system_vold.git - system

	Commit message (Collapse)	Author	Age	Files	Lines
*	vold: Wrapped key support for FBE	Shivaprasad Hongal	2020-01-03	1	-1/+2
\| \| \| \| \| \| \| \| \| \|	Changes to key management in vold such that no keys are present in the clear in HLOS. Using keymaster to generate and manage keys. CRs-Fixed: 2288316 Change-Id: Iaf5bf2eb60c60364f495e6d176e19b4848850028
*	Add Support for metadata key with rollback	Daniel Rosenberg	2018-12-14	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	This adds the ability to upgrade a key and retain the old one for rollback purposes. We delete the old key if we boot successfully and delete the new key if we do not. Test: Enable checkpointing and test rolling back between two versions Bug: 111020314 Change-Id: I19f31a1ac06a811c0644fc956e61b5ca84e7241a
*	clang-format many files.	Paul Crowley	2018-09-18	1	-3/+3
\| \| \| \| \|	Test: Format-only changes; treehugger suffices. Change-Id: I23cde3f0bbcac13bef555d13514e922c79d5ad48
*	When we forget a volume, forget per-volume key	Paul Crowley	2017-10-26	1	-2/+4
\| \| \| \| \| \| \| \| \| \| \|	Protect all per-volume-per-user keys with a per-volume key, which is forgotten when the volume is forgotten. This means that the user's key is securely lost even when their storage is encrypted at forgetting time. Bug: 25861755 Test: create a volume, forget it, check logs and filesystem. Change-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378
*	Zero memory used for encryuption keys.	Pavel Grafov	2017-08-10	1	-17/+6
\| \| \| \| \| \| \| \| \| \|	std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
*	Label keys with all the possible FBE prefixes that might apply	Paul Crowley	2017-06-20	1	-1/+0
\| \| \| \| \| \| \| \|	We don't know which FS and kernel version is going to want these keys, so put them in the kernel three times with all three possible prefixes. Test: Marlin set up before this change successfully boots after it. Change-Id: I6ccfe0894551ba068de9bf5e23fe4fd1e10e36b1
*	Add support for metadata encryption	Paul Crowley	2017-04-21	1	-0/+3
\| \| \| \| \| \| \| \| \|	Support encrypting metadata in /userdata using the dm-default-key driver with a key in the /metadata partition. Bug: 29189559 Test: Angler & Marlin build and boot Change-Id: I716b117508d4bb4f6a4039293acb848cbc60f67b
*	Refactor to lay the groundwork for metadata encryption	Paul Crowley	2017-04-21	1	-0/+48
	Bug: 26778031 Test: Angler, Marlin build and boot Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5