Add basic verity support to fs_mgr.
This change adds a "verify" fs_mgr flag specifying that
the device in question should be verified.
Devices marked with this flag are expected to have a
footer immediately after their data containing all
the information needed to set up a verity instance.
Change-Id: I10101f2c3240228ee0932e3767fe35e673d2e720
diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c
index 2761545..82c5798 100644
--- a/fs_mgr/fs_mgr.c
+++ b/fs_mgr/fs_mgr.c
@@ -34,12 +34,18 @@
#define SWAP_FLAG_PRIO_SHIFT 0
#define SWAP_FLAG_DISCARD 0x10000
+#include <linux/loop.h>
#include <private/android_filesystem_config.h>
#include <cutils/partition_utils.h>
#include <cutils/properties.h>
#include <logwrap/logwrap.h>
+#include "mincrypt/rsa.h"
+#include "mincrypt/sha.h"
+#include "mincrypt/sha256.h"
+
#include "fs_mgr_priv.h"
+#include "fs_mgr_priv_verity.h"
#define KEY_LOC_PROP "ro.crypto.keyfile.userdata"
#define KEY_IN_FOOTER "footer"
@@ -85,6 +91,7 @@
{ "recoveryonly",MF_RECOVERYONLY },
{ "swapprio=", MF_SWAPPRIO },
{ "zramsize=", MF_ZRAMSIZE },
+ { "verify", MF_VERIFY },
{ "defaults", 0 },
{ 0, 0 },
};
@@ -588,9 +595,17 @@
fstab->recs[i].mount_point);
}
+ if (fstab->recs[i].fs_mgr_flags & MF_VERIFY) {
+ if (fs_mgr_setup_verity(&fstab->recs[i]) < 0) {
+ ERROR("Could not set up verified partition, skipping!");
+ continue;
+ }
+ }
+
mret = __mount(fstab->recs[i].blk_device, fstab->recs[i].mount_point,
- fstab->recs[i].fs_type, fstab->recs[i].flags,
- fstab->recs[i].fs_options);
+ fstab->recs[i].fs_type, fstab->recs[i].flags,
+ fstab->recs[i].fs_options);
+
if (!mret) {
/* Success! Go get the next one */
continue;
@@ -665,6 +680,13 @@
fstab->recs[i].mount_point);
}
+ if (fstab->recs[i].fs_mgr_flags & MF_VERIFY) {
+ if (fs_mgr_setup_verity(&fstab->recs[i]) < 0) {
+ ERROR("Could not set up verified partition, skipping!");
+ continue;
+ }
+ }
+
/* Now mount it where requested */
if (tmp_mount_point) {
m = tmp_mount_point;
@@ -909,4 +931,3 @@
{
return fstab->fs_mgr_flags & MF_CRYPT;
}
-