Loading fs_mgr/fs_mgr_fstab.cpp +3 −0 Original line number Diff line number Diff line Loading @@ -979,12 +979,15 @@ int fs_mgr_is_checkpoint_blk(const struct fstab_rec* fstab) { } FstabEntry BuildGsiSystemFstabEntry() { // .logical_partition_name is required to look up AVB Hashtree descriptors. FstabEntry system = { .blk_device = "system_gsi", .mount_point = "/system", .fs_type = "ext4", .flags = MS_RDONLY, .fs_options = "barrier=1", .avb_key = "/gsi.avbpubkey", .logical_partition_name = "system" }; system.fs_mgr_flags.wait = true; system.fs_mgr_flags.logical = true; Loading fs_mgr/libfs_avb/fs_avb.cpp +4 −3 Original line number Diff line number Diff line Loading @@ -383,7 +383,8 @@ AvbUniquePtr AvbHandle::Open() { return avb_handle; } AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry) { AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry, bool wait_for_verity_dev) { if (fstab_entry->avb_key.empty()) { LERROR << "avb_key=/path/to/key is missing for " << fstab_entry->mount_point; return AvbHashtreeResult::kFail; Loading @@ -400,7 +401,7 @@ AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry) << " for mount point: " << fstab_entry->mount_point; return AvbHashtreeResult::kFail; } // Use empty key blob, which means no expectation, if allow verification error. LWARNING << "Allowing no expected key blob when verification error is permitted"; expected_key_blob.clear(); } Loading @@ -423,7 +424,7 @@ AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry) // Puts the vbmeta into a vector, for LoadAvbHashtreeToEnableVerity() to use. std::vector<VBMetaData> vbmeta_images; vbmeta_images.emplace_back(std::move(*vbmeta)); if (!LoadAvbHashtreeToEnableVerity(fstab_entry, true /* wait_for_verity_dev */, vbmeta_images, if (!LoadAvbHashtreeToEnableVerity(fstab_entry, wait_for_verity_dev, vbmeta_images, fs_mgr_get_slot_suffix(), fs_mgr_get_other_slot_suffix())) { return AvbHashtreeResult::kFail; } Loading fs_mgr/libfs_avb/include/fs_avb/fs_avb.h +2 −1 Original line number Diff line number Diff line Loading @@ -169,7 +169,8 @@ class AvbHandle { AvbHashtreeResult SetUpAvbHashtree(FstabEntry* fstab_entry, bool wait_for_verity_dev); // Similar to above, but loads the offline vbmeta from the end of fstab_entry->blk_device. static AvbHashtreeResult SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry); static AvbHashtreeResult SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry, bool wait_for_verity_dev = true); const std::string& avb_version() const { return avb_version_; } const VBMetaInfo& vbmeta_info() const { return vbmeta_info_; } Loading init/first_stage_mount.cpp +21 −12 Original line number Diff line number Diff line Loading @@ -683,10 +683,19 @@ bool FirstStageMountVBootV2::GetDmVerityDevices() { } bool FirstStageMountVBootV2::SetUpDmVerity(FstabEntry* fstab_entry) { AvbHashtreeResult hashtree_result; if (fstab_entry->fs_mgr_flags.avb) { if (!InitAvbHandle()) return false; AvbHashtreeResult hashtree_result = hashtree_result = avb_handle_->SetUpAvbHashtree(fstab_entry, false /* wait_for_verity_dev */); } else if (!fstab_entry->avb_key.empty()) { hashtree_result = AvbHandle::SetUpStandaloneAvbHashtree(fstab_entry, false /* wait_for_verity_dev */); } else { return true; // No need AVB, returns true to mount the partition directly. } switch (hashtree_result) { case AvbHashtreeResult::kDisabled: return true; // Returns true to mount the partition. Loading @@ -698,7 +707,7 @@ bool FirstStageMountVBootV2::SetUpDmVerity(FstabEntry* fstab_entry) { default: return false; } } return true; // Returns true to mount the partition. } Loading Loading
fs_mgr/fs_mgr_fstab.cpp +3 −0 Original line number Diff line number Diff line Loading @@ -979,12 +979,15 @@ int fs_mgr_is_checkpoint_blk(const struct fstab_rec* fstab) { } FstabEntry BuildGsiSystemFstabEntry() { // .logical_partition_name is required to look up AVB Hashtree descriptors. FstabEntry system = { .blk_device = "system_gsi", .mount_point = "/system", .fs_type = "ext4", .flags = MS_RDONLY, .fs_options = "barrier=1", .avb_key = "/gsi.avbpubkey", .logical_partition_name = "system" }; system.fs_mgr_flags.wait = true; system.fs_mgr_flags.logical = true; Loading
fs_mgr/libfs_avb/fs_avb.cpp +4 −3 Original line number Diff line number Diff line Loading @@ -383,7 +383,8 @@ AvbUniquePtr AvbHandle::Open() { return avb_handle; } AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry) { AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry, bool wait_for_verity_dev) { if (fstab_entry->avb_key.empty()) { LERROR << "avb_key=/path/to/key is missing for " << fstab_entry->mount_point; return AvbHashtreeResult::kFail; Loading @@ -400,7 +401,7 @@ AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry) << " for mount point: " << fstab_entry->mount_point; return AvbHashtreeResult::kFail; } // Use empty key blob, which means no expectation, if allow verification error. LWARNING << "Allowing no expected key blob when verification error is permitted"; expected_key_blob.clear(); } Loading @@ -423,7 +424,7 @@ AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry) // Puts the vbmeta into a vector, for LoadAvbHashtreeToEnableVerity() to use. std::vector<VBMetaData> vbmeta_images; vbmeta_images.emplace_back(std::move(*vbmeta)); if (!LoadAvbHashtreeToEnableVerity(fstab_entry, true /* wait_for_verity_dev */, vbmeta_images, if (!LoadAvbHashtreeToEnableVerity(fstab_entry, wait_for_verity_dev, vbmeta_images, fs_mgr_get_slot_suffix(), fs_mgr_get_other_slot_suffix())) { return AvbHashtreeResult::kFail; } Loading
fs_mgr/libfs_avb/include/fs_avb/fs_avb.h +2 −1 Original line number Diff line number Diff line Loading @@ -169,7 +169,8 @@ class AvbHandle { AvbHashtreeResult SetUpAvbHashtree(FstabEntry* fstab_entry, bool wait_for_verity_dev); // Similar to above, but loads the offline vbmeta from the end of fstab_entry->blk_device. static AvbHashtreeResult SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry); static AvbHashtreeResult SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry, bool wait_for_verity_dev = true); const std::string& avb_version() const { return avb_version_; } const VBMetaInfo& vbmeta_info() const { return vbmeta_info_; } Loading
init/first_stage_mount.cpp +21 −12 Original line number Diff line number Diff line Loading @@ -683,10 +683,19 @@ bool FirstStageMountVBootV2::GetDmVerityDevices() { } bool FirstStageMountVBootV2::SetUpDmVerity(FstabEntry* fstab_entry) { AvbHashtreeResult hashtree_result; if (fstab_entry->fs_mgr_flags.avb) { if (!InitAvbHandle()) return false; AvbHashtreeResult hashtree_result = hashtree_result = avb_handle_->SetUpAvbHashtree(fstab_entry, false /* wait_for_verity_dev */); } else if (!fstab_entry->avb_key.empty()) { hashtree_result = AvbHandle::SetUpStandaloneAvbHashtree(fstab_entry, false /* wait_for_verity_dev */); } else { return true; // No need AVB, returns true to mount the partition directly. } switch (hashtree_result) { case AvbHashtreeResult::kDisabled: return true; // Returns true to mount the partition. Loading @@ -698,7 +707,7 @@ bool FirstStageMountVBootV2::SetUpDmVerity(FstabEntry* fstab_entry) { default: return false; } } return true; // Returns true to mount the partition. } Loading
