| Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I108b7aeea41c6b85c851f40c1c4a7e25012e2463
|
|
Add support to upgrade key when export fails with KEY_REQUIRES_UPGRADE.
Ported from
https://source.codeaurora.org/quic/la/platform/system/vold/commit/?h=LA.UM.7.9.r1-06100-sm6150.0&id=85c46eaacc60290db5e71380d89eb4d99ed67995
Change-Id: Ic64be8ade00c0b0d014370ecc9341b1ecc9b0d7a
|
|
Qualcomm devices use a special `wrappedkey` mode for FBE. This is ported
from CAF
https://source.codeaurora.org/quic/la/platform/system/vold/commit/?h=LA.UM.7.8.r4-01000-SDM710.0&id=9229262d893a8592f7bc1b4e8a8dab7aad8df68c,
originally by folks at Mokee for vold
https://mokeedev.review/c/MoKee/android_system_vold/+/34102.
This patch ports the above changes to `ext4crypt`, which we can use in
recovery. Note that since we do not have `fs_mgr` in the recovery, we
cannot read the `wrappedkey` flag from fstab. Instead, similar to
`fbe.contents`, we use a special property `fbe.data.wrappedkey` to
indicate support for wrappedkey mode. Devices that need to use this
should set this property to `true` to activate corresponding code.
Change-Id: I79c2855d577156670b45c10c7c7b1fcd9fece8d9
|
|
Use LOCAL_REQUIRED_MODULES for Pie and up and
LOCAL_ADDITIONAL_DEPENDENCIES for Oreo and down.
Change-Id: I5365e782f98f3bbf4bf246be22c8f573824b65ee
|
|
Re-implemented SP800Derive in C++, which is added as the new key
derivation function in Android 9.0 May update. From file
services/core/java/com/android/server/locksettings/SP800Derive.java in
frameworks/base.
This is required to get TWRP working on any Android device that has a
screen lock set up after the May update.
Change-Id: I5c1a51b110033f2b0b75d5e36fd8098c05e95179
|
|
Avoid calling e4crypt_prepare_user_storage with wrong input parameters.
Change-Id: I5c8945370cb642e46f08c65090c0290c15fe0b57
libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 632 (recovery), pid 564 (recovery)
|
|
cryptfs.cpp based on CAF tag LA.UM.7.3.r1-05900-sdm845.0
Used CAF because AOSP no longer contains code for qcom's hardware
crypto.
Change-Id: I921cbe9bed70989f91449e23b5ac3ec1037b7b97
|
|
* build modified vdc_pie binary with 'checkpw' command support
if building with Android 9.0 platform. That command and others
we don't care about, are removed from Pie vdc. Our vdc_pie will
run if system sdk version is > 27, otherwise system vdc is used.
Code adapted from Android 9.0 system/vold/vdc.
* include prebuilt vdc_pie(arm, arm64) binary if building with lower
than Android 9.0 platform - vdc_pie cannot be build from source
with those platforms without additional imports from Android 9.0
* skip vdc "getpwtype" command for Pie - vds communicates with vold
directly, no need for connection retries first
* add /system/bin/servicemanager to required services
* mount per-devive additional partitions needed for decryption
listed with device BoardConfig.mk TW_CRYPTO_SYSTEM_VOLD_MOUNT
flag like(space separated):
TW_CRYPTO_SYSTEM_VOLD_MOUNT := vendor cust odm
* add function to backup crypto footer before running vdc commands
and restore it after - on Xiaomi Mi Max 3 both Oreo and Pie stock
roms vold alters cripto footer when decrypting data in recovery
which causes system to ask for crypto password at next reboot
although password stays unchanged. Crypto footer backup/restore
added as workaround for systems whit ro.build.version.sdk > 25.
Also to preserve crypto footer integrity decryption attempts are
skipped if footer backup fails to ensure no data loss.
Code adapted from
https://gerrit.omnirom.org/#/c/android_bootable_recovery/+/31206/
Change-Id: I0a383f3843578fa55595cfea3b7c9c4431646a1a
|
|
Change-Id: Ie0292f4ffea5993a4ae74fa04fc5c8252ca2cfcf
|
|
Rather than using hard-coded system, use ANDROID_ROOT
environment variable to allow AB devices to mount
system_root at a custom path. This allows the /system
path to be bind mounted from $ANDROID_ROOT/system
so that the vold_decrypt paths can remain unchanged.
Change-Id: I9a7b13385e43f169f1df4c75b2a003fc6913952c
|
|
Building in 9.0 may require you to add a flag to your twrp fstab
with the fileencryption details like:
fileencryption=ice:aes-256-heh
Verify this against your device's stock fstab of course.
Change-Id: If9286f5d5787280814daca9fbc8f5191ff26a839
|
|
It seems that old Scrypt-config.mk is unaware of arm64 architecture.
In fact, crypto_scrypt-neon.c can be compiled into arm64 as well. This
CL adds an arch section for arm64.
Bug: 65425184
Test: adb shell /data/nativetest64/scrypt_test/scrypt_test
Change-Id: Ib451de642c7cc4548bfdc0879781981654b21b8f
Merged-In: If40a30378b8038324aad44071107130d7722e28d
|
|
* Allow custom definition of strace path with TW_ flags.
* `TW_CRYPTO_SYSTEM_VOLD_DEBUG := true`
will use default path: /sbin/strace.
* `TW_CRYPTO_SYSTEM_VOLD_DEBUG := /system/xbin/strace`
will use the provided `/system/xbin/strace` path.
Change-Id: I5e12a10176d17a4f26487de0976a776d48c4142e
Signed-off-by: nailyk-fr <nailyk_git@nailyk.fr>
|
|
* Separate stdout and stderr buffers:
vdc's return codes get sent to stdout, but the possible presence of
other error messages in the output buffer will cause a valid return
from vdc not to be parsed properly, and subsequent decryption to fail
due to "misunderstood" return code.
eg on the U11+ (htc_ocm) libc will generate an error to stderr due to
a missing property area resulting a proper connection to vold being
incorrectly parsed, and breaking decryption.
* Improve logging.
Change-Id: I57987ebe4ee6754a78e79ca177506098f8301f8f
|
|
libnativeheader exports headers under nativeheader. These were
available before incorrectly as global headers in order to give
access to jni.h.
Test: modules using external/scrypt find headers
Bug: 63762847
Change-Id: I9baf896015a1920f8a26daa2a0c549169628890f
|
|
Bug: http://b/18556103
Change-Id: Ibccef334b4d1a2e68e327fc8b73e62e62d13df32
|
|
Bug: http://b/16574165
Change-Id: Ieb63fb6a73f0fb2ab3260bc5eabca7d86d892fbd
|
|
Change-Id: Iad82fa5d90ce7f3e4b1cf5cd5c6d6fef644f6762
|
|
Support decrypting Pixel 1 devices using secdis method with the
gatekeeper instead of weaver.
Add a bit of a dirty workaround to a permissions issue that the
keystore presents because the keystore checks the uid of the
calling process and refuses to let the root user add authorization
tokens. We write the auth token to a file and start a separate
service that runs under the system user. The service reads the
token from the file and adds it to the keystore. You must define
this service in your init.recovery.{hardware}.rc file:
service keystore_auth /sbin/keystore_auth
disabled
oneshot
user system
group root
seclabel u:r:recovery:s0
TWRP will run this service when needed.
Change-Id: I0ff48d3355f03dc0be8e75cddb8b484bdef98772
|
|
Change-Id: I9a6c5a1384bed7f0169d9af94ff8cb22913ff8e4
|
|
Change-Id: Ic8200da4e99826736e002a1ab5f9e5f967e84193
|
|
* HTC U11 Oreo is using keymaster3 FDE encryption which requires
the new services:
1- /system/bin/hwservicemanager
2- /vendor/bin/hw/android.hardware.keymaster@3.0-service
3- /vendor/bin/qseecomd (instead of /system/bin/qseecomd)
So in addition to /vendor/lib and /vendor/lib64 also
symlink /system/vendor/bin to /vendor/bin.
* vold_decrypt services now have separate prefixes:
1- 'sys_' referring to /system/bin
2- 'ven_' referring to /vendor/bin
* The additional (hwservicemanager, keymaster-3-0) and modified
(qseecomd) .rc files have been updated in the vold_decrypt
directory.
Comments were added directly in the .rc files, please check
them.
* /etc/recovery.fstab needs to be temporarily moved since
vold will use it if it finds the '/sbin/recovery' file
(refer to fs_mgr for the fstab load code https://goo.gl/8KaZyf).
Since fs_mgr cannot parse TWRP style fstab, we 'hide' it
and attempt to create a symlink to /fstab.{ro.hardware}.
Also remove shell dependencies, code cleanup, new error codes:
* Critical sections of vold_decrypt should not rely on the external
shell (and the available binaries) provided by TWFunc::Exec_Cmd.
Doing so may lead to failures resulting from different shell
provided binaries not working properly, especially since busybox
can be inconsistent across different trees.
In particular the following functions have been changed:
* run_vdc() no longer uses daisy chained commands, instead
it now forks and executes vdc directly including a 30 second
built in timeout.
* Symlink_Firmware_Files() no longer relies on the shell 'find'
command to retrieve the list of firmware/vendor files and instead
uses a built in function, Find_Firmware_Files(), which traverses
the system partition to retrieve the list of files.
* The code has also been cleaned up a little for better consistency,
and vold_decrypt will now return various error codes for the
different failures, as defined in vold_decrypt.h, which allows the
gui_msg to be moved back to partitionmanager.cpp.
Notes regarding pre Android 8.0 builds:
* Service names in .rc files cannot exceed 16 characters (including
the prepended 'sys_' or 'ven_') in Android 7.1 and below, so a
service name such as 'sys_hwservicemanager' is out of the question
for 7.1 and below.
* hwservicemanager will check ACLs on 'hwservicemanager' and 'ITokenManager'
if they are even allowed to run, otherwise the interfaces will fail.
The policies have only been introduced in 8.0, and although it is possible
to manually add them to the 7.1 policies it's not recommended.
* Therefore the best course of action is to build in 8.0.
* SIDE NOTE: On the HTC U11 we are actually using omni-7.1 with some changes
in the device tree to support both Nougat and Oreo decryption, please
refer to:
1- https://gerrit.twrp.me/c/2756/ for the necessary sepolicy and
BoardConfig changes.
2- The Android.mk file for vold_decrypt was modified to truncate
greater than 16 character service names (as mentioned therein)
Other changes:
* TW_CRYPTO_SYSTEM_VOLD_DISABLE_TIMEOUT is now deprecated due to built-
in fork and timeout.
* Output_dmesg_to_recovery_log() is also deprecated so upon a failed
decryption the recovery.log will no longer append it, instead you can
just use 'adb shell dmesg' to check it. Nonetheless if a true debug
build is needed use the original TW_CRYPTO_SYSTEM_VOLD_DEBUG flag as
outlined in the original commit message (see below).
Usage info:
This is an update to the initial vold_decrypt, for more info refer to
https://github.com/omnirom/android_bootable_recovery/commit/71c6c50d0da1f32dd18a749797e88de2358c5ba1
Change-Id: Id7129d125ae7f5dcba0779489825add718022ba3
|
|
Includes various minor fixes for building in Android 8 trees with r23+ tag
Update FBE extended header in libtar to version 2 and include the entire
ext4_encryption_policy structure now after translating the policy.
See this post for more details:
https://plus.google.com/u/1/+DeesTroy/posts/i33ygUi7tiu
Change-Id: I2af981e51f459b17fcd895fb8c2d3f6c8200e24b
|
|
Change-Id: I8c8a9734adbf36c33463123844fa6e078934ae34
|
|
* The dm-crypt device needs to be removed from
the device-mapper driver list otherwise it will
remain busy and cannot be used later on by
other processes (eg vold_decrypt) or for further
testing/debugging in recovery.
Change-Id: I35e43a79ecc3de234ddb9f87f7d75c6439ea7454
|
|
Change-Id: I883112e2618f560e96002e2076e2735cc20cfac3
|
|
If TWRP crypto fails to decrypt partition, mount the system
partition and use system's own vold to attempt decryption.
This provides a fallback for proprietary OEM encryption as well as
encryption methods which TWRP hasn't been updated for.
Requirements in device tree:
* fstab.{ro.hardware} in device/recovery/root
The fstab does not need to be complete, but it does need the
data partition and the encryption entries.
* 'TW_CRYPTO_USE_SYSTEM_VOLD := true' in BoardConfig
or
* 'TW_CRYPTO_USE_SYSTEM_VOLD := <list of services>'
Notes:
* Setting the flag to 'true' will just use system's vdc+vold
or
* Setting the flag with additional services, will also start them
prior to attempting vdc+vold decryption, eg: for qualcomm based
devices you usually need 'TW_CRYPTO_USE_SYSTEM_VOLD := qseecomd'
* For each service listed an additional import will be automatically
added to the vold_decrypt.rc file in the form of
init.recovery.vold_decrypt.{service}.rc
You will need to add any not already existing .rc files in
your device/recovery/root folder.
* The service names specified in the vold_decrypt.{service}.rc files
have to be named 'sys_{service}'
eg: 'service sys_qseecomd /system/bin/qseecomd'
* Any service already existing in TWRP as {service} or sbin{service} will
be stopped and restarted as needed.
* You can override the default init.recovery.vold_decrypt.rc file(s)
by placing same named ones in your device/recovery/root folder.
If you do, you'll need to manually add the needed imports.
* If /vendor and /firmware folders are temporarily moved and symlinked
to the folders and files in the system partition, the properties
'vold_decrypt.symlinked_vendor' and 'vold_decrypt.symlinked_firmware'
will be set to 1.
This allows for additional control in the .rc files for any extra
actions (symlinks, cp files, etc) that may be needed for decryption
by using: on property:vold_decrypt.symlinked_vendor=1 and/or
on property:vold_decrypt.symlinked_firmware=1 triggers.
Debug mode: 'TW_CRYPTO_SYSTEM_VOLD_DEBUG := true' in BoardConfig
* Specifying this flag, will enable strace on init and vdc, which will
create separate log files in /tmp for every process created, allowing
for detailed analysis of which services and files are being accessed.
* Note that enabling strace will expose the password in the logs!!
* You need to manually add strace to your build.
Thanks to @Captain_Throwback for co-authoring and testing.
Tested successfully on HTC devices:
M8 (KK through MM), M9 (MM and N), A9 (N), 10 (N), Bolt (N),
Desire 626s (MM), U Ultra (N)
HTC One X9 (MTK device)
And by Nikolay Jeliazkov on: Xiaomi Mi Max
Change-Id: I4d22ab55baf6a2a50adde2e4c1c510c142714227
|
|
Ioctl BLKGETSIZE expects pointer to unsigned long as argument.
On 64bit target using pointer to unsigned int can cause stack
corruption due to type mismatch.
props to https://github.com/aopp/android_system_vold/commit/f8b8787317fc94439b63bc891eeda83f7ae2f4f6
Change-Id: I1d76c65e29479c8f0cd44b6892069b21b8249b95
|
|
Based on Dees_Troy's approach.
Change-Id: Id9aafb6d0c64ab43e2711720a26e30ac86b90235
|
|
Change-Id: Iba8ef20f57b0fb57bb9406c53148a806441d0b59
|
|
Change-Id: Ib688ddd0c32d3999590cacd86b6d9b18eac336e9
|
|
only if not defined fallback to the default
more flexible device config where the cryptfs_hw is located
Change-Id: I7d1c18eeae877e48dceff06a7cfead28c89797b4
|
|
- Breaks decryption on some hw_crypto devices
- Default value already defined in preceding ifdef
- PS2: Move crypt_params definition prior to ifdef
(matches corresponding code from CAF)
Huge thanks to @beaups for figuring out the issue!
Change-Id: I1fd4e3a4862f022b17a555773feb1d6deac9d34c
|
|
I am not sure if we are really fixing anything other than we are
allowing the decrypt process to continue. On hardware crypto the
password never seems to match what is expected from the data in
the footer, probably because the data is not stored in the footer
and TZ does all the work. Still, if it works, it is hard to fault
the patch.
Change-Id: Ibbb286382e82523bec2064f51fa07194f84820c2
|
|
Some of the convoluted convert_hex_ascii_to_key code is needed to
properly decrypt CM 12.1 patterns where grid size is larger than
3x3.
Change-Id: I497e17980046c60d2c69ba56e4b83c8b64b0b80e
|
|
- Don't upgrade HW encrypted Lollipop devices to Marshmallow crypto
- Fix support for passwords and patterns with an odd number of elements
- Remove unused code
- Fix build warnings
Change-Id: I25f015085e5c859d0353f42f6a2fbc7ccecd48ed
|
|
-Detects, decrypts, and mounts an adopted SD card if a
secondary block device is defined (usually mmcblk1)
-Handles unified storage
-Displays the adopted storage in MTP along with internal
-Factory Reset - wiped just like a data media device, we
retain the keys folder and the storage.xml during a
factory reset
-Backup / Restore
-Disable mass storage when adopted storage is present
-Read storage nickname from storage.xml and apply it to
display names in the GUI
-Read storage.xml and determine what storage location is in
use for /sdcard and remap accordingly
libgpt_twrp is source code mostly kanged from an efimanager
project. It is GPL v2 or higher, so we will opt for GPL v3.
Change-Id: Ieda0030bec5155ba8d2b9167dc0016cebbf39d55
|
|
Change-Id: I4608c45b3f71b53e0988ca0248d3438110a40149
|
|
Change-Id: If5af8f634bc016160aebaf7d4e6cda6c5650a077
|
|
Change-Id: I121ef0f5da209be48f6d87559d539c7fc6d85336
|
|
libsoftkeymaster and its dependencies appear to be unused.
Change-Id: Ib720f5e4d2750a739ba6b65b346c0e167df279d3
|
|
With 5.0 L, we decrypt automatically if the default_password is
used. Non datamedia devices do not get the format data button so
they cannot wipe encryption off the device. This patch add a wipe
encryption button where the format data button would normally be
located on the Wipe page.
This patch also attempts to remove / delete the dm-crypt block
device before formatting.
Change-Id: I100d5d154d6c49254fd48e23279df973db5f23ae
|
|
Change-Id: Ia9fd0cd75bd6ee6e14909890cb18a8edb3b22267
|
|
Some of these fixes needed to be made anyway. Note that older
trees will still need to have files / repos copied into them from
newer trees. Namely we need:
system/security/softkeymaster
hardware/libhardware/include/hardware/keymaster.h
Maybe others as I did not document very carefully what I was
pulling in.
Change-Id: I465fd1fbe228803ec02fba047b151f07ea13d5ca
|
|
Change-Id: Ie4ed3e91cfb7e509bac1d6db885bd3f415d2b168
|
|
Trim cryptfs.c to remove functions that TWRP does not use for
decrypt and remove the need for libfs_mgr from cryptfs.c by
passing some items to cryptfs.c from the partition manager.
Add support for new fstab flags:
encryptable and forceencrypt=/path/to/cryptokey
For example:
flags=forceencrypt=/dev/block/platform/sdhci-tegra.3/by-name/MD1
Note that "footer" is the default, so you do not need to set this
flag on devices that use the footer for the crypto key.
Also add mounttodecrypt if you need to mount a partition during
the decrypt cycle for firmware of proprietary libs.
Clean up decrypt and only support one version
Android 5.0 lollipop decrypt should be backwards compatible with
older versions so we will only support one version, 1.3 that came
with 5.0 lollipop.
Remove support for Samsung TouchWiz decrypt. It does not work with
the latest versions of Samsung encryption anyway and it has not
been updated to work with any AOSP decryption higher than 1.1
Change-Id: I2d9c6e31df50268c91ee642c2fa090f901d9d5c9
|
|
Mount the vendor partition if it exists so we can use any
proprietary files we may need.
Relocate auto decrypt when default_password is in use to after all
partitions are added so that we can mount the vendor partition.
Change-Id: I93455a35695779f53ef57a82d3d45c7216c13639
|
|
Change-Id: I8c3f084fc34b00edb4cd1b652290df8bc80ea1db
|
|
Kang in cryptfs.c and cryptfs.h from vold.
Use TW_INCLUDE_L_CRYPTO := true to enable.
Ramdisk must contain the normal fstab file in the root in the
usual format of:
fstab.{ro.hardware}
For examble for Nexus 5:
fstab.hammerhead
Or on many Qualcomm devices:
fstab.qcom
Tested against Android 5.0 lollipop on Nexus 7 2012 grouper. Not
sure if or how this will work when we are dealing with a device
with a hardware keystore. Long term we need to add a GUI element
to allow entering a pattern. For now you can decrypt a pattern
unlock by converting the dots to numbers in the following format:
123
456
789
So an upper-case L would translate to 14789 as a password entered
on the keyboard.
Change-Id: I02c29e1f1c2eb29bf002c9fe0fc118357300b5b3
|
|
Change-Id: Iac40957e40cb9c10795dd6a1f67ca902c95dd9bc
|
|
Change-Id: I70c867961ae779bd99839e4ce7cb1dc8d154158f
|
|
There is no LOCAL_MODULES_TAGS. Fix by combining with LOCAL_MODULE_TAGS.
Change-Id: I1cacef2f8123af3632ff6a52aa62c2f2e15ac37d
|
|
Update makefiles to no longer rely on INTERNAL_RECOVERY_FILES. Define
LOCAL_ADDITIONAL_DEPENDENCIES instead.
Set LOCAL_LDFLAGS to properly link recovery executable.
Change-Id: I4542104c69399b5a19674b9772ab89c3709efa72
|
|
Enable TWRP to reside alongside other recoveries with the naming
convention: bootable/recovery(-flag). If TWRP resides at
bootable/recovery and a device does not specify RECOVERY_VARIANT, then
it will build like normal. If TWRP resides at bootable/recovery-twrp,
then its makefiles will only be parsed if a device specifies
'RECOVERY_VARIANT := twrp'. This prevents TWRP specific makefile
warnings/errors (notably, missing DEVICE_RESOLUTION) when another
recovery is being built.
Change-Id: I8f02fffcd79c309c7123b9428eedc69af02e126e
|
|
Verify that we have a valid footer with proper magic before
setting things up for decryption to help prevent user confusion
when dealing with data partitions that fail to mount. Also check
to make sure that the block device for /data is present.
Change-Id: Ie87818fe4505a8bf71df7d3934c114e7328ef3ca
|
|
- libmincrypt renamed to libmincrypttwrp that is an static library
- libjpegtwrp does not exist
- libfs_mgrtwrp is for JB decryption methods
This fixes making full builds when TW_INCLUDE_CRYPTO_SAMSUNG := true and TW_INCLUDE_CRYPTO := true are set.
Somehow typing make recoveryimage doesnt push the mentioned issue.
Change-Id: I7cad5db4f51152a1a8209e619b188ca88d7c74d1
|
|
Change-Id: I3b9e5f72f3c1c77e41a45d3c94a44f36cc5cbc3c
|
|
Change-Id: I8d5d7b6a49890e4707d70de8b429563de0d2ad99
|
|
|
|
Change-Id: I5accf8731829229d153a657c9290a7be83f87a03
|
|
This was causing the mm command to fail when it was run from
bootable/recovery and no crypto features had been specified in
a device's configuration files
Change-Id: Iddbeea5349bbf75cddb0250cd71821dfe3b7b9d8
|
|
|
|
Improves license compatibility between GPL and Apache
Change-Id: I2b165aa575bb6213af6b07936f99610c113443f0
|
|
Add partition list GUI element and update backup, restore, mount,
storage selection, and wipe sections of GUI and partition manager
code to reflect the new GUI element. Update ORS engine to handle
new backup and restore setup.
Fix a bug with decrypt.
Add 1080x1920 layout.
Change-Id: Iaa2f44cb707167e66f935452f076ba00e68a2aa4
|
|
|
|
|
|
Change-Id: I418680e59372160dabfe3e2d5f0208229aa151ae
|
|
|
|
|
|
Pull in most TWRP sources
Stub out partition management code
Make it compile -- probably will not boot
Kind of a mess but have to start somewhere
|