summaryrefslogtreecommitdiffstats
path: root/crypto/ext4crypt/keystore_auth.cpp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Decrypt FBE on 9.0 (backwards compatible)Ethan Yonker2018-08-311-2/+19
| | | | | | | | | | Building in 9.0 may require you to add a flag to your twrp fstab with the fileencryption details like: fileencryption=ice:aes-256-heh Verify this against your device's stock fstab of course. Change-Id: If9286f5d5787280814daca9fbc8f5191ff26a839
* Add spblob decrypt for secdis method (Pixel 1 non-weaver)Ethan Yonker2018-01-041-0/+90
Support decrypting Pixel 1 devices using secdis method with the gatekeeper instead of weaver. Add a bit of a dirty workaround to a permissions issue that the keystore presents because the keystore checks the uid of the calling process and refuses to let the root user add authorization tokens. We write the auth token to a file and start a separate service that runs under the system user. The service reads the token from the file and adds it to the keystore. You must define this service in your init.recovery.{hardware}.rc file: service keystore_auth /sbin/keystore_auth disabled oneshot user system group root seclabel u:r:recovery:s0 TWRP will run this service when needed. Change-Id: I0ff48d3355f03dc0be8e75cddb8b484bdef98772