diff options
| author | Danny Lin <danny@kdrag0n.dev> | 2021-10-05 19:06:04 -0700 |
|---|---|---|
| committer | alk3pInjection <webmaster@raspii.tech> | 2022-01-26 23:10:42 +0800 |
| commit | 375d7503efe8553bf21384d48be54d6e946f8514 (patch) | |
| tree | 0b38200de5ad959e5116c195535ea0716ffd00a1 | |
| parent | c711763ced44cb54557027c44c57262cbaa60048 (diff) | |
libfs_avb: Disable dm-verity when AVB is permissive
When the bootloader is unlocked (i.e. AVB is permissive), enforcing
dm-verity on system partitions is meaningless because the bootloader
doesn't enforce verification on the root of the high-level verified boot
chain: the kernel. As a result, mounting system partitions with
dm-verity (hashtree verification) is futile when the code performing
verification has not been verified in the first place; users can also
disable dm-verity manually by flashing vbmeta with `fastboot flash
--disable-verity vbmeta vbmeta.img`.
For user and developer convenience, disable dm-verity automatically when
the bootloader is unlocked by checking for permissive AVB. This makes it
possible to ship enforcing vbmeta images for security-conscious users to
lock their bootloader and reap the benefits of verified boot, while
still allowing users with unlocked bootloaders to modify system
partitions.
Change-Id: Ie88362cfbda75561ef450e00fdc82ade221facb5
| -rw-r--r-- | fs_mgr/libfs_avb/fs_avb.cpp | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/fs_mgr/libfs_avb/fs_avb.cpp b/fs_mgr/libfs_avb/fs_avb.cpp index 1da71176c..89d73b12f 100644 --- a/fs_mgr/libfs_avb/fs_avb.cpp +++ b/fs_mgr/libfs_avb/fs_avb.cpp @@ -241,7 +241,8 @@ AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta( bool verification_disabled = ((AvbVBMetaImageFlags)vbmeta_header->flags & AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED); bool hashtree_disabled = - ((AvbVBMetaImageFlags)vbmeta_header->flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED); + ((AvbVBMetaImageFlags)vbmeta_header->flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED) || + allow_verification_error; if (verification_disabled) { avb_handle->status_ = AvbHandleStatus::kVerificationDisabled; } else if (hashtree_disabled) { @@ -457,7 +458,8 @@ AvbUniquePtr AvbHandle::Open() { // - vbmeta struct in all partitions are still processed, just disable // dm-verity in the user space. bool hashtree_disabled = - ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED); + ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED) || + allow_verification_error; if (verification_disabled) { avb_handle->status_ = AvbHandleStatus::kVerificationDisabled; |