tequilaOS/platform_system_vold

Fork 0

Commit graph

Author	SHA1	Message	Date
Paul Lawrence	236e5e800e	Make ext4 userdata checkpoints work with metadata encryption When both ext4 user data checkpoints and metadata encryption are enabled, we are creating two stacked dm devices. This had not been properly thought through or debugged. Test: Enable metadata encryption on taimen (add keydirectory=/metadata/vold/metadata_encryption to flags for userdata in fstab.hardware) Unfortunately metadata is not wiped by fastboot -w, so it is necessary to rm metadata/vold -rf whenever you wipe data. fastboot flashall -w works fastboot reboot -w works A normal boot works Disable checkpoint commits with setprop persist.vold.dont_commit_checkpoint 1 vdc checkpoint startCheckpoint 10 adb reboot wait for device to fully boot then adb reboot Wait for device to fully boot then adb logcat -d \| grep Checkpoint shows the rollback in the logs This tests encryption on top of checkpoints with commit, encryption without checkpoints, and rollback, which seems to be the key cases. Bug: 135905679 Change-Id: I8365a40298b752af4bb10d00d9ff58ce04beab1f	2019-06-26 15:19:24 -07:00
Paul Crowley	0fd2626fc3	Add a mount with metadata encryption service Don't use the FDE flow to support metadata encryption; just provide a vold service which directly mounts the volume and use that. Bug: 63927601 Test: Boot Taimen to SUW with and without metadata encryption. Change-Id: Ifc6a012c02c0ea66893020ed1d0da4cba6914aed	2018-02-01 10:08:17 -08:00
Paul Crowley	f71ace310e	Refactor to lay the groundwork for metadata encryption Bug: 26778031 Test: Angler, Marlin build and boot Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5	2017-04-21 10:47:17 -07:00

Author

SHA1

Message

Date

Paul Lawrence

236e5e800e

Make ext4 userdata checkpoints work with metadata encryption

When both ext4 user data checkpoints and metadata encryption are
enabled, we are creating two stacked dm devices. This had not been
properly thought through or debugged.

Test: Enable metadata encryption on taimen (add
keydirectory=/metadata/vold/metadata_encryption to flags for userdata in
fstab.hardware)
    Unfortunately metadata is not wiped by fastboot -w, so it is
    necessary to rm metadata/vold -rf whenever you wipe data.
    fastboot flashall -w works
    fastboot reboot -w works
    A normal boot works
    Disable checkpoint commits with
    setprop persist.vold.dont_commit_checkpoint 1
    vdc checkpoint startCheckpoint 10
    adb reboot
    wait for device to fully boot then
    adb reboot
    Wait for device to fully boot then
    adb logcat -d | grep Checkpoint shows the rollback in the logs

    This tests encryption on top of checkpoints with commit, encryption
    without checkpoints, and rollback, which seems to be the key cases.

Bug: 135905679
Change-Id: I8365a40298b752af4bb10d00d9ff58ce04beab1f

2019-06-26 15:19:24 -07:00

Paul Crowley

0fd2626fc3

Add a mount with metadata encryption service

Don't use the FDE flow to support metadata encryption; just provide a
vold service which directly mounts the volume and use that.

Bug: 63927601
Test: Boot Taimen to SUW with and without metadata encryption.
Change-Id: Ifc6a012c02c0ea66893020ed1d0da4cba6914aed

2018-02-01 10:08:17 -08:00

Paul Crowley

f71ace310e

Refactor to lay the groundwork for metadata encryption

Bug: 26778031
Test: Angler, Marlin build and boot
Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5

2017-04-21 10:47:17 -07:00

3 commits