Merge "Enable AVB for dynamic GSI (f.k.a. Live Image)" (c1c624a1) · Commits · e / os / android_system_core

fs_mgr/fs_mgr_fstab.cpp

+3 −0

Original line number	Diff line number	Diff line
		@@ -979,12 +979,15 @@ int fs_mgr_is_checkpoint_blk(const struct fstab_rec* fstab) {
		}

		FstabEntry BuildGsiSystemFstabEntry() {
		// .logical_partition_name is required to look up AVB Hashtree descriptors.
		FstabEntry system = {
		.blk_device = "system_gsi",
		.mount_point = "/system",
		.fs_type = "ext4",
		.flags = MS_RDONLY,
		.fs_options = "barrier=1",
		.avb_key = "/gsi.avbpubkey",
		.logical_partition_name = "system"
		};
		system.fs_mgr_flags.wait = true;
		system.fs_mgr_flags.logical = true;

+4 −3

Original line number	Diff line number	Diff line
		@@ -383,7 +383,8 @@ AvbUniquePtr AvbHandle::Open() {
		return avb_handle;
		}

		AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry) {
		AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry,
		bool wait_for_verity_dev) {
		if (fstab_entry->avb_key.empty()) {
		LERROR << "avb_key=/path/to/key is missing for " << fstab_entry->mount_point;
		return AvbHashtreeResult::kFail;
		@@ -400,7 +401,7 @@ AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry)
		<< " for mount point: " << fstab_entry->mount_point;
		return AvbHashtreeResult::kFail;
		}
		// Use empty key blob, which means no expectation, if allow verification error.
		LWARNING << "Allowing no expected key blob when verification error is permitted";
		expected_key_blob.clear();
		}

		@@ -423,7 +424,7 @@ AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry)
		// Puts the vbmeta into a vector, for LoadAvbHashtreeToEnableVerity() to use.
		std::vector<VBMetaData> vbmeta_images;
		vbmeta_images.emplace_back(std::move(*vbmeta));
		if (!LoadAvbHashtreeToEnableVerity(fstab_entry, true /* wait_for_verity_dev */, vbmeta_images,
		if (!LoadAvbHashtreeToEnableVerity(fstab_entry, wait_for_verity_dev, vbmeta_images,
		fs_mgr_get_slot_suffix(), fs_mgr_get_other_slot_suffix())) {
		return AvbHashtreeResult::kFail;
		}

+2 −1

Original line number	Diff line number	Diff line
		@@ -169,7 +169,8 @@ class AvbHandle {
		AvbHashtreeResult SetUpAvbHashtree(FstabEntry* fstab_entry, bool wait_for_verity_dev);

		// Similar to above, but loads the offline vbmeta from the end of fstab_entry->blk_device.
		static AvbHashtreeResult SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry);
		static AvbHashtreeResult SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry,
		bool wait_for_verity_dev = true);

		const std::string& avb_version() const { return avb_version_; }
		const VBMetaInfo& vbmeta_info() const { return vbmeta_info_; }

+21 −12

Original line number	Diff line number	Diff line
		@@ -683,10 +683,19 @@ bool FirstStageMountVBootV2::GetDmVerityDevices() {
		}

		bool FirstStageMountVBootV2::SetUpDmVerity(FstabEntry* fstab_entry) {
		AvbHashtreeResult hashtree_result;

		if (fstab_entry->fs_mgr_flags.avb) {
		if (!InitAvbHandle()) return false;
		AvbHashtreeResult hashtree_result =
		hashtree_result =
		avb_handle_->SetUpAvbHashtree(fstab_entry, false /* wait_for_verity_dev */);
		} else if (!fstab_entry->avb_key.empty()) {
		hashtree_result =
		AvbHandle::SetUpStandaloneAvbHashtree(fstab_entry, false /* wait_for_verity_dev */);
		} else {
		return true; // No need AVB, returns true to mount the partition directly.
		}

		switch (hashtree_result) {
		case AvbHashtreeResult::kDisabled:
		return true; // Returns true to mount the partition.
		@@ -698,7 +707,7 @@ bool FirstStageMountVBootV2::SetUpDmVerity(FstabEntry* fstab_entry) {
		default:
		return false;
		}
		}

		return true; // Returns true to mount the partition.
		}