| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change-Id: I108b7aeea41c6b85c851f40c1c4a7e25012e2463
|
|
Add support to upgrade key when export fails with KEY_REQUIRES_UPGRADE.
Ported from
https://source.codeaurora.org/quic/la/platform/system/vold/commit/?h=LA.UM.7.9.r1-06100-sm6150.0&id=85c46eaacc60290db5e71380d89eb4d99ed67995
Change-Id: Ic64be8ade00c0b0d014370ecc9341b1ecc9b0d7a
|
|
Qualcomm devices use a special `wrappedkey` mode for FBE. This is ported
from CAF
https://source.codeaurora.org/quic/la/platform/system/vold/commit/?h=LA.UM.7.8.r4-01000-SDM710.0&id=9229262d893a8592f7bc1b4e8a8dab7aad8df68c,
originally by folks at Mokee for vold
https://mokeedev.review/c/MoKee/android_system_vold/+/34102.
This patch ports the above changes to `ext4crypt`, which we can use in
recovery. Note that since we do not have `fs_mgr` in the recovery, we
cannot read the `wrappedkey` flag from fstab. Instead, similar to
`fbe.contents`, we use a special property `fbe.data.wrappedkey` to
indicate support for wrappedkey mode. Devices that need to use this
should set this property to `true` to activate corresponding code.
Change-Id: I79c2855d577156670b45c10c7c7b1fcd9fece8d9
|
|
Use LOCAL_REQUIRED_MODULES for Pie and up and
LOCAL_ADDITIONAL_DEPENDENCIES for Oreo and down.
Change-Id: I5365e782f98f3bbf4bf246be22c8f573824b65ee
|
|
Re-implemented SP800Derive in C++, which is added as the new key
derivation function in Android 9.0 May update. From file
services/core/java/com/android/server/locksettings/SP800Derive.java in
frameworks/base.
This is required to get TWRP working on any Android device that has a
screen lock set up after the May update.
Change-Id: I5c1a51b110033f2b0b75d5e36fd8098c05e95179
|
|
Avoid calling e4crypt_prepare_user_storage with wrong input parameters.
Change-Id: I5c8945370cb642e46f08c65090c0290c15fe0b57
libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 632 (recovery), pid 564 (recovery)
|
|
cryptfs.cpp based on CAF tag LA.UM.7.3.r1-05900-sdm845.0
Used CAF because AOSP no longer contains code for qcom's hardware
crypto.
Change-Id: I921cbe9bed70989f91449e23b5ac3ec1037b7b97
|
|
Change-Id: Ie0292f4ffea5993a4ae74fa04fc5c8252ca2cfcf
|
|
Building in 9.0 may require you to add a flag to your twrp fstab
with the fileencryption details like:
fileencryption=ice:aes-256-heh
Verify this against your device's stock fstab of course.
Change-Id: If9286f5d5787280814daca9fbc8f5191ff26a839
|
|
Change-Id: Iad82fa5d90ce7f3e4b1cf5cd5c6d6fef644f6762
|
|
Support decrypting Pixel 1 devices using secdis method with the
gatekeeper instead of weaver.
Add a bit of a dirty workaround to a permissions issue that the
keystore presents because the keystore checks the uid of the
calling process and refuses to let the root user add authorization
tokens. We write the auth token to a file and start a separate
service that runs under the system user. The service reads the
token from the file and adds it to the keystore. You must define
this service in your init.recovery.{hardware}.rc file:
service keystore_auth /sbin/keystore_auth
disabled
oneshot
user system
group root
seclabel u:r:recovery:s0
TWRP will run this service when needed.
Change-Id: I0ff48d3355f03dc0be8e75cddb8b484bdef98772
|
|
Change-Id: I9a6c5a1384bed7f0169d9af94ff8cb22913ff8e4
|
|
Change-Id: Ic8200da4e99826736e002a1ab5f9e5f967e84193
|
|
Includes various minor fixes for building in Android 8 trees with r23+ tag
Update FBE extended header in libtar to version 2 and include the entire
ext4_encryption_policy structure now after translating the policy.
See this post for more details:
https://plus.google.com/u/1/+DeesTroy/posts/i33ygUi7tiu
Change-Id: I2af981e51f459b17fcd895fb8c2d3f6c8200e24b
|
|
Change-Id: I8c8a9734adbf36c33463123844fa6e078934ae34
|
|
Change-Id: Iba8ef20f57b0fb57bb9406c53148a806441d0b59
|
|
Change-Id: Ib688ddd0c32d3999590cacd86b6d9b18eac336e9
|
