Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 83012663 authored by Sami Tolvanen's avatar Sami Tolvanen
Browse files

fs_mgr: validate corrected signatures 

If signature verification fails and we have an error corrected
signature available, attempt to verify that instead.

Needs changes from
  Ie913c21ba1d07d6df4c6feeb7226b2ec963f4d19

Bug: 28943429
Change-Id: I7d48701916fe430b17aa05acb120f22a1802733d
parent 8c407629

fs_mgr/fs_mgr_verity.cpp

+13 −2
Original line number Original line Diff line number Diff line
@@ -150,6 +150,18 @@ out: 
    return retval;

    return retval;

}

}





static int verify_verity_signature(const struct fec_verity_metadata& verity)

{

    if (verify_table(verity.signature, verity.table,

            verity.table_length) == 0 ||

        verify_table(verity.ecc_signature, verity.table,

            verity.table_length) == 0) {

        return 0;

    }



    return -1;

}



static int invalidate_table(char *table, size_t table_length)

static int invalidate_table(char *table, size_t table_length)

{

{

    size_t n = 0;

    size_t n = 0;
@@ -919,8 +931,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) 
    }

    }





    // verify the signature on the table

    // verify the signature on the table

    if (verify_table(verity.signature, verity.table,

    if (verify_verity_signature(verity) < 0) {

            verity.table_length) < 0) {

        if (params.mode == VERITY_MODE_LOGGING) {

        if (params.mode == VERITY_MODE_LOGGING) {

            // the user has been warned, allow mounting without dm-verity

            // the user has been warned, allow mounting without dm-verity

            retval = FS_MGR_SETUP_VERITY_SUCCESS;

            retval = FS_MGR_SETUP_VERITY_SUCCESS;