Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0d94252d authored by Eric Biggers's avatar Eric Biggers Committed by Automerger Merge Worker
Browse files

Merge "Clean up references to FDE in documentation and comments" am:... 

Merge "Clean up references to FDE in documentation and comments" am: 381c884a am: 99552831 am: b12ab4f1

Original change: https://android-review.googlesource.com/c/platform/system/core/+/2389159



Change-Id: I24fa4c5f05db00c54aad4c6142a97a68d63cc188
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 95cc36ab b12ab4f1

fs_mgr/libfiemap/README.md

+5 −5
Original line number Diff line number Diff line
@@ -35,18 +35,18 @@ images. After `/data` is mounted however, there are two problems: 


We break the problem down into three scenarios.



### FDE and Metadata Encrypted Devices

### Metadata Encrypted Devices



When FDE or metadata encryption is used, `/data` is not mounted from

When metadata encryption is used, `/data` is not mounted from

`/dev/block/by-name/data`. Instead, it is mounted from an intermediate

`dm-crypt` or `dm-default-key` device. This means the underlying device is

not marked in use, and we can create new dm-linear devices on top of it.

`dm-default-key` device. This means the underlying device is not marked in use,

and we can create new dm-linear devices on top of it.



On these devices, a block device for an image will consist of a single

device-mapper device with a `dm-linear` table entry for each extent in the

backing file.



### Unencrypted and FBE-encrypted Devices

### Unencrypted and FBE-only Devices



When a device is unencrypted, or is encrypted with FBE but not metadata

encryption, we instead use a loop device with `LOOP_SET_DIRECT_IO` enabled.

rootdir/init.rc

+3 −4
Original line number Diff line number Diff line
@@ -643,7 +643,7 @@ on late-fs 
    chmod 0755 /sys/kernel/tracing

    chmod 0755 /sys/kernel/debug/tracing



    # HALs required before storage encryption can get unlocked (FBE/FDE)

    # HALs required before storage encryption can get unlocked (FBE)

    class_start early_hal



    # Load trusted keys from dm-verity protected partitions
@@ -746,9 +746,8 @@ on post-fs-data 


    # /data/apex is now available. Start apexd to scan and activate APEXes.

    #

    # To handle userspace reboots as well as devices that use FDE, make sure

    # that apexd is started cleanly here (set apexd.status="") and that it is

    # restarted if it's already running.

    # To handle userspace reboots, make sure that apexd is started cleanly here

    # (set apexd.status="") and that it is restarted if it's already running.

    #

    # /data/apex uses encryption=None because direct I/O support is needed on

    # APEX files, but some devices don't support direct I/O on encrypted files.