summaryrefslogtreecommitdiffstats
path: root/crypto (unfollow)
Commit message (Collapse)AuthorFilesLines
2018-01-04Add spblob decrypt for secdis method (Pixel 1 non-weaver)Ethan Yonker4-64/+326
Support decrypting Pixel 1 devices using secdis method with the gatekeeper instead of weaver. Add a bit of a dirty workaround to a permissions issue that the keystore presents because the keystore checks the uid of the calling process and refuses to let the root user add authorization tokens. We write the auth token to a file and start a separate service that runs under the system user. The service reads the token from the file and adds it to the keystore. You must define this service in your init.recovery.{hardware}.rc file: service keystore_auth /sbin/keystore_auth disabled oneshot user system group root seclabel u:r:recovery:s0 TWRP will run this service when needed. Change-Id: I0ff48d3355f03dc0be8e75cddb8b484bdef98772
2017-11-29Better compatibility across 8.0.0 treesEthan Yonker1-4/+11
Change-Id: Ic8200da4e99826736e002a1ab5f9e5f967e84193
2017-11-28vold_decrypt: FDE Keymaster 3.0 supportnkk716-298/+901
* HTC U11 Oreo is using keymaster3 FDE encryption which requires the new services: 1- /system/bin/hwservicemanager 2- /vendor/bin/hw/android.hardware.keymaster@3.0-service 3- /vendor/bin/qseecomd (instead of /system/bin/qseecomd) So in addition to /vendor/lib and /vendor/lib64 also symlink /system/vendor/bin to /vendor/bin. * vold_decrypt services now have separate prefixes: 1- 'sys_' referring to /system/bin 2- 'ven_' referring to /vendor/bin * The additional (hwservicemanager, keymaster-3-0) and modified (qseecomd) .rc files have been updated in the vold_decrypt directory. Comments were added directly in the .rc files, please check them. * /etc/recovery.fstab needs to be temporarily moved since vold will use it if it finds the '/sbin/recovery' file (refer to fs_mgr for the fstab load code https://goo.gl/8KaZyf). Since fs_mgr cannot parse TWRP style fstab, we 'hide' it and attempt to create a symlink to /fstab.{ro.hardware}. Also remove shell dependencies, code cleanup, new error codes: * Critical sections of vold_decrypt should not rely on the external shell (and the available binaries) provided by TWFunc::Exec_Cmd. Doing so may lead to failures resulting from different shell provided binaries not working properly, especially since busybox can be inconsistent across different trees. In particular the following functions have been changed: * run_vdc() no longer uses daisy chained commands, instead it now forks and executes vdc directly including a 30 second built in timeout. * Symlink_Firmware_Files() no longer relies on the shell 'find' command to retrieve the list of firmware/vendor files and instead uses a built in function, Find_Firmware_Files(), which traverses the system partition to retrieve the list of files. * The code has also been cleaned up a little for better consistency, and vold_decrypt will now return various error codes for the different failures, as defined in vold_decrypt.h, which allows the gui_msg to be moved back to partitionmanager.cpp. Notes regarding pre Android 8.0 builds: * Service names in .rc files cannot exceed 16 characters (including the prepended 'sys_' or 'ven_') in Android 7.1 and below, so a service name such as 'sys_hwservicemanager' is out of the question for 7.1 and below. * hwservicemanager will check ACLs on 'hwservicemanager' and 'ITokenManager' if they are even allowed to run, otherwise the interfaces will fail. The policies have only been introduced in 8.0, and although it is possible to manually add them to the 7.1 policies it's not recommended. * Therefore the best course of action is to build in 8.0. * SIDE NOTE: On the HTC U11 we are actually using omni-7.1 with some changes in the device tree to support both Nougat and Oreo decryption, please refer to: 1- https://gerrit.twrp.me/c/2756/ for the necessary sepolicy and BoardConfig changes. 2- The Android.mk file for vold_decrypt was modified to truncate greater than 16 character service names (as mentioned therein) Other changes: * TW_CRYPTO_SYSTEM_VOLD_DISABLE_TIMEOUT is now deprecated due to built- in fork and timeout. * Output_dmesg_to_recovery_log() is also deprecated so upon a failed decryption the recovery.log will no longer append it, instead you can just use 'adb shell dmesg' to check it. Nonetheless if a true debug build is needed use the original TW_CRYPTO_SYSTEM_VOLD_DEBUG flag as outlined in the original commit message (see below). Usage info: This is an update to the initial vold_decrypt, for more info refer to https://github.com/omnirom/android_bootable_recovery/commit/71c6c50d0da1f32dd18a749797e88de2358c5ba1 Change-Id: Id7129d125ae7f5dcba0779489825add718022ba3
2017-11-28FBE for Pixel 2Ethan Yonker15-47/+2154
Includes various minor fixes for building in Android 8 trees with r23+ tag Update FBE extended header in libtar to version 2 and include the entire ext4_encryption_policy structure now after translating the policy. See this post for more details: https://plus.google.com/u/1/+DeesTroy/posts/i33ygUi7tiu Change-Id: I2af981e51f459b17fcd895fb8c2d3f6c8200e24b
2017-08-25DO NOT MERGE Android 8.0 stuffEthan Yonker1-1/+1
Change-Id: I8c8a9734adbf36c33463123844fa6e078934ae34
2017-05-23cryptfs: Remove dm-crypt device on failed table loadnkk711-0/+14
* The dm-crypt device needs to be removed from the device-mapper driver list otherwise it will remain busy and cannot be used later on by other processes (eg vold_decrypt) or for further testing/debugging in recovery. Change-Id: I35e43a79ecc3de234ddb9f87f7d75c6439ea7454
2017-03-06vold_decrypt: Add back missing xml and get rid of compiler warningnkk711-5/+4
Change-Id: I883112e2618f560e96002e2076e2735cc20cfac3
2017-03-06crypto: Use system's vold for decryptionnkk715-0/+736
If TWRP crypto fails to decrypt partition, mount the system partition and use system's own vold to attempt decryption. This provides a fallback for proprietary OEM encryption as well as encryption methods which TWRP hasn't been updated for. Requirements in device tree: * fstab.{ro.hardware} in device/recovery/root The fstab does not need to be complete, but it does need the data partition and the encryption entries. * 'TW_CRYPTO_USE_SYSTEM_VOLD := true' in BoardConfig or * 'TW_CRYPTO_USE_SYSTEM_VOLD := <list of services>' Notes: * Setting the flag to 'true' will just use system's vdc+vold or * Setting the flag with additional services, will also start them prior to attempting vdc+vold decryption, eg: for qualcomm based devices you usually need 'TW_CRYPTO_USE_SYSTEM_VOLD := qseecomd' * For each service listed an additional import will be automatically added to the vold_decrypt.rc file in the form of init.recovery.vold_decrypt.{service}.rc You will need to add any not already existing .rc files in your device/recovery/root folder. * The service names specified in the vold_decrypt.{service}.rc files have to be named 'sys_{service}' eg: 'service sys_qseecomd /system/bin/qseecomd' * Any service already existing in TWRP as {service} or sbin{service} will be stopped and restarted as needed. * You can override the default init.recovery.vold_decrypt.rc file(s) by placing same named ones in your device/recovery/root folder. If you do, you'll need to manually add the needed imports. * If /vendor and /firmware folders are temporarily moved and symlinked to the folders and files in the system partition, the properties 'vold_decrypt.symlinked_vendor' and 'vold_decrypt.symlinked_firmware' will be set to 1. This allows for additional control in the .rc files for any extra actions (symlinks, cp files, etc) that may be needed for decryption by using: on property:vold_decrypt.symlinked_vendor=1 and/or on property:vold_decrypt.symlinked_firmware=1 triggers. Debug mode: 'TW_CRYPTO_SYSTEM_VOLD_DEBUG := true' in BoardConfig * Specifying this flag, will enable strace on init and vdc, which will create separate log files in /tmp for every process created, allowing for detailed analysis of which services and files are being accessed. * Note that enabling strace will expose the password in the logs!! * You need to manually add strace to your build. Thanks to @Captain_Throwback for co-authoring and testing. Tested successfully on HTC devices: M8 (KK through MM), M9 (MM and N), A9 (N), 10 (N), Bolt (N), Desire 626s (MM), U Ultra (N) HTC One X9 (MTK device) And by Nikolay Jeliazkov on: Xiaomi Mi Max Change-Id: I4d22ab55baf6a2a50adde2e4c1c510c142714227
2017-02-19cryptfs: Fix encryption issue due to stack corruption.nijel81-2/+2
Ioctl BLKGETSIZE expects pointer to unsigned long as argument. On 64bit target using pointer to unsigned int can cause stack corruption due to type mismatch. props to https://github.com/aopp/android_system_vold/commit/f8b8787317fc94439b63bc891eeda83f7ae2f4f6 Change-Id: I1d76c65e29479c8f0cd44b6892069b21b8249b95
2017-01-21Try mounting different filesystems during decryptionJames Christopher Adduono1-1/+16
Based on Dees_Troy's approach. Change-Id: Id9aafb6d0c64ab43e2711720a26e30ac86b90235
2016-12-13Support backup/restore of FBE policiesEthan Yonker7-5/+348
Change-Id: Iba8ef20f57b0fb57bb9406c53148a806441d0b59
2016-12-13Support File Based EncryptionEthan Yonker16-0/+2114
Change-Id: Ib688ddd0c32d3999590cacd86b6d9b18eac336e9
2016-08-10recovery: allow usage of TARGET_CRYPTFS_HW_PATHmaxwen1-2/+10
only if not defined fallback to the default more flexible device config where the cryptfs_hw is located Change-Id: I7d1c18eeae877e48dceff06a7cfead28c89797b4
2016-05-17crypto: remove redundant convert_key_to_hex_ascii callCaptain Throwback1-2/+2
- Breaks decryption on some hw_crypto devices - Default value already defined in preceding ifdef - PS2: Move crypt_params definition prior to ifdef (matches corresponding code from CAF) Huge thanks to @beaups for figuring out the issue! Change-Id: I1fd4e3a4862f022b17a555773feb1d6deac9d34c
2016-04-28Fix decrypt of odd number length PIN on hardware cryptoEthan Yonker1-2/+2
I am not sure if we are really fixing anything other than we are allowing the decrypt process to continue. On hardware crypto the password never seems to match what is expected from the data in the footer, probably because the data is not stored in the footer and TZ does all the work. Still, if it works, it is hard to fault the patch. Change-Id: Ibbb286382e82523bec2064f51fa07194f84820c2
2016-02-17Restore some old decrypt functionalityEthan Yonker1-5/+66
Some of the convoluted convert_hex_ascii_to_key code is needed to properly decrypt CM 12.1 patterns where grid size is larger than 3x3. Change-Id: I497e17980046c60d2c69ba56e4b83c8b64b0b80e
2016-02-16cryptfs: major overhaul and cleanupSultan Qasim Khan1-575/+32
- Don't upgrade HW encrypted Lollipop devices to Marshmallow crypto - Fix support for passwords and patterns with an odd number of elements - Remove unused code - Fix build warnings Change-Id: I25f015085e5c859d0353f42f6a2fbc7ccecd48ed
2016-01-25Adopted Storage supportEthan Yonker2-1/+47
-Detects, decrypts, and mounts an adopted SD card if a secondary block device is defined (usually mmcblk1) -Handles unified storage -Displays the adopted storage in MTP along with internal -Factory Reset - wiped just like a data media device, we retain the keys folder and the storage.xml during a factory reset -Backup / Restore -Disable mass storage when adopted storage is present -Read storage nickname from storage.xml and apply it to display names in the GUI -Read storage.xml and determine what storage location is in use for /sdcard and remap accordingly libgpt_twrp is source code mostly kanged from an efimanager project. It is GPL v2 or higher, so we will opt for GPL v3. Change-Id: Ieda0030bec5155ba8d2b9167dc0016cebbf39d55
2016-01-19Update qcom hardware crypto codeEthan Yonker2-51/+206
Change-Id: I4608c45b3f71b53e0988ca0248d3438110a40149
2015-12-22Fix CLANG error in cryptfs.cEthan Yonker1-1/+1
Change-Id: If5af8f634bc016160aebaf7d4e6cda6c5650a077
2015-05-15Support Qualcomm hardware decryptDees Troy3-14/+177
Change-Id: I121ef0f5da209be48f6d87559d539c7fc6d85336
2015-01-05crypto: remove unused libs and clean up makefilethat1-41/+2
libsoftkeymaster and its dependencies appear to be unused. Change-Id: Ib720f5e4d2750a739ba6b65b346c0e167df279d3
2014-12-21Allow non datamedia devices to wipe encryptionEthan Yonker2-1/+2
With 5.0 L, we decrypt automatically if the default_password is used. Non datamedia devices do not get the format data button so they cannot wipe encryption off the device. This patch add a wipe encryption button where the format data button would normally be located on the Wipe page. This patch also attempts to remove / delete the dm-crypt block device before formatting. Change-Id: I100d5d154d6c49254fd48e23279df973db5f23ae
2014-12-18Fix include paths in cryptoEthan Yonker2-3/+3
Change-Id: Ia9fd0cd75bd6ee6e14909890cb18a8edb3b22267
2014-12-12Fixes for compiling crypto in older treesDees Troy3-18/+3
Some of these fixes needed to be made anyway. Note that older trees will still need to have files / repos copied into them from newer trees. Namely we need: system/security/softkeymaster hardware/libhardware/include/hardware/keymaster.h Maybe others as I did not document very carefully what I was pulling in. Change-Id: I465fd1fbe228803ec02fba047b151f07ea13d5ca
2014-12-10crypto: fix build in < 5.0 treethat2-1/+3
Change-Id: Ie4ed3e91cfb7e509bac1d6db885bd3f415d2b168
2014-12-04Reduce libs needed for decrypt and clean up old decypt filesEthan Yonker34-8281/+53
Trim cryptfs.c to remove functions that TWRP does not use for decrypt and remove the need for libfs_mgr from cryptfs.c by passing some items to cryptfs.c from the partition manager. Add support for new fstab flags: encryptable and forceencrypt=/path/to/cryptokey For example: flags=forceencrypt=/dev/block/platform/sdhci-tegra.3/by-name/MD1 Note that "footer" is the default, so you do not need to set this flag on devices that use the footer for the crypto key. Also add mounttodecrypt if you need to mount a partition during the decrypt cycle for firmware of proprietary libs. Clean up decrypt and only support one version Android 5.0 lollipop decrypt should be backwards compatible with older versions so we will only support one version, 1.3 that came with 5.0 lollipop. Remove support for Samsung TouchWiz decrypt. It does not work with the latest versions of Samsung encryption anyway and it has not been updated to work with any AOSP decryption higher than 1.1 Change-Id: I2d9c6e31df50268c91ee642c2fa090f901d9d5c9
2014-11-18Tweak 5.0 L decryptEthan Yonker1-7/+7
Mount the vendor partition if it exists so we can use any proprietary files we may need. Relocate auto decrypt when default_password is in use to after all partitions are added so that we can mount the vendor partition. Change-Id: I93455a35695779f53ef57a82d3d45c7216c13639
2014-11-17Make libmincrypttwrp a shared libraryEthan Yonker1-2/+2
Change-Id: I8c3f084fc34b00edb4cd1b652290df8bc80ea1db
2014-11-12Add lollipop decrypt supportEthan Yonker3-0/+3903
Kang in cryptfs.c and cryptfs.h from vold. Use TW_INCLUDE_L_CRYPTO := true to enable. Ramdisk must contain the normal fstab file in the root in the usual format of: fstab.{ro.hardware} For examble for Nexus 5: fstab.hammerhead Or on many Qualcomm devices: fstab.qcom Tested against Android 5.0 lollipop on Nexus 7 2012 grouper. Not sure if or how this will work when we are dealing with a device with a hardware keystore. Long term we need to add a GUI element to allow entering a pattern. For now you can decrypt a pattern unlock by converting the dots to numbers in the following format: 123 456 789 So an upper-case L would translate to 14789 as a password entered on the keyboard. Change-Id: I02c29e1f1c2eb29bf002c9fe0fc118357300b5b3
2014-11-08Fix potential tree conflicts with scryptEthan Yonker2-2/+2
Change-Id: Iac40957e40cb9c10795dd6a1f67ca902c95dd9bc
2014-11-06Recovery: Fix my-dir must be called before including any other makefileRob1-2/+1
Change-Id: I70c867961ae779bd99839e4ce7cb1dc8d154158f
2014-11-04Fix some module tagsMatt Mower2-7/+5
There is no LOCAL_MODULES_TAGS. Fix by combining with LOCAL_MODULE_TAGS. Change-Id: I1cacef2f8123af3632ff6a52aa62c2f2e15ac37d
2014-11-03Remove dependence on build hax in makefilesMatt Mower1-2/+0
Update makefiles to no longer rely on INTERNAL_RECOVERY_FILES. Define LOCAL_ADDITIONAL_DEPENDENCIES instead. Set LOCAL_LDFLAGS to properly link recovery executable. Change-Id: I4542104c69399b5a19674b9772ab89c3709efa72
2014-09-03Build block TWRP with RECOVERY_VARIANTMatt Mower4-5/+10
Enable TWRP to reside alongside other recoveries with the naming convention: bootable/recovery(-flag). If TWRP resides at bootable/recovery and a device does not specify RECOVERY_VARIANT, then it will build like normal. If TWRP resides at bootable/recovery-twrp, then its makefiles will only be parsed if a device specifies 'RECOVERY_VARIANT := twrp'. This prevents TWRP specific makefile warnings/errors (notably, missing DEVICE_RESOLUTION) when another recovery is being built. Change-Id: I8f02fffcd79c309c7123b9428eedc69af02e126e
2014-02-26Check crypto footer before offering to decryptEthan Yonker4-2/+45
Verify that we have a valid footer with proper magic before setting things up for decryption to help prevent user confusion when dealing with data partitions that fail to mount. Also check to make sure that the block device for /data is present. Change-Id: Ie87818fe4505a8bf71df7d3934c114e7328ef3ca
2013-12-19crypto: Fix crypto dependencies for ICS/Samsung methodsOliverG964-7/+14
- libmincrypt renamed to libmincrypttwrp that is an static library - libjpegtwrp does not exist - libfs_mgrtwrp is for JB decryption methods This fixes making full builds when TW_INCLUDE_CRYPTO_SAMSUNG := true and TW_INCLUDE_CRYPTO := true are set. Somehow typing make recoveryimage doesnt push the mentioned issue. Change-Id: I7cad5db4f51152a1a8209e619b188ca88d7c74d1
2013-11-11Add getfooter tool for crypto debuggingDees Troy2-0/+234
Change-Id: I3b9e5f72f3c1c77e41a45d3c94a44f36cc5cbc3c
2013-11-10Update decrypt for 4.4Dees Troy39-477/+5748
Change-Id: I8d5d7b6a49890e4707d70de8b429563de0d2ad99
2013-08-23Fix AOSP decrypt when TouchWiz code is presentDees_Troy2-7/+11
2013-08-11Fix conflict with getline in 4.3 treeDees_Troy1-3/+3
Change-Id: I5accf8731829229d153a657c9290a7be83f87a03
2013-07-03Add additional build variable checks to Android.mk filesTrevor Drake5-6/+11
This was causing the mm command to fail when it was run from bootable/recovery and no crypto features had been specified in a device's configuration files Change-Id: Iddbeea5349bbf75cddb0250cd71821dfe3b7b9d8
2013-04-18Fix CFLAGS for Samsung decryptDees_Troy1-0/+12
2013-04-04Move all AOSP code out of recovery binaryDees_Troy2-0/+27
Improves license compatibility between GPL and Apache Change-Id: I2b165aa575bb6213af6b07936f99610c113443f0
2013-03-30Add partition list GUI elementDees_Troy2-2/+2
Add partition list GUI element and update backup, restore, mount, storage selection, and wipe sections of GUI and partition manager code to reflect the new GUI element. Update ORS engine to handle new backup and restore setup. Fix a bug with decrypt. Add 1080x1920 layout. Change-Id: Iaa2f44cb707167e66f935452f076ba00e68a2aa4
2013-01-10More Samsung sdcard crypto fixesDees_Troy2-19/+19
2013-01-09Improve remounting sdcard with ecryptfsDees_Troy1-9/+7
2013-01-08Add Samsung TouchWiz decryptiona39552697-658/+542
Change-Id: I418680e59372160dabfe3e2d5f0208229aa151ae
2012-11-19Workaround for crypto quirk on Nexus 10Dees_Troy1-1/+1
2012-09-21Fix special partition handlingDees_Troy1-27/+27
2012-09-05TWRP-ify AOSP codeDees_Troy11-0/+3418
Pull in most TWRP sources Stub out partition management code Make it compile -- probably will not boot Kind of a mess but have to start somewhere