From e131bec179826431b7b89e4748ae05e8a4262145 Mon Sep 17 00:00:00 2001 From: Ethan Yonker Date: Fri, 15 Dec 2017 23:48:02 -0600 Subject: Add spblob decrypt for secdis method (Pixel 1 non-weaver) Support decrypting Pixel 1 devices using secdis method with the gatekeeper instead of weaver. Add a bit of a dirty workaround to a permissions issue that the keystore presents because the keystore checks the uid of the calling process and refuses to let the root user add authorization tokens. We write the auth token to a file and start a separate service that runs under the system user. The service reads the token from the file and adds it to the keystore. You must define this service in your init.recovery.{hardware}.rc file: service keystore_auth /sbin/keystore_auth disabled oneshot user system group root seclabel u:r:recovery:s0 TWRP will run this service when needed. Change-Id: I0ff48d3355f03dc0be8e75cddb8b484bdef98772 --- crypto/ext4crypt/HashPassword.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'crypto/ext4crypt/HashPassword.h') diff --git a/crypto/ext4crypt/HashPassword.h b/crypto/ext4crypt/HashPassword.h index 8abd0de71..4be107b51 100644 --- a/crypto/ext4crypt/HashPassword.h +++ b/crypto/ext4crypt/HashPassword.h @@ -24,6 +24,8 @@ #define PERSONALISATION_WEAVER_PASSWORD "weaver-pwd" #define PERSONALISATION_APPLICATION_ID "application-id" #define PERSONALIZATION_FBE_KEY "fbe-key" +#define PERSONALIZATION_USER_GK_AUTH "user-gk-authentication" +#define PERSONALISATION_SECDISCARDABLE "secdiscardable-transform" void* PersonalizedHashBinary(const char* prefix, const char* key, const size_t key_size); -- cgit v1.2.3