diff options
| author | Yifan Hong <elsk@google.com> | 2019-11-15 00:33:11 -0800 |
|---|---|---|
| committer | Yifan Hong <elsk@google.com> | 2019-11-15 01:48:21 -0800 |
| commit | 44fd7f61667d3ad2bc7a39dbfb5b5af1e5402ebb (patch) | |
| tree | f5f0f7de64eb02534e3349fe22040ad65bac76d0 /trusty/coverage/coverage.cpp | |
| parent | a487793fc772e7aa3db2fb59a52e82108030ee09 (diff) | |
libsnapshot: bootloader rejects wipe in proper time.
Calls into HAL first to reject wipes early. Otherwise, there may
be a small window where wipes needs to be rejected but bootloader
doesn't know about it.
Consider the following flow in existing code:
1. sets file to merging
2. devices crashes / shuts down before calling into HAL
3. first-stage init maps dm-snapshot-merge
4. reboot into fastbootd / bootloader
5. wipe
At this point, bootloader / fastbootd won't know that merge
has already taken place.
Reorder so that snapshotctl notifies bootloader before writing
the file.
When switching from merging back to none:
0. merge has completed
1. sets file to none
2. devices crashes / shuts down before calling into HAL
3. first-stage init maps dm-linear
4. reboot into fastbootd / bootloader and wipe (fail)
5. reboot, snapshotctl resets state to none (calls into HAL)
6. reboot into fastbootd / bootloader and wipe (successful)
Test: libsnapshot_test
Change-Id: I2b430049c79bf1a751167db7fce74502ac26490a
Diffstat (limited to 'trusty/coverage/coverage.cpp')
0 files changed, 0 insertions, 0 deletions