diff options
| author | bowgotsai <bowgotsai@google.com> | 2017-01-11 22:21:38 +0800 |
|---|---|---|
| committer | bowgotsai <bowgotsai@google.com> | 2017-01-25 18:03:20 +0800 |
| commit | b51722b4e2c31355971100c21628a9e881756c3a (patch) | |
| tree | 30caa442ad4aa07e7da723fa1ba57eb7ae714beb /libcutils/socket_local_server_unix.cpp | |
| parent | 894f3ea7cb030efce805fc50b03aef46f6bf37de (diff) | |
fs_mgr: support using libavb to enable dm-verity
external/avb/libavb provides the new Android Verified Boot (AVB) flow.
It has different verity metadata format than previous formats in
fs_mgr_verity.cpp fs_mgr should support using libavb to read the metadata
(a.k.a. HASHTREE descriptor in AVB) to enable dm-verity in kernel.
Two important files in this commit:
- fs_mgr_avb_ops.c: an implementation of struct AvbOps* for libavb to do
platform dependent I/O operations, e.g., read_from_partition.
- fs_mgr_avb.cpp: it reads the metadata (a.k.a. vbmeta images in AVB) from
all partitions, verifies its integrity against the values of
androidboot.vbmeta.{hash_alg, size, digest} passed from bootloader in
kernel command line. Then enable dm-verity for partitions having the
corresponding HASHTREE descriptor and with an 'avb' fstab flag.
Bug: 31264231
Test: Enable dm-verity on /system partition
Test: Enable dm-verity with FEC on /system partition
Change-Id: I4652806984fe5a30c61be0839135b5ca78323d38
Diffstat (limited to 'libcutils/socket_local_server_unix.cpp')
0 files changed, 0 insertions, 0 deletions