fs_mgr_update_verity_state() is invoked by 'verity_update_state' in
init.rc. It will then set property "partition.system.verified" and
"partition.vendor.verified" to verify_mode. We should support this for
AVB as well.
Also change the order of static libs in init to fix the build error
after this change:
system/extras/ext4_utils/ext4_crypt.cpp:69: error: undefined reference to 'property_get'
Bug: 35416769
Test: Mount /system and /vendor with vboot 2.0 (AVB), check the following properties exist.
- [partition.system.verified]: [2]
- [partition.vendor.verified]: [2]
Test: Mount /system and /vendor with vboot 1.0, check the following properties exist.
- [partition.system.verified]: [0]
- [partition.vendor.verified]: [0]
Change-Id: I4328d66a8cb93f26e7960e620a0b2292d5f15900
Several changes in this CL:
- Moves class FsManagerAvbHandle to public API
- Adds a parameter 'wait_for_verity_dev' for FsManagerAvbHandle::SetUpAvb()
to allow not to wait for verity device gets created
- Adds FsManagerAvbHandle::AvbHashtreeDisabled() to query whether AVB is disabled
- Adds fs_mgr_is_avb() to query whether a fstab_rec has MF_AVB flag
Bug: 33254008
Test: test AVB on bullhead
Change-Id: I89c43ca574ae632db8a700fc2590a1f80212c993
The function returns "_a" or "_b" based on two possible values in
kernel cmdline:
- androidboot.slot = a or b OR
- androidboot.slot_suffix = _a or _b
Bug: 33254008
Bug: 36533366
Test: boot sailfish
Change-Id: Ia0a524e4145ebf61af5821f42ecad212c95ed748
Currently there is no client requires fs_mgr_read_fstab_with_dt() so
remove this API. Devices with fstab entries in device tree should use
fs_mgr_read_fstab_default() to get default fstab, or just use
fs_mgr_read_fstab_dt() to get those in device tree.
Bug: 35811655
Test: normal boot sailfish
Test: run factory data reset in sailfish
Test: recovery boot sailfish
Test: adb sideload in sailfish
Change-Id: I1579d81cea7366cf3867cfe5ad56feb36cbb7246
With the early mount support in init, fstab entries of verified partitions
(e.g., /system, /vendor) will be moved into device tree in kernel image.
Those early mount fstab entries will be removed from the fstab file to
prevent duplicated and/or inconsistent settings.
This change adds a new function: fs_mgr_read_fstab_with_dt(), to return
the combined results from both places. It also removes
fs_mgr_read_fstab_file() from the public APIs and makes it as an
internal function.
Bug: 35811655
Test: early mount /vendor with dm-verity on sailfish
Change-Id: I2fba3614685bf9f852a789cda6f53013e2164e60
With init parsing fstab fragments from kernel separately, the fs_mgr
would completely miss the device tree entries. That leads to things like
'adb remount' to go through without warning for verity even if /system
is verified. This happens because 'verity_update_state' completely
misses the partitions passed to android through the device tree.
solution is to teach fs_mgr about device tree fstab entries and add 2
new public APIs.
1. fs_mgr_read_fstab_dt() - reads device tree and returns fstab
generated from it.
2. fs_mgr_read_fstab_default() - reads both device tree fstab and
/fstab.{ro.hardware} and returns the combined table.
This also reduces the hardcoded /fstab.{ro.hardware} occurence only to
fs_mgr and for eveyone who wants to read the "default" fstab must be
changed to call fs_mgr_read_fstab_default() instead. e.g. adb.
b/27805372
Test: Angler was used since it has 2 early mounted partitions instead of
one. 1 verified and 1 unverified.
- Boot angler successfully without early mount
- Boot angler successfully with /vendor early mount and test if 'adb
remount' warns us about verity
- Boot angler successfully with both /system and /vendor early mounted
and ensure 'adb remount' warns us about verity.
- check partitions.system.verified status after /system early mount ot
ensure it is set to VERITY_MODE_DEFAULT.
- 'adb disable-verity' with early mounted /system doesn't work due to
missing changes in adb
TODO:
change adb to use the new fs_mgr_read_fstab_default() API
Change-Id: I82038d87c7a44488e938acce2cc1082c08f6f73a
Signed-off-by: Sandeep Patil <sspatil@google.com>
While technically possible, the verification at boot basically will
block init for as long as the entire partition is read while nothing
else is running. Disallow that as this is not going to be used anywhere.
Bug: 27805372
Test: boot angler with verifyatboot fs_mgr option for early mounted
vendor partition. That resulted in a panic() as expected.
Change-Id: I9da5caa163cae8bce6dbfb630f0ed5605ea044a0
Signed-off-by: Sandeep Patil <sspatil@google.com>
Consequently this removes the 'early' version of the exact same API.
This is to be used by early mount code where we need to do
1. setup verity
2. create verity device
3. mount partition
as separate steps since that happens during init first stage.
b/27805372
Test: Boot sailfish successfully
Change-Id: I01abecfdfa210d3e240a291ddcb3d2e9ed39ede6
Signed-off-by: Sandeep Patil <sspatil@google.com>
This is to be used in early mount case where we will have a fully
prepared fstab_rec. fs_mgr_do_mount() does a lot more checks and
spends time preparing verity / avb devices before it does the actual
mount.
b/33254008
Test: Boot sailfish
Change-Id: I4481b5af8d900c8b7e3355b7513c325d8f2ecff2
Signed-off-by: Sandeep Patil <sspatil@google.com>
This is done by parsing 'androidboot.fstab=<fstab>' kernel cmdline
option to get the fstab file that *only* specifies partitions to be
mounted early (i.e. in init's first stage).
Note that, the same fstab file may not be used as an argument to
mount_all later in the boot as that will cause fs_mgr to fail with
EBUSY.
TODO:
- Possibly add a new mount_mode so the same fstab can be used for
early_mount, 'mount_all --early/--late' etc.
- Add support for dm-verity enabled partitions to mount early.
- Add support for getting fstab arguments through DT instead of kernel
cmdline.
Bug: 27805372
Test:
Boot angler by passing a seperate fstab file using the kernel
cmdline option to mount vendor partition early, remove the vendor
partition entry from the main fstab file for the test.
Boot sailfish by passing a seperate fstab entry via device tree
to mount vendor partition early. Remove vendor partition entry from
the main fstab file for the test
Change-Id: I18785b893c54c8cee960ab44d5e8f83e5d624aa8
Signed-off-by: Sandeep Patil <sspatil@google.com>
Make the fs_mgr changes needed to support specifying aes-256-heh
filenames encryption. To do this, extend the "fileencryption" fstab
option to have the syntax
fileencryption=contents_encryption_mode[:filenames_encryption_mode].
The previous filenames encryption mode, aes-256-cts, remains supported
and will be used by default if no mode is explicitly specified.
For consistency, also make "aes-256-xts" an alias for the "software"
contents encryption mode.
Bug: 34712722
Change-Id: I74c0f5fe7cddde7055d7b031d96a2916ca611eb7
When doing a factory reset in recovery, flash erase & logical block
sizes are needed for tuning the parameters of the new userdata image.
Add flags to allow this information to be stored in recovery.fstab
Test: Factory reset marlin & confirm userdata is rebuilt correctly
Bug: 33243520
Change-Id: I6c4414d4e9026be4a3646523656ac151e93015e7
Signed-off-by: Connor O'Brien <connoro@google.com>
Pointer from strdup is lost hence triggers mem leak warning from
clang, since ptr returned from basename may not point to start of
duplicated string any more.
Switch to use gnu version of basename which doesn't modify input
string so that strdup is no longer necessary.
Bug: 27126348
Test: compile
Change-Id: I937a68c01c223230932c932bffdd35da6503c3c4
To support upcoming disk usage calculation optimizations, this change
adds a new 'quota' mount flag. As part of mounting an ext4 device,
we now enable/disable the quota feature using tune2fs to match the
requested value in the fstab.
When changing the quota status, we force a fsck pass on the device
before actually mounting it to prime the quota data structures which
are stored in hidden inodes.
Changing quota state and priming the data structures needs to happen
before we actually mount the device, so fs_mgr is the best place to
place this logic.
Test: builds, boots, enables and disables quota
Bug: 27948817
Change-Id: I7ccbf97cbc4a679bdd7a31a77be4b99aa9a88e66
These reserved blocks used to root or claim to CAP_SYS_RESOURCES process.
Change-Id: I4893bdb08399bf31a7640d4a63f4952cd636576f
Merged-In: I4893bdb08399bf31a7640d4a63f4952cd636576f
Signed-off-by: liminghao <liminghao@xiaomi.com>
With this option the fstab can include a parameter for zram
the enables more streams for kernels that does not have
dynamic stream task handling.
Test: Made sure max_comp_streams is set according to fstab.
Change-Id: I22e158a075a8a86b4e80d3b13989896929c0d223
Pointer from strdup is lost hence triggers mem leak warning from
clang, since ptr returned from basename may not point to start of
duplicated string any more.
Switch to use gnu version of basename which doesn't modify input
string so that strdup is no longer necessary.
Bug: 27126348
Change-Id: Iadb5cf343437a1e27e588ee067b084897633ea07
Merged-In: I937a68c01c223230932c932bffdd35da6503c3c4
This will make it possible to start some key services before mounting
data partition
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
(cherry picked from commit abfbec342f)
This will make it possible to start some key services before mounting
data partition
(cherry picked from commit abfbec342f)
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
Right now these two partitions are mounted in the fs stage of the init
process. As a result, many vendor/ODM files needed earlier in the boot
process (e.g., init.<hardware>.rc, fstab.<hardware>.rc,
uevent.<hardware>.rc, SELinux policy files etc) can only live on the root
partition.
To prevent vendors/ODMs from polluting the root partition, this patch makes
it possible to mount the vendor and ODM partitions in the first stage of the
init process. The fstab info of both partitions to be mounted early is
composed from new kernel cmdline arguments android.early.prefix and
android.early.fstab.
For example, with:
android.early.prefix=/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/
android.early.fstab=mmcblk0p10+/odm+ext4+ro+verify\nmmcblk0p09+/vendor+ext4+ro+verify
the final fstab string will be:
/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p10 /odm ext4 ro verify
/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p09 /vendor ext4 ro verify
The android.early.prefix is optional. When it is missing, the final fstab
string will be directly converted from android.early.fstab.
This patch also makes sure that the early mounted partitions are dm-verity
enabled so that they are trust worthy to store system files.
BUG=27805372
Change-Id: I3cf32482a5ec65445ba3aedab2164c7ba8f12694
This option allows fs_mgr to ignore mount errors on an optional
partition to allow booting to continue.
Bug: 28071890
Change-Id: I71a2b3c1c573297cab18884b4c4bd7c27ced2901
This option allows fs_mgr to ignore mount errors on an optional
partition to allow booting to continue.
Bug: 28071890
Change-Id: I71a2b3c1c573297cab18884b4c4bd7c27ced2901
If the userdata partition has the encryptable=footer fstab option,
fs_mgr must leave room for the crypt footer.
Change-Id: Id07818c5d93aafc27577f72fb0a780f26db51b16
Signed-off-by: Chuanxiao Dong <chuanxiao.dong@intel.com>
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
This set of changes adds the screen that offers this conversion,
and the plumbing so the option is only available on suitable
devices.
It does not implement the conversion mechanism.
Change-Id: Idbe5ef5d5fad197cc8187e1b288c57feef2c2c0b
Bowgo Tsai