diff options
author | android-build-team Robot | 2017-08-13 02:34:31 -0500 |
---|---|---|
committer | android-build-team Robot | 2017-08-13 02:34:31 -0500 |
commit | 52f0e206e2da41ece5159e6a21bba876430b6dc2 (patch) | |
tree | 66a7aacf3860945b828db046d57f4aed567547aa | |
parent | e6dd71bcdb24fb57431d60008fe82442259a6b44 (diff) | |
parent | 9cf2e9798fc4aa41df866fd4a1062199f98be26f (diff) | |
download | platform-bootable-recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.tar.gz platform-bootable-recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.tar.xz platform-bootable-recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.zip |
release-request-68cc9b2a-98ae-4fbf-8b56-3e535855f399-for-git_oc-mr1-release-4269864 snap-temp-L25700000092502312
Change-Id: Id98067953ca0ac14a01276b2387aeaa6a7dfdef8
-rw-r--r-- | update_verifier/update_verifier.cpp | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp index ceb3ec94..faebbede 100644 --- a/update_verifier/update_verifier.cpp +++ b/update_verifier/update_verifier.cpp | |||
@@ -272,23 +272,36 @@ int update_verifier(int argc, char** argv) { | |||
272 | // The current slot has not booted successfully. | 272 | // The current slot has not booted successfully. |
273 | 273 | ||
274 | #if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE) | 274 | #if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE) |
275 | bool skip_verification = false; | ||
275 | std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", ""); | 276 | std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", ""); |
276 | if (verity_mode.empty()) { | 277 | if (verity_mode.empty()) { |
278 | // With AVB it's possible to disable verification entirely and | ||
279 | // in this case ro.boot.veritymode is empty. | ||
280 | #if defined(BOARD_AVB_ENABLE) | ||
281 | LOG(WARNING) << "verification has been disabled; marking without verification."; | ||
282 | skip_verification = true; | ||
283 | #else | ||
277 | LOG(ERROR) << "Failed to get dm-verity mode."; | 284 | LOG(ERROR) << "Failed to get dm-verity mode."; |
278 | return reboot_device(); | 285 | return reboot_device(); |
286 | #endif | ||
279 | } else if (android::base::EqualsIgnoreCase(verity_mode, "eio")) { | 287 | } else if (android::base::EqualsIgnoreCase(verity_mode, "eio")) { |
280 | // We shouldn't see verity in EIO mode if the current slot hasn't booted successfully before. | 288 | // We shouldn't see verity in EIO mode if the current slot hasn't booted successfully before. |
281 | // Continue the verification until we fail to read some blocks. | 289 | // Continue the verification until we fail to read some blocks. |
282 | LOG(WARNING) << "Found dm-verity in EIO mode."; | 290 | LOG(WARNING) << "Found dm-verity in EIO mode."; |
291 | } else if (android::base::EqualsIgnoreCase(verity_mode, "disabled")) { | ||
292 | LOG(WARNING) << "dm-verity in disabled mode; marking without verification."; | ||
293 | skip_verification = true; | ||
283 | } else if (verity_mode != "enforcing") { | 294 | } else if (verity_mode != "enforcing") { |
284 | LOG(ERROR) << "Unexpected dm-verity mode : " << verity_mode << ", expecting enforcing."; | 295 | LOG(ERROR) << "Unexpected dm-verity mode : " << verity_mode << ", expecting enforcing."; |
285 | return reboot_device(); | 296 | return reboot_device(); |
286 | } | 297 | } |
287 | 298 | ||
288 | static constexpr auto CARE_MAP_FILE = "/data/ota_package/care_map.txt"; | 299 | if (!skip_verification) { |
289 | if (!verify_image(CARE_MAP_FILE)) { | 300 | static constexpr auto CARE_MAP_FILE = "/data/ota_package/care_map.txt"; |
290 | LOG(ERROR) << "Failed to verify all blocks in care map file."; | 301 | if (!verify_image(CARE_MAP_FILE)) { |
291 | return reboot_device(); | 302 | LOG(ERROR) << "Failed to verify all blocks in care map file."; |
303 | return reboot_device(); | ||
304 | } | ||
292 | } | 305 | } |
293 | #else | 306 | #else |
294 | LOG(WARNING) << "dm-verity not enabled; marking without verification."; | 307 | LOG(WARNING) << "dm-verity not enabled; marking without verification."; |