1140954877
Current AVB flow in fs_mgr doesn't allow verification error even if the
device is unlocked. This makes first stage mount fail when the device
is flashed with a different-sized boot.img because there is verification
error (HASH_MISMATCH) for the boot partition.
Fix this by allowing verification error only when the device is
unlocked. Whether to enable dm-verity for HASHTREE partitions is still
controlled by the HASHTREE_DISABLED flag in the top-level vbmeta.
Bug: 37985430
Test: First stage mount /vendor with AVB on a device.
Check dm-verity is enabled on /vendor.
Test: Unlock device, flash a different-sized boot.img. Boot device and check
dm-verity is still enabled on /vendor.
Test: First stage mount /vendor with AVB on a device with HASHTREE_DISABLED
is set on the top-level vbmeta, check dm-verity is not enable on /vendor.
Change-Id: I709431bc1c37e4f86133d171cee8e90621cdb857
|
||
|---|---|---|
| .. | ||
| include | ||
| .clang-format | ||
| Android.mk | ||
| fs_mgr.cpp | ||
| fs_mgr_avb.cpp | ||
| fs_mgr_avb_ops.cpp | ||
| fs_mgr_avb_ops.h | ||
| fs_mgr_boot_config.cpp | ||
| fs_mgr_dm_ioctl.cpp | ||
| fs_mgr_format.cpp | ||
| fs_mgr_fstab.cpp | ||
| fs_mgr_main.cpp | ||
| fs_mgr_priv.h | ||
| fs_mgr_priv_boot_config.h | ||
| fs_mgr_priv_dm_ioctl.h | ||
| fs_mgr_priv_sha.h | ||
| fs_mgr_slotselect.cpp | ||
| fs_mgr_verity.cpp | ||