Loading fs_mgr/libfs_avb/fs_avb.cpp +18 −18 Original line number Original line Diff line number Diff line Loading @@ -433,6 +433,16 @@ AvbUniquePtr AvbHandle::Open() { // Sets the MAJOR.MINOR for init to set it into "ro.boot.avb_version". // Sets the MAJOR.MINOR for init to set it into "ro.boot.avb_version". avb_handle->avb_version_ = StringPrintf("%d.%d", AVB_VERSION_MAJOR, AVB_VERSION_MINOR); avb_handle->avb_version_ = StringPrintf("%d.%d", AVB_VERSION_MAJOR, AVB_VERSION_MINOR); // Verifies vbmeta structs against the digest passed from bootloader in kernel cmdline. std::unique_ptr<AvbVerifier> avb_verifier = AvbVerifier::Create(); if (!avb_verifier || !avb_verifier->VerifyVbmetaImages(avb_handle->vbmeta_images_)) { LERROR << "Failed to verify vbmeta digest"; if (!allow_verification_error) { LERROR << "vbmeta digest error isn't allowed "; return nullptr; } } // Checks whether FLAGS_VERIFICATION_DISABLED is set: // Checks whether FLAGS_VERIFICATION_DISABLED is set: // - Only the top-level vbmeta struct is read. // - Only the top-level vbmeta struct is read. // - vbmeta struct in other partitions are NOT processed, including AVB HASH descriptor(s) // - vbmeta struct in other partitions are NOT processed, including AVB HASH descriptor(s) Loading @@ -443,27 +453,17 @@ AvbUniquePtr AvbHandle::Open() { bool verification_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags & bool verification_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED); AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED); // Checks whether FLAGS_HASHTREE_DISABLED is set. // - vbmeta struct in all partitions are still processed, just disable // dm-verity in the user space. bool hashtree_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED); if (verification_disabled) { if (verification_disabled) { avb_handle->status_ = AvbHandleStatus::kVerificationDisabled; avb_handle->status_ = AvbHandleStatus::kVerificationDisabled; } else { } else if (hashtree_disabled) { // Verifies vbmeta structs against the digest passed from bootloader in kernel cmdline. std::unique_ptr<AvbVerifier> avb_verifier = AvbVerifier::Create(); if (!avb_verifier) { LERROR << "Failed to create AvbVerifier"; return nullptr; } if (!avb_verifier->VerifyVbmetaImages(avb_handle->vbmeta_images_)) { LERROR << "VerifyVbmetaImages failed"; return nullptr; } // Checks whether FLAGS_HASHTREE_DISABLED is set. bool hashtree_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED); if (hashtree_disabled) { avb_handle->status_ = AvbHandleStatus::kHashtreeDisabled; avb_handle->status_ = AvbHandleStatus::kHashtreeDisabled; } } } LINFO << "Returning avb_handle with status: " << avb_handle->status_; LINFO << "Returning avb_handle with status: " << avb_handle->status_; return avb_handle; return avb_handle; Loading Loading
fs_mgr/libfs_avb/fs_avb.cpp +18 −18 Original line number Original line Diff line number Diff line Loading @@ -433,6 +433,16 @@ AvbUniquePtr AvbHandle::Open() { // Sets the MAJOR.MINOR for init to set it into "ro.boot.avb_version". // Sets the MAJOR.MINOR for init to set it into "ro.boot.avb_version". avb_handle->avb_version_ = StringPrintf("%d.%d", AVB_VERSION_MAJOR, AVB_VERSION_MINOR); avb_handle->avb_version_ = StringPrintf("%d.%d", AVB_VERSION_MAJOR, AVB_VERSION_MINOR); // Verifies vbmeta structs against the digest passed from bootloader in kernel cmdline. std::unique_ptr<AvbVerifier> avb_verifier = AvbVerifier::Create(); if (!avb_verifier || !avb_verifier->VerifyVbmetaImages(avb_handle->vbmeta_images_)) { LERROR << "Failed to verify vbmeta digest"; if (!allow_verification_error) { LERROR << "vbmeta digest error isn't allowed "; return nullptr; } } // Checks whether FLAGS_VERIFICATION_DISABLED is set: // Checks whether FLAGS_VERIFICATION_DISABLED is set: // - Only the top-level vbmeta struct is read. // - Only the top-level vbmeta struct is read. // - vbmeta struct in other partitions are NOT processed, including AVB HASH descriptor(s) // - vbmeta struct in other partitions are NOT processed, including AVB HASH descriptor(s) Loading @@ -443,27 +453,17 @@ AvbUniquePtr AvbHandle::Open() { bool verification_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags & bool verification_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED); AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED); // Checks whether FLAGS_HASHTREE_DISABLED is set. // - vbmeta struct in all partitions are still processed, just disable // dm-verity in the user space. bool hashtree_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED); if (verification_disabled) { if (verification_disabled) { avb_handle->status_ = AvbHandleStatus::kVerificationDisabled; avb_handle->status_ = AvbHandleStatus::kVerificationDisabled; } else { } else if (hashtree_disabled) { // Verifies vbmeta structs against the digest passed from bootloader in kernel cmdline. std::unique_ptr<AvbVerifier> avb_verifier = AvbVerifier::Create(); if (!avb_verifier) { LERROR << "Failed to create AvbVerifier"; return nullptr; } if (!avb_verifier->VerifyVbmetaImages(avb_handle->vbmeta_images_)) { LERROR << "VerifyVbmetaImages failed"; return nullptr; } // Checks whether FLAGS_HASHTREE_DISABLED is set. bool hashtree_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED); if (hashtree_disabled) { avb_handle->status_ = AvbHandleStatus::kHashtreeDisabled; avb_handle->status_ = AvbHandleStatus::kHashtreeDisabled; } } } LINFO << "Returning avb_handle with status: " << avb_handle->status_; LINFO << "Returning avb_handle with status: " << avb_handle->status_; return avb_handle; return avb_handle; Loading
