aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorandroid-build-team Robot2017-08-13 02:34:31 -0500
committerandroid-build-team Robot2017-08-13 02:34:31 -0500
commit52f0e206e2da41ece5159e6a21bba876430b6dc2 (patch)
tree66a7aacf3860945b828db046d57f4aed567547aa
parente6dd71bcdb24fb57431d60008fe82442259a6b44 (diff)
parent9cf2e9798fc4aa41df866fd4a1062199f98be26f (diff)
downloadplatform-bootable-recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.tar.gz
platform-bootable-recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.tar.xz
platform-bootable-recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.zip
release-request-68cc9b2a-98ae-4fbf-8b56-3e535855f399-for-git_oc-mr1-release-4269864 snap-temp-L25700000092502312
Change-Id: Id98067953ca0ac14a01276b2387aeaa6a7dfdef8
Diffstat
-rw-r--r--update_verifier/update_verifier.cpp21
1 files changed, 17 insertions, 4 deletions
diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp
index ceb3ec94..faebbede 100644
--- a/update_verifier/update_verifier.cpp
+++ b/update_verifier/update_verifier.cpp
@@ -272,23 +272,36 @@ int update_verifier(int argc, char** argv) {
272 // The current slot has not booted successfully. 272 // The current slot has not booted successfully.
273 273
274#if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE) 274#if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE)
275 bool skip_verification = false;
275 std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", ""); 276 std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", "");
276 if (verity_mode.empty()) { 277 if (verity_mode.empty()) {
278 // With AVB it's possible to disable verification entirely and
279 // in this case ro.boot.veritymode is empty.
280#if defined(BOARD_AVB_ENABLE)
281 LOG(WARNING) << "verification has been disabled; marking without verification.";
282 skip_verification = true;
283#else
277 LOG(ERROR) << "Failed to get dm-verity mode."; 284 LOG(ERROR) << "Failed to get dm-verity mode.";
278 return reboot_device(); 285 return reboot_device();
286#endif
279 } else if (android::base::EqualsIgnoreCase(verity_mode, "eio")) { 287 } else if (android::base::EqualsIgnoreCase(verity_mode, "eio")) {
280 // We shouldn't see verity in EIO mode if the current slot hasn't booted successfully before. 288 // We shouldn't see verity in EIO mode if the current slot hasn't booted successfully before.
281 // Continue the verification until we fail to read some blocks. 289 // Continue the verification until we fail to read some blocks.
282 LOG(WARNING) << "Found dm-verity in EIO mode."; 290 LOG(WARNING) << "Found dm-verity in EIO mode.";
291 } else if (android::base::EqualsIgnoreCase(verity_mode, "disabled")) {
292 LOG(WARNING) << "dm-verity in disabled mode; marking without verification.";
293 skip_verification = true;
283 } else if (verity_mode != "enforcing") { 294 } else if (verity_mode != "enforcing") {
284 LOG(ERROR) << "Unexpected dm-verity mode : " << verity_mode << ", expecting enforcing."; 295 LOG(ERROR) << "Unexpected dm-verity mode : " << verity_mode << ", expecting enforcing.";
285 return reboot_device(); 296 return reboot_device();
286 } 297 }
287 298
288 static constexpr auto CARE_MAP_FILE = "/data/ota_package/care_map.txt"; 299 if (!skip_verification) {
289 if (!verify_image(CARE_MAP_FILE)) { 300 static constexpr auto CARE_MAP_FILE = "/data/ota_package/care_map.txt";
290 LOG(ERROR) << "Failed to verify all blocks in care map file."; 301 if (!verify_image(CARE_MAP_FILE)) {
291 return reboot_device(); 302 LOG(ERROR) << "Failed to verify all blocks in care map file.";
303 return reboot_device();
304 }
292 } 305 }
293#else 306#else
294 LOG(WARNING) << "dm-verity not enabled; marking without verification."; 307 LOG(WARNING) << "dm-verity not enabled; marking without verification.";
generated by cgit v1.2.3 (git 2.39.2)