tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Clean up references to FDE in documentation and comments"

Browse source
This commit is contained in:
Eric Biggers 2023-01-18 19:43:50 +00:00 committed by Gerrit Code Review
commit 381c884a96
2 changed files with 8 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
fs_mgr/libfiemap/README.md
View file

@ -35,18 +35,18 @@ images. After `/data` is mounted however, there are two problems:
We break the problem down into three scenarios.
### FDE and Metadata Encrypted Devices
### Metadata Encrypted Devices
When FDE or metadata encryption is used, `/data` is not mounted from
When metadata encryption is used, `/data` is not mounted from
`/dev/block/by-name/data`. Instead, it is mounted from an intermediate
`dm-crypt` or `dm-default-key` device. This means the underlying device is
not marked in use, and we can create new dm-linear devices on top of it.
`dm-default-key` device. This means the underlying device is not marked in use,
and we can create new dm-linear devices on top of it.
On these devices, a block device for an image will consist of a single
device-mapper device with a `dm-linear` table entry for each extent in the
backing file.
### Unencrypted and FBE-encrypted Devices
### Unencrypted and FBE-only Devices
When a device is unencrypted, or is encrypted with FBE but not metadata
encryption, we instead use a loop device with `LOOP_SET_DIRECT_IO` enabled.

7
rootdir/init.rc
View file

@ -643,7 +643,7 @@ on late-fs
chmod 0755 /sys/kernel/tracing
chmod 0755 /sys/kernel/debug/tracing
# HALs required before storage encryption can get unlocked (FBE/FDE)
# HALs required before storage encryption can get unlocked (FBE)
class_start early_hal
# Load trusted keys from dm-verity protected partitions
@ -746,9 +746,8 @@ on post-fs-data
# /data/apex is now available. Start apexd to scan and activate APEXes.
#
# To handle userspace reboots as well as devices that use FDE, make sure
# that apexd is started cleanly here (set apexd.status="") and that it is
# restarted if it's already running.
# To handle userspace reboots, make sure that apexd is started cleanly here
# (set apexd.status="") and that it is restarted if it's already running.
#
# /data/apex uses encryption=None because direct I/O support is needed on
# APEX files, but some devices don't support direct I/O on encrypted files.