bootloader_messages merges bootloader_message_writer
and bootloader.cpp, so we can use the same library to
manage bootloader_message in normal boot and recovery mode.
Bug: 29582118
Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Cherry-pick of 452df6d99c, with
merge conflict resolution, extra logging in verifier.cpp, and
an increase in the hash chunk size from 4KiB to 1MiB.
Bug: http://b/28135231
Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
(cherry-pick from commit a4f701af93)
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
The SwipeDetector class is used almost unchanged in all locations.
This patch moves it into the recovery module, from which devices can
reference it if required.
The class is now renamed to WearSwipeDetector.
Bug: 27407422
Change-Id: Ifd3c7069a287548b89b14ab5d6d2b90a298e0145
update_verifier checks the integrity of the updated system and vendor
partitions on the first boot post an A/B OTA update. It marks the
current slot as having booted successfully if it passes the verification.
This CL doesn't perform any actual verification work which will be
addressed in follow-up CLs.
Bug: 26039641
Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42
(cherry picked from commit 1171d3a12b)
update_verifier checks the integrity of the updated system and vendor
partitions on the first boot post an A/B OTA update. It marks the
current slot as having booted successfully if it passes the verification.
This CL doesn't perform any actual verification work which will be
addressed in follow-up CLs.
Bug: 26039641
Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42
These are already getting libc++, so it isn't necessary. If any of the
other static libraries (such as adb) use new or delete from libc++,
there will be symbol collisions.
Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f
(cherry picked from commit e49a9e527a)
Every watch has a (mostly identical) copy of the wear_ui. Factor them
out into a single copy for easier maintenance. Device-specific settings
should be defined in recovery_ui.cpp that inherits WearRecoveryUI class.
Bug: 22451422
Change-Id: Id07efca37d1b1d330e6327506c7b73ccf6ae9241
These are already getting libc++, so it isn't necessary. If any of the
other static libraries (such as adb) use new or delete from libc++,
there will be symbol collisions.
Change-Id: I55e43ec60006d3c2403122fa1174bde06f18e09f
This makes it easier for us to deal with arbitrary information at the
top, and means that headers added by specific commands don't overwrite
the default ones.
Add the fingerprint back, but broken up so it fits even on sprout's
display.
Change-Id: Id71da79ab1aa455a611d72756a3100a97ceb4c1c
The current abstract class was a nice idea but has led to a lot of
copy & paste in practice. Right now, no one we know of has any extra
menu items, so let's make the default menu available to everyone.
(If we assume that someone somewhere really does need custom
device-specific menu options, a better API would let them add to
our menu rather than replacing it.)
Change-Id: I59f6a92f3ecd830c2ce78ce9da19eaaf472c5dfa
This eliminated the previous hack, that doesn't work reliably with the
"LOCAL_REQUIRED_MODULES := mkfs.f2fs".
Bug: 19666886
Change-Id: I1f0a2d41129f402c0165f3b86b6fda077291f282
I think everything left now is here to stay (services.c might get
massaged in to libadbd if it gets refactored).
Bug: 17626262
Change-Id: I01faf8b277a601a40e3a0f4c3b8206c97f1d2ce6
adb.h has diverged a bit, so that one will be more involved, but these
three are all trivial, unimportant changes.
Change-Id: Ief8474c1c2927d7e955adf04f887c76ab37077a6
This include path was needed because system/vold/cryptfs.h included an
OpenSSL header just to get the length of a SHA-256 hash. This has been
fixed in https://android-review.googlesource.com/#/c/124477/1.
Change-Id: I06a8ba0ee5b9efcc3260598f07d9819f065711de
The cryptfs.h files is always included, but its path is only included when TARGET_USERIMAGES_USE_EXT4 is defined.
Change-Id: Iec6aa4601a56a1feac456a21a53a08557dc1d00d
Make a fuse filesystem that sits on top of the selected package file
on the sdcard, so we can verify that the file contents don't change
while being read and avoid copying the file to /tmp (that is, RAM)
before verifying and installing it.
Change-Id: Ifd982aa68bfe469eda5f839042648654bf7386a1
Split the adb-specific portions (fetching a block from the adb host
and closing the connections) out from the rest of the FUSE filesystem
code, so that we can reuse the fuse stuff for installing off sdcards
as well.
Change-Id: I0ba385fd35999c5f5cad27842bc82024a264dd14
This adds F2FS support
- for wiping a device
- for the install "format" command.
Note: crypto data in "footer" with a default/negative length
is not supported, unlike with "ext4".
Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870
Signed-off-by: JP Abgrall <jpa@google.com>
Recovery now draws directly to the framebuffer by rolling its own
graphics code, rather than depending on libpixelflinger.
The recovery UI is modified slightly to eliminate operations that are
slow with the software implementation: when the text display / menu is
turned on, it now appears on a black background instead of a dimmed
version of the recovery icon.
There's probably substantial room for optimization of the graphics
operations.
Bug: 12131110
Change-Id: Iab6520e0a7aaec39e2ce39377c10aef82ae0c595
Older versions of android supported an ASLR system where binaries were
randomly twiddled at OTA install time. Remove support for this; we
now use the ASLR support in the linux kernel.
Change-Id: I8348eb0d6424692668dc1a00e2416fbef6c158a2
uncrypt can read a file on an encrypted filesystem and rewrite it to
the same blocks on the underlying (unencrypted) block device. This
destroys the contents of the file as far as the encrypted filesystem
is concerned, but allows the data to be read without the encryption
key if you know which blocks of the raw device to access. uncrypt
produces a "block map" file which lists the blocks that contain the file.
For unencrypted filesystem, uncrypt will produce the block map without
touching the data.
Bug: 12188746
Change-Id: Ib7259b9e14dac8af406796b429d58378a00c7c63
Changes minzip and recovery's file signature verification to work on
memory regions, rather than files.
For packages which are regular files, install.cpp now mmap()s them
into memory and then passes the mapped memory to the verifier and to
the minzip library.
Support for files which are raw block maps (which will be used when we
have packages written to encrypted data partitions) is present but
largely untested so far.
Bug: 12188746
Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
This assumes that the metadata is correctly defined in fstab.
Which apparently some devices don't do.
Bug: 8766487
Bug: 12112624
Change-Id: I1b14b9d4c888e9348527984be3dce04bdd9f4de0
This adds support for key version 5 which is an EC key using the NIST
P-256 curve parameters. OTAs may be signed with these keys using the
ECDSA signature algorithm with SHA-256.
Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
Also provide a default implementation of CheckKey that's reasonable
for many devices (those that have power and volume keys).
Change-Id: Icf6c7746ebd866152d402059dbd27fd16bd51ff8