Choose options format using property
To make it easier to support disk formats created using old versions of dm-default-key with new kernels, choose the disk format to use based on options_format_version and first_api_version properties instead of checking the version number of the kernel module. Bug: 150761030 Test: crosshatch and cuttlefish boot normally; cuttlefish fails with "default-key: Not enough arguments" as expected when option is set to 1 Change-Id: Ib51071b7c316ce074de72439741087b18335048c
This commit is contained in:
parent
10a372f1d2
commit
f56d553bab
1 changed files with 12 additions and 7 deletions
|
@ -58,7 +58,7 @@ using namespace android::dm;
|
||||||
// Parsed from metadata options
|
// Parsed from metadata options
|
||||||
struct CryptoOptions {
|
struct CryptoOptions {
|
||||||
struct CryptoType cipher = invalid_crypto_type;
|
struct CryptoType cipher = invalid_crypto_type;
|
||||||
bool is_legacy = false;
|
bool use_legacy_options_format = false;
|
||||||
bool set_dun = true; // Non-legacy driver always sets DUN
|
bool set_dun = true; // Non-legacy driver always sets DUN
|
||||||
bool use_hw_wrapped_key = false;
|
bool use_hw_wrapped_key = false;
|
||||||
};
|
};
|
||||||
|
@ -211,7 +211,7 @@ static bool create_crypto_blk_dev(const std::string& dm_name, const std::string&
|
||||||
|
|
||||||
auto target = std::make_unique<DmTargetDefaultKey>(0, *nr_sec, options.cipher.get_kernel_name(),
|
auto target = std::make_unique<DmTargetDefaultKey>(0, *nr_sec, options.cipher.get_kernel_name(),
|
||||||
hex_key, blk_device, 0);
|
hex_key, blk_device, 0);
|
||||||
if (options.is_legacy) target->SetIsLegacy();
|
if (options.use_legacy_options_format) target->SetUseLegacyOptionsFormat();
|
||||||
if (options.set_dun) target->SetSetDun();
|
if (options.set_dun) target->SetSetDun();
|
||||||
if (options.use_hw_wrapped_key) target->SetWrappedKeyV0();
|
if (options.use_hw_wrapped_key) target->SetWrappedKeyV0();
|
||||||
|
|
||||||
|
@ -287,25 +287,30 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool is_legacy;
|
constexpr unsigned int pre_gki_level = 29;
|
||||||
if (!DmTargetDefaultKey::IsLegacy(&is_legacy)) return false;
|
unsigned int options_format_version = android::base::GetUintProperty<unsigned int>(
|
||||||
|
"ro.crypto.dm_default_key.options_format.version",
|
||||||
|
(GetFirstApiLevel() <= pre_gki_level ? 1 : 2));
|
||||||
|
|
||||||
CryptoOptions options;
|
CryptoOptions options;
|
||||||
if (is_legacy) {
|
if (options_format_version == 1) {
|
||||||
if (!data_rec->metadata_encryption.empty()) {
|
if (!data_rec->metadata_encryption.empty()) {
|
||||||
LOG(ERROR) << "metadata_encryption options cannot be set in legacy mode";
|
LOG(ERROR) << "metadata_encryption options cannot be set in legacy mode";
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
options.cipher = legacy_aes_256_xts;
|
options.cipher = legacy_aes_256_xts;
|
||||||
options.is_legacy = true;
|
options.use_legacy_options_format = true;
|
||||||
options.set_dun = android::base::GetBoolProperty("ro.crypto.set_dun", false);
|
options.set_dun = android::base::GetBoolProperty("ro.crypto.set_dun", false);
|
||||||
if (!options.set_dun && data_rec->fs_mgr_flags.checkpoint_blk) {
|
if (!options.set_dun && data_rec->fs_mgr_flags.checkpoint_blk) {
|
||||||
LOG(ERROR)
|
LOG(ERROR)
|
||||||
<< "Block checkpoints and metadata encryption require ro.crypto.set_dun option";
|
<< "Block checkpoints and metadata encryption require ro.crypto.set_dun option";
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
} else {
|
} else if (options_format_version == 2) {
|
||||||
if (!parse_options(data_rec->metadata_encryption, &options)) return false;
|
if (!parse_options(data_rec->metadata_encryption, &options)) return false;
|
||||||
|
} else {
|
||||||
|
LOG(ERROR) << "Unknown options_format_version: " << options_format_version;
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
auto gen = needs_encrypt ? makeGen(options) : neverGen();
|
auto gen = needs_encrypt ? makeGen(options) : neverGen();
|
||||||
|
|
Loading…
Reference in a new issue