diff options
author | Bowgo Tsai | 2017-05-05 06:11:25 -0500 |
---|---|---|
committer | Bowgo Tsai | 2017-05-05 20:02:25 -0500 |
commit | a0aaf24d628eaf5675ba505afa021f475deac22c (patch) | |
tree | ba429a6cf9eacb62f6c629f9b2797afc9254e2bb /libappfuse/FuseBuffer.cc | |
parent | 886b1b45d5087bff491091856fc3e57ca6f4e82f (diff) | |
download | platform-system-core-a0aaf24d628eaf5675ba505afa021f475deac22c.tar.gz platform-system-core-a0aaf24d628eaf5675ba505afa021f475deac22c.tar.xz platform-system-core-a0aaf24d628eaf5675ba505afa021f475deac22c.zip |
fs_mgr_avb: allow verification error when the device is unlocked
Current AVB flow in fs_mgr doesn't allow verification error even if the
device is unlocked. This makes first stage mount fail when the device
is flashed with a different-sized boot.img because there is verification
error (HASH_MISMATCH) for the boot partition.
Fix this by allowing verification error only when the device is
unlocked. Whether to enable dm-verity for HASHTREE partitions is still
controlled by the HASHTREE_DISABLED flag in the top-level vbmeta.
Bug: 37985430
Test: First stage mount /vendor with AVB on a device.
Check dm-verity is enabled on /vendor.
Test: Unlock device, flash a different-sized boot.img. Boot device and check
dm-verity is still enabled on /vendor.
Test: First stage mount /vendor with AVB on a device with HASHTREE_DISABLED
is set on the top-level vbmeta, check dm-verity is not enable on /vendor.
Change-Id: I709431bc1c37e4f86133d171cee8e90621cdb857
Merged-In: I709431bc1c37e4f86133d171cee8e90621cdb857
(cherry picked from commit 11409548776bbbbd77c5a02f93394e43c140559c)
Diffstat (limited to 'libappfuse/FuseBuffer.cc')
0 files changed, 0 insertions, 0 deletions