tequilaOS/platform_system_vold

Fork 0

Commit graph

Author	SHA1	Message	Date
Barani Muthukumaran	3dfb094cb2	vold: Support Storage keys for FBE To prevent keys from being compromised if an attacker acquires read access to kernel memory, some inline encryption hardware supports protecting the keys in hardware without software having access to or the ability to set the plaintext keys. Instead, software only sees "wrapped keys", which may differ on every boot. 'wrappedkey_v0' fileencryption flag is used to denote that the device supports inline encryption hardware that supports this feature. On such devices keymaster is used to generate keys with STORAGE_KEY tag and export a per-boot ephemerally wrapped storage key to install it in the kernel. The wrapped key framework in the linux kernel ensures the wrapped key is provided to the inline encryption hardware where it is unwrapped and the file contents key is derived to encrypt contents without revealing the plaintext key in the clear. Test: FBE validation with Fscrypt v2 + inline crypt + wrapped key changes kernel. Bug: 147733587 Change-Id: I1f0de61b56534ec1df9baef075acb74bacd00758	2020-02-12 14:26:26 -08:00
Eric Biggers	3e9c996ab0	Use <linux/fscrypt.h> from Bionic aosp/1184798 has updated the kernel headers to 5.4, so we no longer need the file fscrypt_uapi.h. In KeyUtil.cpp we also now don't need <linux/fs.h>, but rather just the more specific <linux/fscrypt.h>. Test: build Bug: None Change-Id: I56d17826eb7c3b95c74ce0435a4feae7f3cc325e	2019-12-16 16:19:44 -08:00
Eric Biggers	f3dc4203dd	vold: use new ioctls to add/remove fscrypt keys when supported When the kernel supports the new fscrypt key management ioctls, use them instead of add_key() and keyctl_unlink(). This will be needed in order to support v2 encryption policies, since v2 encryption policies only support the new ioctls. The new ioctls have other advantages too. For example, FS_IOC_REMOVE_ENCRYPTION_KEY automatically evicts exactly the necessary kernel objects, so the drop_caches sysctl is no longer needed. This makes evicting keys faster and more reliable. FS_IOC_REMOVE_ENCRYPTION_KEY also detects if any files are still open and therefore couldn't be "locked", whereas this went undetected before. Therefore, to start out this patch adds support for using the new ioctls for v1 encryption policies, i.e. on existing devices. (Originally based on a patch by Satya Tangirala <satyat@google.com>) Bug: 140500828 Test: tested that a device using v1 policies continues to work, both with and without an updated kernel. See If64028d8580584b2c33c614cabd5d6b93657f608 for more details. Also checked via the log that the filesystem-level keyring is in fact used when supported. Change-Id: I296ef78138578a3fd773797ac0cd46af1296b959	2019-09-30 13:11:42 -07:00

Author

SHA1

Message

Date

Barani Muthukumaran

3dfb094cb2

vold: Support Storage keys for FBE

To prevent keys from being compromised if an attacker
acquires read access to kernel memory, some inline
encryption hardware supports protecting the keys in
hardware without software having access to or the
ability to set the plaintext keys.  Instead, software
only sees "wrapped keys", which may differ on every boot.

'wrappedkey_v0' fileencryption flag is used to denote
that the device supports inline encryption hardware that
supports this feature. On such devices keymaster is used
to generate keys with STORAGE_KEY tag and export a
per-boot ephemerally wrapped storage key to install it in
the kernel.

The wrapped key framework in the linux kernel ensures the
wrapped key is provided to the inline encryption hardware
where it is unwrapped and the file contents key is derived
to encrypt contents without revealing the plaintext key in
the clear.

Test: FBE validation with Fscrypt v2 + inline crypt + wrapped
key changes kernel.

Bug: 147733587

Change-Id: I1f0de61b56534ec1df9baef075acb74bacd00758

2020-02-12 14:26:26 -08:00

Eric Biggers

3e9c996ab0

Use <linux/fscrypt.h> from Bionic

aosp/1184798 has updated the kernel headers to 5.4, so we no longer need
the file fscrypt_uapi.h.  In KeyUtil.cpp we also now don't need
<linux/fs.h>, but rather just the more specific <linux/fscrypt.h>.

Test: build
Bug: None
Change-Id: I56d17826eb7c3b95c74ce0435a4feae7f3cc325e

2019-12-16 16:19:44 -08:00

Eric Biggers

f3dc4203dd

vold: use new ioctls to add/remove fscrypt keys when supported

When the kernel supports the new fscrypt key management ioctls, use them
instead of add_key() and keyctl_unlink().

This will be needed in order to support v2 encryption policies, since v2
encryption policies only support the new ioctls.

The new ioctls have other advantages too.  For example,
FS_IOC_REMOVE_ENCRYPTION_KEY automatically evicts exactly the necessary
kernel objects, so the drop_caches sysctl is no longer needed.  This
makes evicting keys faster and more reliable.
FS_IOC_REMOVE_ENCRYPTION_KEY also detects if any files are still open
and therefore couldn't be "locked", whereas this went undetected before.

Therefore, to start out this patch adds support for using the new ioctls
for v1 encryption policies, i.e. on existing devices.

(Originally based on a patch by Satya Tangirala <satyat@google.com>)

Bug: 140500828
Test: tested that a device using v1 policies continues to work, both
      with and without an updated kernel.  See
      If64028d8580584b2c33c614cabd5d6b93657f608 for more details.
      Also checked via the log that the filesystem-level keyring is in
      fact used when supported.
Change-Id: I296ef78138578a3fd773797ac0cd46af1296b959

2019-09-30 13:11:42 -07:00

3 commits