Loading fs_mgr/libfiemap/README.md +5 −5 Original line number Diff line number Diff line Loading @@ -35,18 +35,18 @@ images. After `/data` is mounted however, there are two problems: We break the problem down into three scenarios. ### FDE and Metadata Encrypted Devices ### Metadata Encrypted Devices When FDE or metadata encryption is used, `/data` is not mounted from When metadata encryption is used, `/data` is not mounted from `/dev/block/by-name/data`. Instead, it is mounted from an intermediate `dm-crypt` or `dm-default-key` device. This means the underlying device is not marked in use, and we can create new dm-linear devices on top of it. `dm-default-key` device. This means the underlying device is not marked in use, and we can create new dm-linear devices on top of it. On these devices, a block device for an image will consist of a single device-mapper device with a `dm-linear` table entry for each extent in the backing file. ### Unencrypted and FBE-encrypted Devices ### Unencrypted and FBE-only Devices When a device is unencrypted, or is encrypted with FBE but not metadata encryption, we instead use a loop device with `LOOP_SET_DIRECT_IO` enabled. Loading rootdir/init.rc +3 −4 Original line number Diff line number Diff line Loading @@ -643,7 +643,7 @@ on late-fs chmod 0755 /sys/kernel/tracing chmod 0755 /sys/kernel/debug/tracing # HALs required before storage encryption can get unlocked (FBE/FDE) # HALs required before storage encryption can get unlocked (FBE) class_start early_hal # Load trusted keys from dm-verity protected partitions Loading Loading @@ -746,9 +746,8 @@ on post-fs-data # /data/apex is now available. Start apexd to scan and activate APEXes. # # To handle userspace reboots as well as devices that use FDE, make sure # that apexd is started cleanly here (set apexd.status="") and that it is # restarted if it's already running. # To handle userspace reboots, make sure that apexd is started cleanly here # (set apexd.status="") and that it is restarted if it's already running. # # /data/apex uses encryption=None because direct I/O support is needed on # APEX files, but some devices don't support direct I/O on encrypted files. Loading Loading
fs_mgr/libfiemap/README.md +5 −5 Original line number Diff line number Diff line Loading @@ -35,18 +35,18 @@ images. After `/data` is mounted however, there are two problems: We break the problem down into three scenarios. ### FDE and Metadata Encrypted Devices ### Metadata Encrypted Devices When FDE or metadata encryption is used, `/data` is not mounted from When metadata encryption is used, `/data` is not mounted from `/dev/block/by-name/data`. Instead, it is mounted from an intermediate `dm-crypt` or `dm-default-key` device. This means the underlying device is not marked in use, and we can create new dm-linear devices on top of it. `dm-default-key` device. This means the underlying device is not marked in use, and we can create new dm-linear devices on top of it. On these devices, a block device for an image will consist of a single device-mapper device with a `dm-linear` table entry for each extent in the backing file. ### Unencrypted and FBE-encrypted Devices ### Unencrypted and FBE-only Devices When a device is unencrypted, or is encrypted with FBE but not metadata encryption, we instead use a loop device with `LOOP_SET_DIRECT_IO` enabled. Loading
rootdir/init.rc +3 −4 Original line number Diff line number Diff line Loading @@ -643,7 +643,7 @@ on late-fs chmod 0755 /sys/kernel/tracing chmod 0755 /sys/kernel/debug/tracing # HALs required before storage encryption can get unlocked (FBE/FDE) # HALs required before storage encryption can get unlocked (FBE) class_start early_hal # Load trusted keys from dm-verity protected partitions Loading Loading @@ -746,9 +746,8 @@ on post-fs-data # /data/apex is now available. Start apexd to scan and activate APEXes. # # To handle userspace reboots as well as devices that use FDE, make sure # that apexd is started cleanly here (set apexd.status="") and that it is # restarted if it's already running. # To handle userspace reboots, make sure that apexd is started cleanly here # (set apexd.status="") and that it is restarted if it's already running. # # /data/apex uses encryption=None because direct I/O support is needed on # APEX files, but some devices don't support direct I/O on encrypted files. Loading
