diff --git a/Keymaster.cpp b/Keymaster.cpp index a3853f9..abee9b2 100644 --- a/Keymaster.cpp +++ b/Keymaster.cpp @@ -207,6 +207,17 @@ bool Keymaster::isSecure() { return mDevice->halVersion().securityLevel != km::SecurityLevel::SOFTWARE; } +void Keymaster::earlyBootEnded() { + auto error = mDevice->earlyBootEnded(); + if (!error.isOk()) { + LOG(ERROR) << "earlyBootEnded failed: " << error.description(); + } + km::V4_1_ErrorCode km_error = error; + if (km_error != km::V4_1_ErrorCode::OK && km_error != km::V4_1_ErrorCode::UNIMPLEMENTED) { + LOG(ERROR) << "Error reporting early boot ending to keymaster: " << int32_t(km_error); + } +} + } // namespace vold } // namespace android diff --git a/Keymaster.h b/Keymaster.h index 049a741..78f66a3 100644 --- a/Keymaster.h +++ b/Keymaster.h @@ -39,6 +39,7 @@ using namespace ::android::hardware::keymaster::V4_1; // dangerous thing to rely on, but in this case its implications are simple and straightforward: // km::ErrorCode refers to the 4.0 ErrorCode, though we pull everything else from 4.1. using ErrorCode = ::android::hardware::keymaster::V4_0::ErrorCode; +using V4_1_ErrorCode = ::android::hardware::keymaster::V4_1::ErrorCode; } // namespace km @@ -125,6 +126,10 @@ class Keymaster { km::AuthorizationSet* outParams); bool isSecure(); + // Tell Keymaster that early boot has ended and early boot-only keys can no longer be created or + // used. + void earlyBootEnded(); + private: sp mDevice; DISALLOW_COPY_AND_ASSIGN(Keymaster); diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp index 088960e..acd5b59 100644 --- a/MetadataCrypt.cpp +++ b/MetadataCrypt.cpp @@ -56,6 +56,14 @@ static const char* kFn_keymaster_key_blob = "keymaster_key_blob"; static const char* kFn_keymaster_key_blob_upgraded = "keymaster_key_blob_upgraded"; static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) { + // We're about to mount data not verified by verified boot. Tell Keymaster that early boot has + // ended. + // + // TODO(paulcrowley): Make a Keymaster singleton or something, so we don't have to repeatedly + // open and initialize the service. + ::android::vold::Keymaster keymaster; + keymaster.earlyBootEnded(); + // fs_mgr_do_mount runs fsck. Use setexeccon to run trusted // partitions in the fsck domain. if (setexeccon(android::vold::sFsckContext)) {