fs_mgr_avb: allow verification error when the device is unlocked - android/platform-system-core - Stable Android distribution for TI processors; Supported SoCs: Jacinto (DRA7xx, J721E), Sitara (AM43xx, AM57xx, AM65x) - fork of https://android.googlesource.com/platform/system/core/.

diff options

author	Bowgo Tsai	2017-05-05 06:11:25 -0500
committer	Bowgo Tsai	2017-05-05 20:02:25 -0500
commit	a0aaf24d628eaf5675ba505afa021f475deac22c (patch)
tree	ba429a6cf9eacb62f6c629f9b2797afc9254e2bb /libappfuse/FuseBuffer.cc
parent	886b1b45d5087bff491091856fc3e57ca6f4e82f (diff)
download	platform-system-core-a0aaf24d628eaf5675ba505afa021f475deac22c.tar.gz platform-system-core-a0aaf24d628eaf5675ba505afa021f475deac22c.tar.xz platform-system-core-a0aaf24d628eaf5675ba505afa021f475deac22c.zip

fs_mgr_avb: allow verification error when the device is unlocked

Current AVB flow in fs_mgr doesn't allow verification error even if the device is unlocked. This makes first stage mount fail when the device is flashed with a different-sized boot.img because there is verification error (HASH_MISMATCH) for the boot partition. Fix this by allowing verification error only when the device is unlocked. Whether to enable dm-verity for HASHTREE partitions is still controlled by the HASHTREE_DISABLED flag in the top-level vbmeta. Bug: 37985430 Test: First stage mount /vendor with AVB on a device. Check dm-verity is enabled on /vendor. Test: Unlock device, flash a different-sized boot.img. Boot device and check dm-verity is still enabled on /vendor. Test: First stage mount /vendor with AVB on a device with HASHTREE_DISABLED is set on the top-level vbmeta, check dm-verity is not enable on /vendor. Change-Id: I709431bc1c37e4f86133d171cee8e90621cdb857 Merged-In: I709431bc1c37e4f86133d171cee8e90621cdb857 (cherry picked from commit 11409548776bbbbd77c5a02f93394e43c140559c)

Diffstat (limited to 'libappfuse/FuseBuffer.cc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: