Gitiles
Code Review Sign In
gerrit.devboardsforandroid.linaro.org / device / linaro / dragonboard / 95188ca30c6c77b0b9db73e70f4cea83bb862924^! / .
commit95188ca30c6c77b0b9db73e70f4cea83bb862924[log] [tgz]
authorJohn Stultz <john.stultz@linaro.org>Wed Jul 21 23:21:22 2021 +0000
committerJohn Stultz <john.stultz@linaro.org>Mon Jul 26 22:43:37 2021 +0000
treedbe5aa56abf10d0fec3d53cd0dd973b4e790f8ef
parent26f5a0dceb025ba5312047fc7f4684953e0451e2 [diff]
db845c: Enable metadata encryption

This fully enables metadata encryption on db845c by following
the instructions here:
  https://source.android.com/security/encryption/metadata?hl=en

Mostly just adding --early/--late mountall arguments in the
init.rc and the "latemount" and
"keydirectory=/metadata/vold/metadata_encryption" options to the
userdata fstab line.

Note: You will likely need to flash new userdata (and possibly
reflash metadata as well) after applying this. Use the flashall
script if you are having any trouble.

Reported-by: Lucas Henneman <henneman@google.com>
Test: atest vts_kernel_encryption_test
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I3f4237267238dbf43a9c540f815ce2f00f8ae793

diff --git a/fstab.common b/fstab.common
index 4ee2af2..f1bd034 100644
--- a/fstab.common
+++ b/fstab.common

@@ -1,5 +1,5 @@
 system		/system		ext4	noatime,ro,errors=panic		wait,logical,first_stage_mount,slotselect
-/dev/block/platform/soc@0/1d84000.ufshc/by-name/userdata /data		ext4	discard,noatime,noauto_da_alloc,data=ordered,user_xattr,barrier=1,inlinecrypt	wait,formattable,fileencryption=aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized,quota
+/dev/block/platform/soc@0/1d84000.ufshc/by-name/userdata /data		ext4	discard,noatime,noauto_da_alloc,data=ordered,user_xattr,barrier=1,inlinecrypt	latemount,wait,formattable,fileencryption=aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized,keydirectory=/metadata/vold/metadata_encryption,quota
 /dev/block/platform/soc@0/1d84000.ufshc/by-name/metadata	/metadata	ext4	noatime,nosuid,nodev,discard					wait,formattable,first_stage_mount,check
 /dev/block/platform/soc@0/1d84000.ufshc/by-name/misc /misc emmc defaults defaults
 /devices/platform/soc@0/8804000.sdhci/mmc_host/mmc*	auto	auto	defaults	voldmanaged=sdcard1:auto

diff --git a/init.common.rc b/init.common.rc
index 483b42f..f15640a 100644
--- a/init.common.rc
+++ b/init.common.rc

@@ -1,14 +1,20 @@
 import init.${ro.hardware}.usb.rc
 import init.${ro.hardware}.power.rc
 
+on early-fs
+    start vold
+
 on fs
-    mount_all /vendor/etc/fstab.${ro.hardware}
+    mount_all /vendor/etc/fstab.${ro.hardware} --early
     swapon_all /vendor/etc/fstab.${ro.hardware}
 
 on post-fs
     # set RLIMIT_MEMLOCK to 64MB
     setrlimit 8 67108864 67108864
 
+on late-fs
+    mount_all /vendor/etc/fstab.${ro.hardware} --late
+
 on init
     # For legacy support
     # See storage config details at http://source.android.com/tech/storage/