| Commit message (Collapse) | Author | Files | Lines |
|
When using AVB, PRODUCT_SUPPORTS_VERITY is not set so check for
BOARD_ENABLE_AVB as well. Also AVB sets up the root filesystem as
'vroot' so map that to 'system' since this is what is
expected. Managed to test at least that the code is at least compiled
in:
$ fastboot --set-active=_a
Setting current slot to 'a'...
OKAY [ 0.023s]
finished. total time: 0.023s
$ fastboot reboot
rebooting...
finished. total time: 0.050s
$ adb wait-for-device
$ adb logcat |grep update_verifier
03-04 05:28:56.773 630 630 I /system/bin/update_verifier: Started with arg 1: nonencrypted
03-04 05:28:56.776 630 630 I /system/bin/update_verifier: Booting slot 0: isSlotMarkedSuccessful=0
03-04 05:28:56.776 630 630 W /system/bin/update_verifier: Failed to open /data/ota_package/care_map.txt: No such file or directory
03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Marked slot 0 as booted successfully.
03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Leaving update_verifier.
Bug: None
Test: Manually tested on device using AVB bootloader.
Change-Id: I13c0fe1cc5d0f397e36f5e62fcc05c8dfee5fd85
|
|
Enable -Wall and expose verify_image() for testing purpose.
Test: mmma bootable/recovery
Test: recovery_component_test
Change-Id: I1ee1db2a775bafdc1112e25a1bc7194d8d6aee4f
|
|
Raise the priority and ioprio of update_verifier and launch with
exec_start. This saves ~100ms of time before `class_start main` is executed.
Bug: 36511808
Bug: 36102163
Test: Boot bullhead
Test: Verify boottime decrease on sailfish
Change-Id: I944a6c0d4368ead5b99171f49142da2523ed1bdd
|
|
For devices that are not using dm-verity, update_verifier can't verify
anything, but to mark the successfully booted flag unconditionally.
Test: Successfully-booted flag is set on devices w/o dm-verity.
Test: Successfully-booted flag is set after verification on devices w/
dm-verity.
Change-Id: I79ab2caec2d4284aad0d66dd161adabebde175b6
|
|
Test: UV logs show success in both binderized and passthrough modes.
Bug: 31864052
Change-Id: Ied67a52c458dba7fe600e0fe7eca84db1a9f2587
Signed-off-by: Connor O'Brien <connoro@google.com>
|
|
It's out of sync due to the cherry-pick in commit
d007cf2da29f05eee002dd33e6c04262f709b274.
Test: mmma bootable/recovery
Change-Id: I286fe89c4c7d09de3a06d09f9a2b0cdecef326f5
|
|
This reverts commit 86199a47e18942c49423b04eb1f3deacd6072849.
Bug: 32973182
Change-Id: If3eab18cc2e810446da447fadfd0fb44c02b771b
|
|
This reverts commit f50593c447faf8415615b5dea2666d7f0f24a0fb.
Bug: 32973182
Change-Id: I5b14a812671ea02575cb452242ff1a6f05edb9c1
|
|
Test: Flashed device and confirmed update_verifier runs successfully
Change-Id: I5bce4ece1e3ba98f57299c9cf469a5e2a5226ff2
Signed-off-by: Connor O'Brien <connoro@google.com>
|
|
Test: Flashed device and confirmed update_verifier runs successfully
Change-Id: I5bce4ece1e3ba98f57299c9cf469a5e2a5226ff2
Merged-In: I5bce4ece1e3ba98f57299c9cf469a5e2a5226ff2
Signed-off-by: Connor O'Brien <connoro@google.com>
|
|
Read all blocks in system and vendor partition during boot time
so that dm-verity could verify this partition is properly flashed.
Bug: 27175949
Change-Id: I38ff7b18ee4f2733e639b89633d36f5ed551c989
Test: mma
(cherry picked from commit 03ca853a1c8b974152b7c56cb887ac2f36cfd833)
(cherry picked from commit 4bbe0c93c80789891d54a74424731caffda0d0db)
(Fix a typo when comparing the verity mode)
(cherry picked from commit da654af606d700c0a467c27025fb7f6ef745936d)
(Skip update verification if care_map is not found)
|
|
Also remove the 0xff comparison when validating the bootloader
message fields. As the fields won't be erased to 0xff after we
remove the MTD support.
Bug: 28202046
Test: The recovery folder compiles for aosp_x86-eng
Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
(cherry picked from commit 7aa88748f6ec4e53333d1a15747bc44826ccc410)
|
|
Also remove the 0xff comparison when validating the bootloader
message fields. As the fields won't be erased to 0xff after we
remove the MTD support.
Bug: 28202046
Test: The recovery folder compiles for aosp_x86-eng
Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
|
|
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
|
|
Read all blocks in system and vendor partition during boot time
so that dm-verity could verify this partition is properly flashed.
Bug: 27175949
Change-Id: I38ff7b18ee4f2733e639b89633d36f5ed551c989
|
|
logd already gets started before we call update_verifier.
Bug: 26039641
Change-Id: If00669a77bf9a6e5534e33f4e50b42eabba2667a
(cherry picked from commit 45eac58ef188679f6df2d80efc0391c6d7904cd8)
|
|
update_verifier checks the integrity of the updated system and vendor
partitions on the first boot post an A/B OTA update. It marks the
current slot as having booted successfully if it passes the verification.
This CL doesn't perform any actual verification work which will be
addressed in follow-up CLs.
Bug: 26039641
Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42
(cherry picked from commit 1171d3a12b13ca3f1d4301985cf068076e55ae26)
|
|
And a few trival fixes to suppress warnings.
Change-Id: Id28e3581aaca4bda59826afa80c0c1cdfb0442fc
(cherry picked from commit 80e46e08de5f65702fa7f7cd3ef83f905d919bbc)
|
|
Move uncrypt from /init.rc to /system/etc/init/uncrypt.rc using the
LOCAL_INIT_RC mechanism
Bug 23186545
Change-Id: Ib8cb6dffd2212f524298279787fd557bc84aa7b9
|
|
Clean up leaky file descriptors in uncrypt/uncrypt.cpp. Add unique_fd
for open() and unique_file for fopen() to close FDs on destruction.
Bug: 21496020
Change-Id: I0174db0de9d5f59cd43b44757b8ef0f5912c91a2
|
|
uncrypt needs to be triggered to prepare the OTA package before
rebooting into the recovery. Separate uncrypt into two modes. In
mode 1, it uncrypts the OTA package, but will not reboot the
device. In mode 2, it wipes the /misc partition and reboots.
Needs matching changes in frameworks/base, system/core and
external/sepolicy to work properly.
Bug: 20012567
Bug: 20949086
(cherry picked from commit 158e11d6738a751b754d09df7275add589c31191)
Change-Id: I349f6d368a0d6f6ee4332831c4cd4075a47426ff
|
|
And a few trival fixes to suppress warnings.
Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
|
|
uncrypt needs to be triggered to prepare the OTA package before
rebooting into the recovery. Separate uncrypt into two modes. In
mode 1, it uncrypts the OTA package, but will not reboot the
device. In mode 2, it wipes the /misc partition and reboots.
Needs matching changes in frameworks/base, system/core and
external/sepolicy to work properly.
Bug: 20012567
Bug: 20949086
Change-Id: I14d25cb62770dd405cb56824d05d649c3a94f315
|
|
Also apply some trivial changes like int -> bool and clean-ups.
Change-Id: I5c6c42d34965305c394f4f2de78487bd1174992a
(cherry picked from commit 381f455cac0905b023dde79625b06c27b6165dd0)
|
|
Also apply some trivial changes like int -> bool and clean-ups.
Change-Id: Ic55fc8b82d7e91b321f69d10175be23d5c04eb92
|
|
Opening the misc block device in read-write mode runs afoul of
SELinux, which keeps the wipe code from working. Fix. Also change
various things to log to logcat so we can see them happening, for
future debugging.
Bug: 16715412
Change-Id: Ia14066f0a371cd605fcb544547b58a41acca70b9
|
|
Bug: 17029174, 17015157
Change-Id: I1d24f3402875dfb972daa6daef0f385baeff84e9
|
|
Bug: 17015157
Change-Id: I3c4bdcf4f11d44b617bb731a48413e3707044d1c
|
|
uncrypt can read a file on an encrypted filesystem and rewrite it to
the same blocks on the underlying (unencrypted) block device. This
destroys the contents of the file as far as the encrypted filesystem
is concerned, but allows the data to be read without the encryption
key if you know which blocks of the raw device to access. uncrypt
produces a "block map" file which lists the blocks that contain the file.
For unencrypted filesystem, uncrypt will produce the block map without
touching the data.
Bug: 12188746
Change-Id: Ib7259b9e14dac8af406796b429d58378a00c7c63
|
|
Separate files for retouch functionality are in minelf/*
ASLR for shared libraries is controlled by "-a" in ota_from_target_files.
Binary files are self-contained. Retouch logic can recover from crashes.
Signed-off-by: Hristo Bojinov <hristo@google.com>
Change-Id: I76c596abf4febd68c14f9d807ac62e8751e0b1bd
|