Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 648dec66 authored by Martijn Coenen's avatar Martijn Coenen
Browse files

Support asynchronous odsign. 

To improve boottime, we want to run odsign in an asynchronous fashion;
but there are 2 places where we do need it be sync:
1) We need to know when it's done using its key, so that we lock
keyrings and advance the boot stage
2) We need to know verification is complete before we start the zygote

These are indicated by odsign using separate properties.

Bug: 165630556
Test: init waits for the properties, and proceeds when done
Change-Id: I623c24a683340961b339ed19be2f577d9293b097
parent 49699fe8

rootdir/init.rc

+8 −1
Original line number Diff line number Diff line
@@ -902,7 +902,11 @@ on post-fs-data 


    # Start the on-device signing daemon, and wait for it to finish, to ensure

    # ART artifacts are generated if needed.

    exec_start odsign

    start odsign



    # Before we can lock keys and proceed to the next boot stage, wait for

    # odsign to be done with the key

    wait_for_prop odsign.key.done 1



    # After apexes are mounted, tell keymaster early boot has ended, so it will

    # stop allowing use of early-boot keys
@@ -944,6 +948,7 @@ on post-fs-data 
# It is recommended to put unnecessary data/ initialization from post-fs-data

# to start-zygote in device's init.rc to unblock zygote start.

on zygote-start && property:ro.crypto.state=unencrypted

    wait_for_prop odsign.verification.done 1

    # A/B update verifier that marks a successful boot.

    exec_start update_verifier_nonencrypted

    start statsd
@@ -952,6 +957,7 @@ on zygote-start && property:ro.crypto.state=unencrypted 
    start zygote_secondary



on zygote-start && property:ro.crypto.state=unsupported

    wait_for_prop odsign.verification.done 1

    # A/B update verifier that marks a successful boot.

    exec_start update_verifier_nonencrypted

    start statsd
@@ -960,6 +966,7 @@ on zygote-start && property:ro.crypto.state=unsupported 
    start zygote_secondary



on zygote-start && property:ro.crypto.state=encrypted && property:ro.crypto.type=file

    wait_for_prop odsign.verification.done 1

    # A/B update verifier that marks a successful boot.

    exec_start update_verifier_nonencrypted

    start statsd