryption configurable
Delay mounting encryptable but unencrypted volumes until we can
check the ro.vold.forceencrypt flag, then optionally encrypt.

Requires matching vold change from
    https://googleplex-android-review.git.corp.google.com/#/c/615309/

Bug: 18764230
Change-Id: If22008be8de6a4f3216b349f81ace49be1730314
2015-01-28 11:41:53 -08:00
Paul Lawrence bda6272446 Make encryption configurable
Delay mounting encryptable but unencrypted volumes until we can
check the ro.vold.forceencrypt flag, then optionally encrypt.

Requires matching vold change from
    https://googleplex-android-review.git.corp.google.com/#/c/615309/

Bug: 18764230
Change-Id: If22008be8de6a4f3216b349f81ace49be1730314
2015-01-21 10:03:29 -08:00
Paul Lawrence ec900bba20 Revert "Revert "Enable verity on userdebug, and add disable-verity to adb""
This reverts commit 152d2d4234.

Fixed build error, and also fixed memory leak spotted from warning.

(cherry-pick of bbb36319119edde9377fb80015235893c30d2bc9.)

Bug: 17691572
Change-Id: I23b5ba537f7b557432041d4338b38b9be434e981
2014-12-09 17:02:17 -08:00
Paul Lawrence bbb3631911 Revert "Revert "Enable verity on userdebug, and add disable-verity to adb""
This reverts commit 152d2d4234.

Fixed build error, and also fixed memory leak spotted from warning.

Bug: 17691572
Change-Id: I23b5ba537f7b557432041d4338b38b9be434e981
2014-10-09 09:05:36 -07:00
Nick Kralevich 152d2d4234 Revert "Enable verity on userdebug, and add disable-verity to adb"
Build is broken.

system/core/fs_mgr/fs_mgr_verity.c: In function 'fs_mgr_setup_verity':
system/core/fs_mgr/fs_mgr_verity.c:103:20: error: 'verity_table_signature' may be used uninitialized in this function [-Werror=maybe-uninitialized]
     if (!RSA_verify(key,
                    ^
system/core/fs_mgr/fs_mgr_verity.c:374:11: note: 'verity_table_signature' was declared here
     char *verity_table_signature;
           ^
cc1: all warnings being treated as errors
make: *** [out/target/product/minnow/obj/STATIC_LIBRARIES/libfs_mgr_intermediates/fs_mgr_verity.o] Error 1
make: *** Waiting for unfinished jobs....

This reverts commit d4cea0bc16.

Change-Id: I6862cc79ef9d944a2472b6fb2e46dae514cea8ce
2014-10-08 23:55:05 +00:00
Paul Lawrence d4cea0bc16 Enable verity on userdebug, and add disable-verity to adb
Bug: 17691572

Change-Id: I58f588f318e7952d06a41325337d946d7c007e31
2014-10-08 15:24:37 -07:00
Paul Lawrence cf234dc7e0 Preserve errno from fsmgr_do_mount
Bug: 17358530
Change-Id: I4cd7403c0b7c4f878d6afa5199f998e6f614adb9
2014-09-11 17:31:49 -07:00
JP Abgrall cee206880e [HACK]fs_mgr+init: Format via recovery if encryptable /data is wiped
If the encryptable partition is wiped (4KB worth of 0 or 0xff),
then reboot into recovery to format /data+/cache

This is while waiting for the Mac OS support to format f2fs.
The flashstation running on Mac OS will currently just erase userdata
and not format it with f2fs.

Bug: 15720406
Bug: 15747366
Change-Id: Ib7cca3e1701483a09573457a835750f34da71ee0
2014-07-02 14:28:50 -07:00
JP Abgrall f22b745294 fs_mrg: clean up multi-type mount_all
Move the code that attempts to mount alternative fstab entries
into its own function.
Clarify return codes.
Suggest wipe via recovery in error messages.

Bug: 15747366
Change-Id: I3634477cd4d1d73f974f3e906c53285f0d9e0eac
Signed-off-by: JP Abgrall <jpa@google.com>
2014-07-02 13:39:44 -07:00
JP Abgrall 5c01dac6d8 fsmgr: support multiple fs-types/mountpoint
Previous attempt was broken.
It would incorrectly be affected by mount failures.

This changes allows an fstab to contain multiple lines for a given
mount point.
The lines sharing a mount MUST be after each other.

The 1st matching line is the primary when it comes to mounting
and look ups for wiping.

Mounting based on a mount_point will attempt each dup in turn
until one succeeds.
The reported error will be that of the last failed attempt.

This is to allow quick experimentation between different FSes.

Bug: 15702546
Change-Id: I378d68ad13eb0098ec1ccb8dcf108b82acbe9ebb
Signed-off-by: JP Abgrall <jpa@google.com>
2014-06-18 22:18:24 +00:00
JP Abgrall f786fe5438 fsmgr: revert multiple fs-types/mountpoint (fix N5 boot)
This is apparently breaking N5, so reverting for now.

This reverts commit a794f86522.

Bug: 15709256
Change-Id: I37a5160eead17e153e2c83fa94632ffa5d8553c2
2014-06-18 07:28:14 +00:00
JP Abgrall a794f86522 fsmgr: allow for a multiple fs-types for a mount point.
This changes allows an fstab to contain multiple lines for a given
mount point.
The lines sharing a mount MUST be after each other.

The 1st matching line is the primary when it comes to mounting
and look ups for wiping.

Mounting based on a mount_point will attempt each dup in turn
until one succeeds.

This is to allow quick experimentations between different FSes.
It does not deal with checkfs yet, because the underlying invocation
of fs-type appropriate fsck does not handle the error code.
Only the primary FS (1st in the dups) is checked.

Change-Id: I8329737454b53e2681436fe85cd00a9bc522676b
Signed-off-by: JP Abgrall <jpa@google.com>
2014-06-17 17:01:20 -07:00
Sasha Levitskiy cdc1cfb3e5 Cleanup: warning fixit.
bootable/recovery has a dependent commit: I9adb470b04e4301989d128c9c3097b21b4dea431

Change-Id: Icf23e659265d71d5226d527c2b40cfbc132320ee
Signed-off-by: Sasha Levitskiy <sanek@google.com>
2014-04-11 16:15:46 -07:00
Ken Sumrall 887f289206 New fstab flags to support more expressive SD card permissions
Bug: 10330128

Change-Id: I41fb178b839487b604762fbc1ccba097d25c7aa0
2013-09-20 17:43:52 -07:00
Geremy Condra 3ad3d1c4b5 Add basic verity support to fs_mgr.
This change adds a "verify" fs_mgr flag specifying that
the device in question should be verified.

Devices marked with this flag are expected to have a
footer immediately after their data containing all
the information needed to set up a verity instance.

Change-Id: I10101f2c3240228ee0932e3767fe35e673d2e720
2013-08-06 22:15:58 -07:00
Ken Sumrall 5bc31a2632 Add support for swap entries in fstab
Swap entries can optionally specify a swapprio= or zramsize= flag
in the fs_mgr flags field.

Change-Id: I30530501efd4112af4e158898a9f65f6443c4fdb
2013-07-09 15:04:56 -07:00
Ken Sumrall ab6b852235 fs_mgr: support a unified fstab format.
Update fs_mgr to support more flags needed to unify the 3
fstabs currently in android into one.

Change-Id: Ie46cea61a5b19882c55098bdd70f39e78fb603be
2013-02-19 10:18:42 -08:00
Ken Sumrall 7574c035b2 A filesystem manager library to mount filesystems for init.
Instead of specifying in init what to mount, and having various hacks in init
itself to deal with encryption, use a filesystem manager library to do the
work, that can also be invoked by vold when mounting an encrypted volume.
Keep all the magic filesystem info an a device specific fstab file.

Change-Id: Ib988f1e4fb0638ba1d5fd98407fa6d8cf862aaca
2012-04-30 19:31:06 -07:00