external/avb/libavb provides the new Android Verified Boot (AVB) flow.
It has different verity metadata format than previous formats in
fs_mgr_verity.cpp fs_mgr should support using libavb to read the metadata
(a.k.a. HASHTREE descriptor in AVB) to enable dm-verity in kernel.
Two important files in this commit:
- fs_mgr_avb_ops.c: an implementation of struct AvbOps* for libavb to do
platform dependent I/O operations, e.g., read_from_partition.
- fs_mgr_avb.cpp: it reads the metadata (a.k.a. vbmeta images in AVB) from
all partitions, verifies its integrity against the values of
androidboot.vbmeta.{hash_alg, size, digest} passed from bootloader in
kernel command line. Then enable dm-verity for partitions having the
corresponding HASHTREE descriptor and with an 'avb' fstab flag.
Bug: 31264231
Test: Enable dm-verity on /system partition
Test: Enable dm-verity with FEC on /system partition
Change-Id: I4652806984fe5a30c61be0839135b5ca78323d38
When doing a factory reset in recovery, flash erase & logical block
sizes are needed for tuning the parameters of the new userdata image.
Add flags to allow this information to be stored in recovery.fstab
Test: Factory reset marlin & confirm userdata is rebuilt correctly
Bug: 33243520
Change-Id: I6c4414d4e9026be4a3646523656ac151e93015e7
Signed-off-by: Connor O'Brien <connoro@google.com>
Pointer from strdup is lost hence triggers mem leak warning from
clang, since ptr returned from basename may not point to start of
duplicated string any more.
Switch to use gnu version of basename which doesn't modify input
string so that strdup is no longer necessary.
Bug: 27126348
Test: compile
Change-Id: I937a68c01c223230932c932bffdd35da6503c3c4
Make the code more C++-ish by replacing char* or char** with
std::string&.
Bug: 31264231
Test: check device can boot with dm-verity
Change-Id: Ie3ca3f449b52959d1a7b2887d722eb5ce366c4f9
This commits moves some common functions out of fs_mgr_verity.cpp to be
reused by other verified boot flows. It includes:
- Move common functions into fs_mgr.c
- Move dm_ioctl related functions to a new file: fs_mgr_dm_ioctl.cpp
Bug: 31264231
Test: check device can boot with dm-verity
Change-Id: Iaa0d8031efbaae12aa28f872f62d3fc3d3763b51
This now combines all the "libsparse" libraries into the same soong
target. A minor side-effect of this change is that the libsparse
static library depends on the libz shared library instead of the libz
static library. This minor change has no effect since targets using
the static libsparse library need to explicitly include either the
static libz or the shared one.
Bug: 34220783
Change-Id: I8f41586cf4c3336791cfa57ab4f5ae59a76d7ffa
This allows a remount to be performed on partitions which have been
verified at boot, without causing the verity service to complain of
"corrupted" blocks that could have been modified as a result of a
remount (while the verity checksum remained unchanged).
(cherry picked from commit dd78ae75ff)
Bug: 32638755
Test: Compile
Change-Id: I77cf7dd20ee5c5f5dac80f73f292e32583fe5906
Running dm-verity on heavily accessed partitions leads to performance
slowdowns, especially on low-RAM and slow-CPU devices.
This patch introduces a flag to allow an entire verified partition to be
read once at boot, to check for corruptions. If the reads are
successful, we can mount the partition as raw & read-only, and if not,
we can revert to mounting it as a verity partition, just like before.
Usage of this flag will entail a slowdown of time-to-boot, but should
lead to improvements in runtime performance.
(cherry picked from commit 34543c03e6)
Bug: 32433608
Test: Compile
Change-Id: I97717683a00ad6fa347e63b72b1a9bf1d2946315
- Drop forced (-f) e2fsck check when the product has
enabled new ext4 generation by setting TARGET_USES_MKE2FS.
- The new generation tool is supposed to give better stability,
thus justifying dropping -f.
- This should help reducing boot-up time as full check (-f) can
increase boot-up time significantly depending on amount of data.
bug: 32246772
Test: many reboots
Change-Id: I631525bf7504bbfb025e170c8d24ad9d3ef3532e
To support upcoming disk usage calculation optimizations, this change
adds a new 'quota' mount flag. As part of mounting an ext4 device,
we now enable/disable the quota feature using tune2fs to match the
requested value in the fstab.
When changing the quota status, we force a fsck pass on the device
before actually mounting it to prime the quota data structures which
are stored in hidden inodes.
Changing quota state and priming the data structures needs to happen
before we actually mount the device, so fs_mgr is the best place to
place this logic.
Test: builds, boots, enables and disables quota
Bug: 27948817
Change-Id: I7ccbf97cbc4a679bdd7a31a77be4b99aa9a88e66
These reserved blocks used to root or claim to CAP_SYS_RESOURCES process.
Change-Id: I4893bdb08399bf31a7640d4a63f4952cd636576f
Merged-In: I4893bdb08399bf31a7640d4a63f4952cd636576f
Signed-off-by: liminghao <liminghao@xiaomi.com>
With this option the fstab can include a parameter for zram
the enables more streams for kernels that does not have
dynamic stream task handling.
Test: Made sure max_comp_streams is set according to fstab.
Change-Id: I22e158a075a8a86b4e80d3b13989896929c0d223
Pointer from strdup is lost hence triggers mem leak warning from
clang, since ptr returned from basename may not point to start of
duplicated string any more.
Switch to use gnu version of basename which doesn't modify input
string so that strdup is no longer necessary.
Bug: 27126348
Change-Id: Iadb5cf343437a1e27e588ee067b084897633ea07
Merged-In: I937a68c01c223230932c932bffdd35da6503c3c4
This will make it possible to start some key services before mounting
data partition
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
(cherry picked from commit abfbec342f)
This will make it possible to start some key services before mounting
data partition
(cherry picked from commit abfbec342f)
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
Right now these two partitions are mounted in the fs stage of the init
process. As a result, many vendor/ODM files needed earlier in the boot
process (e.g., init.<hardware>.rc, fstab.<hardware>.rc,
uevent.<hardware>.rc, SELinux policy files etc) can only live on the root
partition.
To prevent vendors/ODMs from polluting the root partition, this patch makes
it possible to mount the vendor and ODM partitions in the first stage of the
init process. The fstab info of both partitions to be mounted early is
composed from new kernel cmdline arguments android.early.prefix and
android.early.fstab.
For example, with:
android.early.prefix=/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/
android.early.fstab=mmcblk0p10+/odm+ext4+ro+verify\nmmcblk0p09+/vendor+ext4+ro+verify
the final fstab string will be:
/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p10 /odm ext4 ro verify
/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p09 /vendor ext4 ro verify
The android.early.prefix is optional. When it is missing, the final fstab
string will be directly converted from android.early.fstab.
This patch also makes sure that the early mounted partitions are dm-verity
enabled so that they are trust worthy to store system files.
BUG=27805372
Change-Id: I3cf32482a5ec65445ba3aedab2164c7ba8f12694
* Use const reference type for for-loop index variables
to avoid unnecessary copy.
Bug: 30413223
Change-Id: I5514384ef3af77c00aa3e8417acd8d70981e0afb
Test: build with WITH_TIDY=1
I'll come back and remove klog_init when I've removed other calls to it.
Change-Id: Iad7fd26d853b4ddc54e9abd44516b6f138cbbfcb
Test: booted N9, looked at "adb shell dmesg" output.
Use the correct device name when system is mounted as root, and
validate dm-verity status to avoid confusing it with dm-linear.
Bug: 29277442
Change-Id: I36e115189f9a9430bad4bf89f26a376bcb8e8168
If signature verification fails and we have an error corrected
signature available, attempt to verify that instead.
Needs changes from
Ie913c21ba1d07d6df4c6feeb7226b2ec963f4d19
Bug: 28943429
Change-Id: I7d48701916fe430b17aa05acb120f22a1802733d
(cherry picked from commit 830126637a)
