cryptfs: Allow setting dm-crypt sector size
We add the property ro.crypto.fde_sector_size to allow devices to pass the "sector_size:<size>" argument to dm-crypt in the kernel. We also pass "iv_large_sectors" when setting the sector size. Using 4096-byte sectors rather than the default of 512 improves dm-crypt performance, especially when the Adiantum encryption mode is used. Bug: 112010205 Test: Run on a device Change-Id: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
This commit is contained in:
Greg Kaiser
parent
8cb4c9ff78
commit
ab1e84ad5f
1 changed files with 18 additions and 0 deletions
18
cryptfs.cpp
18
cryptfs.cpp
|
|
@ -36,6 +36,7 @@
|
|||
#include "secontext.h"
|
||||
|
||||
#include <android-base/properties.h>
|
||||
#include <android-base/stringprintf.h>
|
||||
#include <bootloader_message/bootloader_message.h>
|
||||
#include <cutils/android_reboot.h>
|
||||
#include <cutils/properties.h>
|
||||
|
|
@ -74,6 +75,7 @@ extern "C" {
|
|||
#include <crypto_scrypt.h>
|
||||
}
|
||||
|
||||
using android::base::StringPrintf;
|
||||
using namespace std::chrono_literals;
|
||||
|
||||
#define UNUSED __attribute__((unused))
|
||||
|
|
@ -1044,6 +1046,21 @@ static std::string extra_params_as_string(const std::vector<std::string>& extra_
|
|||
return extra_params;
|
||||
}
|
||||
|
||||
// Only adds parameters if the property is set.
|
||||
static void add_sector_size_param(std::vector<std::string>* extra_params_vec) {
|
||||
constexpr char DM_CRYPT_SECTOR_SIZE[] = "ro.crypto.fde_sector_size";
|
||||
char sector_size[PROPERTY_VALUE_MAX];
|
||||
|
||||
if (property_get(DM_CRYPT_SECTOR_SIZE, sector_size, "") > 0) {
|
||||
std::string param = StringPrintf("sector_size:%s", sector_size);
|
||||
extra_params_vec->push_back(std::move(param));
|
||||
|
||||
// With this option, IVs will match the sector numbering, instead
|
||||
// of being hard-coded to being based on 512-byte sectors.
|
||||
extra_params_vec->emplace_back("iv_large_sectors");
|
||||
}
|
||||
}
|
||||
|
||||
static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned char* master_key,
|
||||
const char* real_blk_name, char* crypto_blk_name, const char* name,
|
||||
uint32_t flags) {
|
||||
|
|
@ -1089,6 +1106,7 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned
|
|||
if (flags & CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE) {
|
||||
extra_params_vec.emplace_back("allow_encrypt_override");
|
||||
}
|
||||
add_sector_size_param(&extra_params_vec);
|
||||
load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name, fd,
|
||||
extra_params_as_string(extra_params_vec).c_str());
|
||||
if (load_count < 0) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue