Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 64552741 authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "libfs_avb: verifying vbmeta digest early" am: c9924a76 

Original change: https://android-review.googlesource.com/c/platform/system/core/+/1580326

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: If081433ccb92bf7472196d281e4bfe93b781afb1
parents 08302373 c9924a76

fs_mgr/libfs_avb/fs_avb.cpp

+18 −18
Original line number Diff line number Diff line
@@ -433,6 +433,16 @@ AvbUniquePtr AvbHandle::Open() { 
    // Sets the MAJOR.MINOR for init to set it into "ro.boot.avb_version".

    avb_handle->avb_version_ = StringPrintf("%d.%d", AVB_VERSION_MAJOR, AVB_VERSION_MINOR);



    // Verifies vbmeta structs against the digest passed from bootloader in kernel cmdline.

    std::unique_ptr<AvbVerifier> avb_verifier = AvbVerifier::Create();

    if (!avb_verifier || !avb_verifier->VerifyVbmetaImages(avb_handle->vbmeta_images_)) {

        LERROR << "Failed to verify vbmeta digest";

        if (!allow_verification_error) {

            LERROR << "vbmeta digest error isn't allowed ";

            return nullptr;

        }

    }



    // Checks whether FLAGS_VERIFICATION_DISABLED is set:

    //   - Only the top-level vbmeta struct is read.

    //   - vbmeta struct in other partitions are NOT processed, including AVB HASH descriptor(s)
@@ -443,27 +453,17 @@ AvbUniquePtr AvbHandle::Open() { 
    bool verification_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags &

                                  AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED);



    // Checks whether FLAGS_HASHTREE_DISABLED is set.

    //   - vbmeta struct in all partitions are still processed, just disable

    //     dm-verity in the user space.

    bool hashtree_disabled =

            ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED);



    if (verification_disabled) {

        avb_handle->status_ = AvbHandleStatus::kVerificationDisabled;

    } else {

        // Verifies vbmeta structs against the digest passed from bootloader in kernel cmdline.

        std::unique_ptr<AvbVerifier> avb_verifier = AvbVerifier::Create();

        if (!avb_verifier) {

            LERROR << "Failed to create AvbVerifier";

            return nullptr;

        }

        if (!avb_verifier->VerifyVbmetaImages(avb_handle->vbmeta_images_)) {

            LERROR << "VerifyVbmetaImages failed";

            return nullptr;

        }



        // Checks whether FLAGS_HASHTREE_DISABLED is set.

        bool hashtree_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags &

                                  AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED);

        if (hashtree_disabled) {

    } else if (hashtree_disabled) {

        avb_handle->status_ = AvbHandleStatus::kHashtreeDisabled;

    }

    }



    LINFO << "Returning avb_handle with status: " << avb_handle->status_;

    return avb_handle;