diff options
| author | Bowgo Tsai <bowgotsai@google.com> | 2017-07-19 17:27:18 +0800 |
|---|---|---|
| committer | Bowgo Tsai <bowgotsai@google.com> | 2017-07-19 18:45:40 +0800 |
| commit | b67489419911875d8791de87996c39b61740e781 (patch) | |
| tree | a6da1ae6134f557474334235887cd3a3f42a7713 /libcutils/socket_local_server_unix.cpp | |
| parent | b84666cbc0b537447bbb0d48a381bc7430d6cf79 (diff) | |
fs_mgr_verity: allow verification error when the device is unlocked
On a A/B device, the image combination in VTS is:
- system.img (userdebug): provided by Google (system as root)
- vendor.img (user): provided by the OEM
The generic system.img provided by Google doesn't have /verity_key.
So verified boot will fail when it tries to verify the signature of
vendor.img. This CL allows signature verification error (including
no verity_key) when the device is unlocked.
This CL also changes the return value to FS_MGR_SETUP_VERITY_SKIPPED when
signature verification failed in logging mode. Otherwise, first stage
mount will fail because it assumes verity device initialization should be
successful when receiving FS_MGR_SETUP_VERITY_SUCCESS.
Bug: 63821912
Test: boot generic system.img on a A/B device
Change-Id: I33e5ef753913ae9f0c8b02c518ae94d4c8505611
Diffstat (limited to 'libcutils/socket_local_server_unix.cpp')
0 files changed, 0 insertions, 0 deletions