Modify vold to check for hardware keymaster.

vold should only use hardware keymaster implementations to protect the disk encryption key, because there's little value in using the software implementation. More importantly, if we allow vold to use softkeymaster in the absence of a HW keymaster and (somehow) a HW keymaster is added to a device, the HW version will be loaded, and will be unable to use the softkeymaster key found in the crypto footer, forcing a factory reset. This CL will not break devices without HW keymaster, because softkeymaster currently reports its keys as non-standalone (which isn't correct). After this CL is in, I will fix softkeymaster. Bug: 17362157 Change-Id: I98b169e7a59ff7d44b72069b87743463ec823ea2
2014-10-30 08:12:32 -06:00 · 2014-10-30 08:12:32 -06:00 · 7c49ab0a0b
commit 7c49ab0a0b
parent 13c3a90b58
1 changed files with 2 additions and 1 deletions
--- a/cryptfs.c
+++ b/cryptfs.c
@ -138,7 +138,8 @@ static int keymaster_check_compatibility()
        goto out;
    }

-    if (keymaster_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE) {
+    if (!(keymaster_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
+        (keymaster_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
        rc = 1;
    }