From 5265b8d4251dc6ee6bd4cf9d9bda3dd93951d5e0 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 18 Jan 2023 02:17:13 +0000 Subject: [PATCH] Clean up references to FDE in documentation and comments Bug: 208476087 Change-Id: I328026d68c9dd7a5042ef4b5369f34af93760b37 --- fs_mgr/libfiemap/README.md | 10 +++++----- rootdir/init.rc | 7 +++---- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/fs_mgr/libfiemap/README.md b/fs_mgr/libfiemap/README.md index 62d610a5d..cdc80b28f 100644 --- a/fs_mgr/libfiemap/README.md +++ b/fs_mgr/libfiemap/README.md @@ -35,18 +35,18 @@ images. After `/data` is mounted however, there are two problems: We break the problem down into three scenarios. -### FDE and Metadata Encrypted Devices +### Metadata Encrypted Devices -When FDE or metadata encryption is used, `/data` is not mounted from +When metadata encryption is used, `/data` is not mounted from `/dev/block/by-name/data`. Instead, it is mounted from an intermediate -`dm-crypt` or `dm-default-key` device. This means the underlying device is -not marked in use, and we can create new dm-linear devices on top of it. +`dm-default-key` device. This means the underlying device is not marked in use, +and we can create new dm-linear devices on top of it. On these devices, a block device for an image will consist of a single device-mapper device with a `dm-linear` table entry for each extent in the backing file. -### Unencrypted and FBE-encrypted Devices +### Unencrypted and FBE-only Devices When a device is unencrypted, or is encrypted with FBE but not metadata encryption, we instead use a loop device with `LOOP_SET_DIRECT_IO` enabled. diff --git a/rootdir/init.rc b/rootdir/init.rc index a2fb88a98..db5113ff0 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -643,7 +643,7 @@ on late-fs chmod 0755 /sys/kernel/tracing chmod 0755 /sys/kernel/debug/tracing - # HALs required before storage encryption can get unlocked (FBE/FDE) + # HALs required before storage encryption can get unlocked (FBE) class_start early_hal # Load trusted keys from dm-verity protected partitions @@ -746,9 +746,8 @@ on post-fs-data # /data/apex is now available. Start apexd to scan and activate APEXes. # - # To handle userspace reboots as well as devices that use FDE, make sure - # that apexd is started cleanly here (set apexd.status="") and that it is - # restarted if it's already running. + # To handle userspace reboots, make sure that apexd is started cleanly here + # (set apexd.status="") and that it is restarted if it's already running. # # /data/apex uses encryption=None because direct I/O support is needed on # APEX files, but some devices don't support direct I/O on encrypted files.