system_vold.git - system

	Commit message (Collapse)	Author	Age	Files	Lines
*	system: vold: Use wrapped key for metadata encryption	Neeraj Soni	2020-01-03	1	-2/+23
\| \| \| \| \| \| \| \| \|	Wrapped key feature is needed for better security of encryption keys and to ensure data integrity when crypto key cache is cleared during reset operation of storage/crypto hardware. CRs-Fixed: 2367150 Change-Id: I83d14861bf81e102151fa3417d84008c214a9ac0
*	vold: Wrapped key support for FBE	Shivaprasad Hongal	2020-01-03	1	-3/+28
\| \| \| \| \| \| \| \| \| \|	Changes to key management in vold such that no keys are present in the clear in HLOS. Using keymaster to generate and manage keys. CRs-Fixed: 2288316 Change-Id: Iaf5bf2eb60c60364f495e6d176e19b4848850028
*	Add Support for metadata key with rollback	Daniel Rosenberg	2018-12-14	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \|	This adds the ability to upgrade a key and retain the old one for rollback purposes. We delete the old key if we boot successfully and delete the new key if we do not. Test: Enable checkpointing and test rolling back between two versions Bug: 111020314 Change-Id: I19f31a1ac06a811c0644fc956e61b5ca84e7241a
*	vold: get the fscrypt kernel API declarations from linux/fs.h	Eric Biggers	2018-10-25	1	-10/+2
\| \| \| \| \| \| \| \| \|	bionic now has linux/fs.h from the 4.14 kernel, which has the fscrypt kernel API declarations. Replace the manual declarations in vold, except for FS_AES_256_XTS_KEY_SIZE which is not available. Test: built, booted device with f2fs encryption Change-Id: I6a0e3117eaebe3baac7385421afce2169d46ad55
*	vold: rename from "ext4 encryption" to fscrypt	Eric Biggers	2018-10-25	1	-31/+27
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We support file-based encryption on both ext4 and f2fs now, and the kernel API is the same. So rename things appropriately in vold: e4crypt => fscrypt ext4enc => fscrypt Ext4Crypt => FsCrypt EXT4_* => FS_* ext4_encryption_key => fscrypt_key Additionally, the common functions shared by 'vold' and 'init' are now in libfscrypt rather than ext4_utils. So update vold to link to libfscrypt and include the renamed headers. Note: there's a chance of 'fscrypt' being confused with the dm-crypt based encryption code in vold which is called 'cryptfs'. However, fscrypt is the name used in the kernel for ext4/f2fs/ubifs encryption, and it's preferable to use the same name in userspace. Test: built, booted device with f2fs encryption Change-Id: I2a46a49f30d9c0b73d6f6fe09e4a4904d4138ff6
*	clang-format many files.	Paul Crowley	2018-09-18	1	-15/+9
\| \| \| \| \|	Test: Format-only changes; treehugger suffices. Change-Id: I23cde3f0bbcac13bef555d13514e922c79d5ad48
*	When we forget a volume, forget per-volume key	Paul Crowley	2017-10-26	1	-5/+5
\| \| \| \| \| \| \| \| \| \| \|	Protect all per-volume-per-user keys with a per-volume key, which is forgotten when the volume is forgotten. This means that the user's key is securely lost even when their storage is encrypted at forgetting time. Bug: 25861755 Test: create a volume, forget it, check logs and filesystem. Change-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378
*	Fix keyname generation issue	Chen, Luhai	2017-09-11	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \|	The keyname binded to keyring return a wrong string when there are binary char larger than 127, the sign extension will introduce unexpect FFFFFF string to the keyname. Bug: 65423023 Test: local build with boot test and device encryption status check. Change-Id: I26482c98ac1858a63b9f5c3f84a8699fd6a21cd7 Signed-off-by: Ai, Ting A <ting.a.ai@intel.com> Signed-off-by: Chen, Luhai <luhai.chen@intel.com>
*	Zero memory used for encryuption keys.	Pavel Grafov	2017-08-10	1	-7/+25
\| \| \| \| \| \| \| \| \| \|	std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
*	Label keys with all the possible FBE prefixes that might apply	Paul Crowley	2017-06-20	1	-23/+35
\| \| \| \| \| \| \| \|	We don't know which FS and kernel version is going to want these keys, so put them in the kernel three times with all three possible prefixes. Test: Marlin set up before this change successfully boots after it. Change-Id: I6ccfe0894551ba068de9bf5e23fe4fd1e10e36b1
*	Switch to libkeyutils.	Elliott Hughes	2017-05-10	1	-2/+1
\| \| \| \| \| \|	Bug: http://b/37991155 Test: builds+boots Change-Id: I33a3ba0d59ffd504093dc94517815c1196e95e2b
*	Revert "Revert "Stop dropping caches now we have kernel fix""	Daniel Rosenberg	2017-04-28	1	-7/+0
\| \| \| \| \| \| \| \| \| \| \|	This reverts commit 8ad0bef7b5b1b6e1ba3afe441d2dcc9a06e782a7. Bug: 37231161 Test: Boot device with FBE enabled. ls /storage/emulated/0/Android Unlock device. ls /storage/emulated/0/Android 1st will not be found. Second should be found. Change-Id: I92c7ad0adaa7bd357e10661a47cc667ac0ff84b4
*	Add support for metadata encryption	Paul Crowley	2017-04-21	1	-1/+19
\| \| \| \| \| \| \| \| \|	Support encrypting metadata in /userdata using the dm-default-key driver with a key in the /metadata partition. Bug: 29189559 Test: Angler & Marlin build and boot Change-Id: I716b117508d4bb4f6a4039293acb848cbc60f67b
*	Refactor to lay the groundwork for metadata encryption	Paul Crowley	2017-04-21	1	-0/+167
	Bug: 26778031 Test: Angler, Marlin build and boot Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5