1. 25 Aug, 2017 1 commit
  2. 23 May, 2017 1 commit
    • nkk71's avatar
      cryptfs: Remove dm-crypt device on failed table load · 50730033
      nkk71 authored
       * The dm-crypt device needs to be removed from
         the device-mapper driver list otherwise it will
         remain busy and cannot be used later on by
         other processes (eg vold_decrypt) or for further
         testing/debugging in recovery.
      
      Change-Id: I35e43a79ecc3de234ddb9f87f7d75c6439ea7454
      50730033
  3. 06 Mar, 2017 2 commits
    • nkk71's avatar
      vold_decrypt: Add back missing xml and get rid of compiler warning · 201d4b21
      nkk71 authored
      Change-Id: I883112e2618f560e96002e2076e2735cc20cfac3
      201d4b21
    • nkk71's avatar
      crypto: Use system's vold for decryption · 71c6c50d
      nkk71 authored
        If TWRP crypto fails to decrypt partition, mount the system
        partition and use system's own vold to attempt decryption.
        This provides a fallback for proprietary OEM encryption as well as
        encryption methods which TWRP hasn't been updated for.
      
        Requirements in device tree:
        * fstab.{ro.hardware} in device/recovery/root
          The fstab does not need to be complete, but it does need the
          data partition and the encryption entries.
      
        * 'TW_CRYPTO_USE_SYSTEM_VOLD := true' in BoardConfig
        or
        * 'TW_CRYPTO_USE_SYSTEM_VOLD := <list of services>'
      
        Notes:
        * Setting the flag to 'true' will just use system's vdc+vold
          or
        * Setting the flag with additional services, will also start them
          prior to attempting vdc+vold decryption, eg: for qualcomm based
          devices you usually need 'TW_CRYPTO_USE_SYSTEM_VOLD := qseecomd'
      
        * For each service listed an additional import will be automatically
          added to the vold_decrypt.rc file in the form of
          init.recovery.vold_decrypt.{service}.rc
          You will need to add any not already existing .rc files in
          your device/recovery/root folder.
      
        * The service names specified in the vold_decrypt.{service}.rc files
          have to be named 'sys_{service}'
          eg: 'service sys_qseecomd /system/bin/qseecomd'
      
        * Any service already existing in TWRP as {service} or sbin{service} will
          be stopped and restarted as needed.
      
        * You can override the default init.recovery.vold_decrypt.rc file(s)
          by placing same named ones in your device/recovery/root folder.
          If you do, you'll need to manually add the needed imports.
      
        * If /vendor and /firmware folders are temporarily moved and symlinked
          to the folders and files in the system partition, the properties
          'vold_decrypt.symlinked_vendor' and 'vold_decrypt.symlinked_firmware'
          will be set to 1.
          This allows for additional control in the .rc files for any extra
          actions (symlinks, cp files, etc) that may be needed for decryption
          by using: on property:vold_decrypt.symlinked_vendor=1 and/or
          on property:vold_decrypt.symlinked_firmware=1 triggers.
      
        Debug mode: 'TW_CRYPTO_SYSTEM_VOLD_DEBUG := true' in BoardConfig
        * Specifying this flag, will enable strace on init and vdc, which will
          create separate log files in /tmp for every process created, allowing
          for detailed analysis of which services and files are being accessed.
        * Note that enabling strace will expose the password in the logs!!
        * You need to manually add strace to your build.
      
      Thanks to @Captain_Throwback for co-authoring and testing.
      
      Tested successfully on HTC devices:
      M8 (KK through MM), M9 (MM and N), A9 (N), 10 (N), Bolt (N),
      Desire 626s (MM), U Ultra (N)
      
      HTC One X9 (MTK device)
      
      And by Nikolay Jeliazkov on: Xiaomi Mi Max
      
      Change-Id: I4d22ab55baf6a2a50adde2e4c1c510c142714227
      71c6c50d
  4. 19 Feb, 2017 1 commit
  5. 21 Jan, 2017 1 commit
  6. 13 Dec, 2016 2 commits
  7. 10 Aug, 2016 1 commit
  8. 17 May, 2016 1 commit
    • Captain Throwback's avatar
      crypto: remove redundant convert_key_to_hex_ascii call · 35df6389
      Captain Throwback authored
      - Breaks decryption on some hw_crypto devices
      - Default value already defined in preceding ifdef
      - PS2: Move crypt_params definition prior to ifdef
        (matches corresponding code from CAF)
      
      Huge thanks to @beaups for figuring out the issue!
      
      Change-Id: I1fd4e3a4862f022b17a555773feb1d6deac9d34c
      35df6389
  9. 28 Apr, 2016 1 commit
    • Ethan Yonker's avatar
      Fix decrypt of odd number length PIN on hardware crypto · 9f1f2f74
      Ethan Yonker authored
      I am not sure if we are really fixing anything other than we are
      allowing the decrypt process to continue. On hardware crypto the
      password never seems to match what is expected from the data in
      the footer, probably because the data is not stored in the footer
      and TZ does all the work. Still, if it works, it is hard to fault
      the patch.
      
      Change-Id: Ibbb286382e82523bec2064f51fa07194f84820c2
      9f1f2f74
  10. 17 Feb, 2016 1 commit
    • Ethan Yonker's avatar
      Restore some old decrypt functionality · d3e96ff4
      Ethan Yonker authored
      Some of the convoluted convert_hex_ascii_to_key code is needed to
      properly decrypt CM 12.1 patterns where grid size is larger than
      3x3.
      
      Change-Id: I497e17980046c60d2c69ba56e4b83c8b64b0b80e
      d3e96ff4
  11. 16 Feb, 2016 1 commit
    • Sultan Qasim Khan's avatar
      cryptfs: major overhaul and cleanup · a7e63a28
      Sultan Qasim Khan authored
      - Don't upgrade HW encrypted Lollipop devices to Marshmallow crypto
      - Fix support for passwords and patterns with an odd number of elements
      - Remove unused code
      - Fix build warnings
      
      Change-Id: I25f015085e5c859d0353f42f6a2fbc7ccecd48ed
      a7e63a28
  12. 25 Jan, 2016 1 commit
    • Ethan Yonker's avatar
      Adopted Storage support · 66a1949d
      Ethan Yonker authored
       -Detects, decrypts, and mounts an adopted SD card if a
        secondary block device is defined (usually mmcblk1)
       -Handles unified storage
       -Displays the adopted storage in MTP along with internal
       -Factory Reset - wiped just like a data media device, we
        retain the keys folder and the storage.xml during a
        factory reset
       -Backup / Restore
       -Disable mass storage when adopted storage is present
       -Read storage nickname from storage.xml and apply it to
        display names in the GUI
       -Read storage.xml and determine what storage location is in
        use for /sdcard and remap accordingly
      
      libgpt_twrp is source code mostly kanged from an efimanager
      project. It is GPL v2 or higher, so we will opt for GPL v3.
      
      Change-Id: Ieda0030bec5155ba8d2b9167dc0016cebbf39d55
      66a1949d
  13. 19 Jan, 2016 1 commit
  14. 22 Dec, 2015 1 commit
  15. 15 May, 2015 1 commit
  16. 05 Jan, 2015 1 commit
  17. 21 Dec, 2014 1 commit
    • Ethan Yonker's avatar
      Allow non datamedia devices to wipe encryption · d79d9bce
      Ethan Yonker authored
      With 5.0 L, we decrypt automatically if the default_password is
      used. Non datamedia devices do not get the format data button so
      they cannot wipe encryption off the device. This patch add a wipe
      encryption button where the format data button would normally be
      located on the Wipe page.
      
      This patch also attempts to remove / delete the dm-crypt block
      device before formatting.
      
      Change-Id: I100d5d154d6c49254fd48e23279df973db5f23ae
      d79d9bce
  18. 18 Dec, 2014 1 commit
  19. 12 Dec, 2014 1 commit
    • Dees Troy's avatar
      Fixes for compiling crypto in older trees · 87da4245
      Dees Troy authored
      Some of these fixes needed to be made anyway. Note that older
      trees will still need to have files / repos copied into them from
      newer trees. Namely we need:
      system/security/softkeymaster
      hardware/libhardware/include/hardware/keymaster.h
      
      Maybe others as I did not document very carefully what I was
      pulling in.
      
      Change-Id: I465fd1fbe228803ec02fba047b151f07ea13d5ca
      87da4245
  20. 10 Dec, 2014 1 commit
  21. 04 Dec, 2014 1 commit
    • Ethan Yonker's avatar
      Reduce libs needed for decrypt and clean up old decypt files · 253368a0
      Ethan Yonker authored
      Trim cryptfs.c to remove functions that TWRP does not use for
      decrypt and remove the need for libfs_mgr from cryptfs.c by
      passing some items to cryptfs.c from the partition manager.
      
      Add support for new fstab flags:
      encryptable and forceencrypt=/path/to/cryptokey
      For example:
      flags=forceencrypt=/dev/block/platform/sdhci-tegra.3/by-name/MD1
      Note that "footer" is the default, so you do not need to set this
      flag on devices that use the footer for the crypto key.
      Also add mounttodecrypt if you need to mount a partition during
      the decrypt cycle for firmware of proprietary libs.
      
      Clean up decrypt and only support one version
      
      Android 5.0 lollipop decrypt should be backwards compatible with
      older versions so we will only support one version, 1.3 that came
      with 5.0 lollipop.
      
      Remove support for Samsung TouchWiz decrypt. It does not work with
      the latest versions of Samsung encryption anyway and it has not
      been updated to work with any AOSP decryption higher than 1.1
      
      Change-Id: I2d9c6e31df50268c91ee642c2fa090f901d9d5c9
      253368a0
  22. 18 Nov, 2014 1 commit
    • Ethan Yonker's avatar
      Tweak 5.0 L decrypt · cceebb81
      Ethan Yonker authored
      Mount the vendor partition if it exists so we can use any
      proprietary files we may need.
      Relocate auto decrypt when default_password is in use to after all
      partitions are added so that we can mount the vendor partition.
      
      Change-Id: I93455a35695779f53ef57a82d3d45c7216c13639
      cceebb81
  23. 17 Nov, 2014 1 commit
  24. 12 Nov, 2014 1 commit
    • Ethan Yonker's avatar
      Add lollipop decrypt support · 4eca40d7
      Ethan Yonker authored
      Kang in cryptfs.c and cryptfs.h from vold.
      Use TW_INCLUDE_L_CRYPTO := true to enable.
      Ramdisk must contain the normal fstab file in the root in the
      usual format of:
      fstab.{ro.hardware}
      For examble for Nexus 5:
      fstab.hammerhead
      Or on many Qualcomm devices:
      fstab.qcom
      
      Tested against Android 5.0 lollipop on Nexus 7 2012 grouper. Not
      sure if or how this will work when we are dealing with a device
      with a hardware keystore. Long term we need to add a GUI element
      to allow entering a pattern. For now you can decrypt a pattern
      unlock by converting the dots to numbers in the following format:
      123
      456
      789
      
      So an upper-case L would translate to 14789 as a password entered
      on the keyboard.
      
      Change-Id: I02c29e1f1c2eb29bf002c9fe0fc118357300b5b3
      4eca40d7
  25. 08 Nov, 2014 1 commit
  26. 06 Nov, 2014 1 commit
  27. 04 Nov, 2014 1 commit
    • Matt Mower's avatar
      Fix some module tags · db220449
      Matt Mower authored
      There is no LOCAL_MODULES_TAGS. Fix by combining with LOCAL_MODULE_TAGS.
      
      Change-Id: I1cacef2f8123af3632ff6a52aa62c2f2e15ac37d
      db220449
  28. 03 Nov, 2014 1 commit
    • Matt Mower's avatar
      Remove dependence on build hax in makefiles · 031163b2
      Matt Mower authored
      Update makefiles to no longer rely on INTERNAL_RECOVERY_FILES. Define
      LOCAL_ADDITIONAL_DEPENDENCIES instead.
      
      Set LOCAL_LDFLAGS to properly link recovery executable.
      
      Change-Id: I4542104c69399b5a19674b9772ab89c3709efa72
      031163b2
  29. 03 Sep, 2014 1 commit
    • Matt Mower's avatar
      Build block TWRP with RECOVERY_VARIANT · 55c75cad
      Matt Mower authored
      Enable TWRP to reside alongside other recoveries with the naming
      convention: bootable/recovery(-flag). If TWRP resides at
      bootable/recovery and a device does not specify RECOVERY_VARIANT, then
      it will build like normal. If TWRP resides at bootable/recovery-twrp,
      then its makefiles will only be parsed if a device specifies
      'RECOVERY_VARIANT := twrp'. This prevents TWRP specific makefile
      warnings/errors (notably, missing DEVICE_RESOLUTION) when another
      recovery is being built.
      
      Change-Id: I8f02fffcd79c309c7123b9428eedc69af02e126e
      55c75cad
  30. 26 Feb, 2014 1 commit
    • Ethan Yonker's avatar
      Check crypto footer before offering to decrypt · 71413f4e
      Ethan Yonker authored
      Verify that we have a valid footer with proper magic before
      setting things up for decryption to help prevent user confusion
      when dealing with data partitions that fail to mount. Also check
      to make sure that the block device for /data is present.
      
      Change-Id: Ie87818fe4505a8bf71df7d3934c114e7328ef3ca
      71413f4e
  31. 19 Dec, 2013 1 commit
    • OliverG96's avatar
      crypto: Fix crypto dependencies for ICS/Samsung methods · 06b91e79
      OliverG96 authored
      - libmincrypt renamed to libmincrypttwrp that is an static library
      - libjpegtwrp does not exist
      - libfs_mgrtwrp is for JB decryption methods
      
      This fixes making full builds when TW_INCLUDE_CRYPTO_SAMSUNG := true and TW_INCLUDE_CRYPTO := true are set.
      Somehow typing make recoveryimage doesnt push the mentioned issue.
      
      Change-Id: I7cad5db4f51152a1a8209e619b188ca88d7c74d1
      06b91e79
  32. 11 Nov, 2013 1 commit
  33. 10 Nov, 2013 1 commit
  34. 23 Aug, 2013 1 commit
  35. 11 Aug, 2013 1 commit
  36. 03 Jul, 2013 1 commit
  37. 18 Apr, 2013 1 commit
  38. 04 Apr, 2013 1 commit