platform_system_security

History

Martijn Coenen 0aeee3d632 Split fsverity_init in multiple phases. Soon we'll have a need for multiple fs-verity keys in the keyring; we need a central place to manage the keys, as well as restrict the keyring. fsverity_init makes most sense for this. Allow fsverity_init to be called in 3 different ways: --load-verified-keys: loads preloaded keys from trusted partitions --load-extra-key: loads an additional key passed in from stdin; the key name is given as an argument. --lock: locks the keyring, and prevents new keys from being loaded Bug: 165630556 Test: boot, cat /proc/keys/ Change-Id: I758e49a5c4229edc531d01ac2e8873a22a1da73e	2020-12-03 10:03:17 +01:00
..
Android.bp	Stop reading fs-verity certificate from keystore	2020-02-26 12:39:15 -08:00
fsverity_init.cpp	Split fsverity_init in multiple phases.	2020-12-03 10:03:17 +01:00

Martijn Coenen 0aeee3d632 Split fsverity_init in multiple phases.

Soon we'll have a need for multiple fs-verity keys in the keyring; we
need a central place to manage the keys, as well as restrict the
keyring. fsverity_init makes most sense for this.

Allow fsverity_init to be called in 3 different ways:
--load-verified-keys: loads preloaded keys from trusted partitions
--load-extra-key: loads an additional key passed in from stdin; the key
name is given as an argument.
--lock: locks the keyring, and prevents new keys from being loaded

Bug: 165630556
Test: boot, cat /proc/keys/
Change-Id: I758e49a5c4229edc531d01ac2e8873a22a1da73e

2020-12-03 10:03:17 +01:00

Android.bp

Stop reading fs-verity certificate from keystore

2020-02-26 12:39:15 -08:00

fsverity_init.cpp

Split fsverity_init in multiple phases.

2020-12-03 10:03:17 +01:00