android_system_vold

Commit Graph

Author	SHA1	Message	Date
Automerger Merge Worker	6891eb7e2d	Merge changes from topics "metadata_wrapped_key_aosp", "volume_metadata" am: `36fd1ebfae` Change-Id: Ieb478426e40feffcefd3a5e478e5e1c5d72539b7	4 years ago
Paul Crowley	36fd1ebfae	Merge changes from topics "metadata_wrapped_key_aosp", "volume_metadata" * changes: On newer devices, use dm-default-key to encrypt SD cards vold: Wrapped key support for metadata encryption Refactor: make makeGen local	4 years ago
Paul Crowley	886e572009	On newer devices, use dm-default-key to encrypt SD cards The dm-crypt solution requires a kernel patch that won't be present in the GKI kernel, while the new metadata encryption system in the GKI kernel solves this problem in a much cleaner way. Test: create private volume on Cuttlefish, setting property both ways. Bug: 147814592 Change-Id: Ie02bd647c38d8101af2bbc47637f65845d312cea	4 years ago
Barani Muthukumaran	312b7df621	vold: Wrapped key support for metadata encryption metadata_encryption fstab option provides details on the cipher and flags used for metadata encryption. wrappedkey_v0 is provided to dm-default-key dm device when a wrapped key is used. The inline encryption hardware unwraps the key and derives the encryption key used to encrypt metadata without returning the key in the clear to software. Bug: 147733587 Test: FBE with metadata encryption using wrapped keys. Change-Id: Ibf69bdc12bb18d2f0aef8208e65f3a8dececfd2a	4 years ago
Paul Crowley	249c2fb4aa	Refactor: make makeGen local No need for KeyUtil to know how to make a KeyGeneration, it's cleaner if each module handles it separately. Also, create a CryptoOptions structure to track metadata encryption options, and simplify legacy cipher/option handling. Test: Treehugger Bug: 147814592 Change-Id: I740063882914097329ff72348d0c0855c26c7aab	4 years ago
Paul Crowley	79b853551d	Merge "Refactor key generation to handle both normal and metadata encryption." am: `8e0780cba2` Change-Id: I59510b64f6803f5e76fefa359abfcc9207420126	4 years ago
Paul Crowley	8e0780cba2	Merge "Refactor key generation to handle both normal and metadata encryption."	4 years ago
Paul Crowley	4eac264727	Refactor key generation to handle both normal and metadata encryption. Bug: 147733587 Test: Treehugger Change-Id: Iee176037dec2621c84da325c2627f988fcebbc8d Merged-In: Iee176037dec2621c84da325c2627f988fcebbc8d	4 years ago
Paul Crowley	b272b21a0a	Merge "Refactor MetadataCrypt.cpp to make create_crypto_blk_dev more general" am: `7566e467ab` Change-Id: Ib59c92bf516a171bfebc7c11be92502b37acf375	4 years ago
Paul Crowley	7566e467ab	Merge "Refactor MetadataCrypt.cpp to make create_crypto_blk_dev more general"	4 years ago
Paul Crowley	b62afed286	Merge changes Ic3993c1f,I06645bb4 am: `ac34e9aa3e` Change-Id: I4e11f42f1f302f8a08f60756cf08356aac8652cd	4 years ago
Paul Crowley	ac34e9aa3e	Merge changes Ic3993c1f,I06645bb4 * changes: Generalize CryptoType infrastructure Refactor CryptoType to use better names, and size_t not uint32_t	4 years ago
Paul Crowley	572c024853	Refactor MetadataCrypt.cpp to make create_crypto_blk_dev more general Bug: 147814592 Test: Treehugger Change-Id: I13c6f84d729f2953f78626493d6e6d34d578a013	4 years ago
Paul Crowley	220567c33a	Generalize CryptoType infrastructure More consistency between MetadataCrypt and cryptfs, and steps towards supporting Adiantum properly in MetadataCrypt. Test: create private volume on Cuttlefish Bug: 147814592 Change-Id: Ic3993c1fde11b4f5a9e6cc8ee588a7d92241c6ab	4 years ago
Paul Crowley	a661fb659b	Refactor CryptoType to use better names, and size_t not uint32_t Test: treehugger Bug: 147814592 Change-Id: I06645bb4941794797beebf05b817c4ac52e09cd7	4 years ago
Automerger Merge Worker	47aff8772d	Merge "Use DM layer directly to manage private DM volumes" am: `dd12ea5bd2` Change-Id: Ifb77dd72e810e758ac3a6105e13f7ea4341dca36	4 years ago
Paul Crowley	dd12ea5bd2	Merge "Use DM layer directly to manage private DM volumes"	4 years ago
Automerger Merge Worker	4d37b4f980	Merge "Pass volume key as a KeyBuffer" am: `334a684557` Change-Id: I017400aa3ef988435914ef2770b20bd78a0c1c10	4 years ago
Treehugger Robot	334a684557	Merge "Pass volume key as a KeyBuffer"	4 years ago
Automerger Merge Worker	aafbd4066a	Merge "vold: Support Storage keys for FBE" am: `8cfb530357` Change-Id: I933a31eefe57b8b06513ca3e7a2ee874a1b680a1	4 years ago
Treehugger Robot	8cfb530357	Merge "vold: Support Storage keys for FBE"	4 years ago
Paul Crowley	659b63fe00	Use DM layer directly to manage private DM volumes Abolish cryptfs_revert_ext_volume, handle in caller. This allows us to use DeleteDeviceIfExists, avoiding a spurious error message. Test: create private volume on Cuttlefish, eject, check logs Bug: 147814592 Change-Id: I836d8bd11b29e32da0863aaa75144543bb9cab9c	4 years ago
Paul Crowley	3d98f5d159	Pass volume key as a KeyBuffer Not for security, but for consistency with the way we handle other keys, and to move the length check to where it belongs. Test: create private volume on Cuttlefish Bug: 147814592 Change-Id: I10fc4896183d050ce25ff174faf78f525cf62930	4 years ago
Barani Muthukumaran	3dfb094cb2	vold: Support Storage keys for FBE To prevent keys from being compromised if an attacker acquires read access to kernel memory, some inline encryption hardware supports protecting the keys in hardware without software having access to or the ability to set the plaintext keys. Instead, software only sees "wrapped keys", which may differ on every boot. 'wrappedkey_v0' fileencryption flag is used to denote that the device supports inline encryption hardware that supports this feature. On such devices keymaster is used to generate keys with STORAGE_KEY tag and export a per-boot ephemerally wrapped storage key to install it in the kernel. The wrapped key framework in the linux kernel ensures the wrapped key is provided to the inline encryption hardware where it is unwrapped and the file contents key is derived to encrypt contents without revealing the plaintext key in the clear. Test: FBE validation with Fscrypt v2 + inline crypt + wrapped key changes kernel. Bug: 147733587 Change-Id: I1f0de61b56534ec1df9baef075acb74bacd00758	4 years ago
Automerger Merge Worker	fce0d92ce4	Merge "Have vold inform keymaster that early boot ended" am: `68b9fb10ae` Change-Id: Ic113eea7d3282084f1eae308ae1b6df931bd7a8c	4 years ago
Treehugger Robot	68b9fb10ae	Merge "Have vold inform keymaster that early boot ended"	4 years ago
Automerger Merge Worker	53f8e2df82	Merge "Update vold to use KM4.1" am: `6c5f302a90` Change-Id: I5393adf2503586c87414a302fa24d381863bccbf	4 years ago
Treehugger Robot	6c5f302a90	Merge "Update vold to use KM4.1"	4 years ago
Shawn Willden	2b1ff5aaab	Have vold inform keymaster that early boot ended Just before mounting partition(s) not verified by verified boot, vold should notify keymaster that early boot has ended so it won't allow EARLY_BOOT_ONLY keys to be created or used. Test: VtsHalKeymasterV4_1TargetTest Change-Id: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3 Merged-In: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3	4 years ago
Shawn Willden	35f0f22c9b	Update vold to use KM4.1 This CL updates vold to use the Keymaster 4.1 interface, but does not yet call any of the new methods. Test: Boot the device Change-Id: I4574a2f6eead3b71d1e89488b496b734694620c7 Merged-In: I4574a2f6eead3b71d1e89488b496b734694620c7	4 years ago
Automerger Merge Worker	2381810b99	Merge "Use std::string to return crypto device, not char *" am: `80731b0975` Change-Id: I4cdc6e59713a945f9fc7b6e9d8c765e78c44b9cb	4 years ago
Paul Crowley	80731b0975	Merge "Use std::string to return crypto device, not char *"	4 years ago
Automerger Merge Worker	645c2f40a0	Merge "Refactor: make cryptfs.h smaller" am: `98c501d28e` Change-Id: I85d5bacfc08245397cb4f8aa71406bfeed961c19	4 years ago
Treehugger Robot	98c501d28e	Merge "Refactor: make cryptfs.h smaller"	4 years ago
Paul Crowley	81796e9dce	Use std::string to return crypto device, not char * Bug: 147814592 Test: can create private volume on Cuttlefish Change-Id: Ic2bca81c0f0319e1b988e9204a2f4e91af57d157	4 years ago
Paul Crowley	73be12dcd5	Refactor: make cryptfs.h smaller Move most of it into cryptfs.cpp, and include cryptfs.h in fewer files. Bug: 147814592 Test: Treehugger Change-Id: Ia3592d73e7abc1f07a60538e0978a3033bdea7de	4 years ago
Automerger Merge Worker	0560c27092	Merge changes from topics "dm-default-key-v2", "metadata_cipher" am: `f60e947438` Change-Id: I3e27ed3481542e5e6fe0db2c872d745151e50765	4 years ago
Treehugger Robot	f60e947438	Merge changes from topics "dm-default-key-v2", "metadata_cipher" * changes: Set metadata cipher in fstab Add support for v2 of dm-default-key	4 years ago
Automerger Merge Worker	8cf1eda025	Merge "Rename key_dir to metadata_key_dir and refactor" am: `a7463139cd` Change-Id: I14535278f6e2b0ffe6c322a2e9bd7e2ae608105f	4 years ago
Paul Crowley	a7463139cd	Merge "Rename key_dir to metadata_key_dir and refactor"	4 years ago
Paul Crowley	84e84c5f33	Set metadata cipher in fstab Bug: 147814592 Test: Cuttlefish can use adiantum Change-Id: I6805ae4acff4dd1ff7cecff9153dbf29e0274165	4 years ago
Paul Crowley	92a14b6b16	Add support for v2 of dm-default-key Version 2 of dm-default-key has an extra parameter and always sets the DUN. Bug: 147814592 Test: Cuttlefish boots with keydirectory flag Test: Crosshatch formatted before this change boots after it Change-Id: I59081e385324d2e34a5f252286a97938d6ffb79b	4 years ago
Paul Crowley	c9b92f0c17	Rename key_dir to metadata_key_dir and refactor Bug: 147814592 Test: Crosshatch boots Change-Id: I9fce0ea5da9c81c2e4e9cf97b75c1cba821adf9e	4 years ago
Paul Crowley	7c3b0af05e	Merge "Refactor to use EncryptionPolicy everywhere we used to use raw_ref" am: `fda79ddd82` Change-Id: I0d1599b8a2baa141e1d08029f75e5e54f486cb14	4 years ago
Paul Crowley	fda79ddd82	Merge "Refactor to use EncryptionPolicy everywhere we used to use raw_ref"	4 years ago
Paul Crowley	77df7f207d	Refactor to use EncryptionPolicy everywhere we used to use raw_ref Test: Boots, no bad log messages: Cuttlefish with v2 policies, Taimen Bug: 147733587 Change-Id: Ice4acac3236b6b7d90e60a2f57b46814aa1949f5	4 years ago
Automerger Merge Worker	8427b24fc5	Merge "vold: Do not cache CE keys in vold" am: `432ca5af06` Change-Id: I2ca8cd6aec19e5f736d4a796ed882ce5d704ded9	4 years ago
Paul Crowley	432ca5af06	Merge "vold: Do not cache CE keys in vold"	4 years ago
Automerger Merge Worker	37d8af2621	Merge "Add support for casefolding and project quotas" am: `f66ed18972` Change-Id: I5cba75000bcdbbc3bd3c6778994fea09d135aa2b	5 years ago
Daniel Rosenberg	f66ed18972	Merge "Add support for casefolding and project quotas"	5 years ago

1 2 3 4 5 ...

3229 Commits (6891eb7e2dcbde5e5abe07a781f3e5544941c094) All Branches Search

3229 Commits (6891eb7e2dcbde5e5abe07a781f3e5544941c094)

All Branches