)]}' { "log": [ { "commit": "7b769bc5b16f137c6a516e6d484ece892af9ce52", "tree": "a2789f0432f83ef8b88803a77dc8d3907d1e0626", "parents": [ "c3a7391c947757b1eea6ff6d485e468f7822c7ec" ], "author": { "name": "David Anderson", "email": "dvander@google.com", "time": "Thu Dec 08 09:49:54 2022 -0800" }, "committer": { "name": "David Anderson", "email": "dvander@google.com", "time": "Thu Dec 08 16:23:45 2022 -0800" }, "message": "Populate the dm table of the early userdata device.\n\nDM_DEV_CREATE no longer creates sysfs nodes as of Linux kernel 5.15. It\nis now necessary to DM_TABLE_LOAD as well.\n\nBug: 259328366\nTest: userdata mounts\nChange-Id: I0f88afdf95a97d44eb365e4302bbfdc7c28c0bcb\n" }, { "commit": "f6151b434ce259d79496242635654856797bc4c1", "tree": "e265f81113578e0413e573acd22012b8c75bfe0e", "parents": [ "3712b8de010853b68673b34de24eb6a7fe697983" ], "author": { "name": "Jaegeuk Kim", "email": "jaegeuk@google.com", "time": "Tue Dec 15 09:02:29 2020 -0800" }, "committer": { "name": "Jaegeuk Kim", "email": "jaegeuk@google.com", "time": "Tue Jun 07 18:43:54 2022 -0700" }, "message": "Support zoned device with dm-default-key\n\nNote that, encrypt_inplace cannot support zoned device, since it\ndoesn\u0027t support in-place updates. And, dm-default-key will have\na different key.\n\nBug: 172378121\nSigned-off-by: Jaegeuk Kim \u003cjaegeuk@google.com\u003e\nChange-Id: I34cb1e747e0f3faa07c5a4bfeded11fb789a033c\n" }, { "commit": "41d78435131e67ab6af767a81eabd98a6da3bb2c", "tree": "efffe1c66d19575fbe438adeea4f29a9a888a3b3", "parents": [ "f14f8627bb30ea7d656f8a55c2aa4b3aedc48b80" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Mar 17 23:18:18 2022 +0000" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Mar 17 23:21:16 2022 +0000" }, "message": "Rename FstabEntry::metadata_encryption to metadata_encryption_options\n\nThere have been two bugs where people use !metadata_encryption.empty()\nto check whether metadata encryption is enabled. It should actually be\n!metadata_key_dir.empty(), since \u0027metadata_encryption\u0027 is the encryption\noptions, which can be empty if the defaults are sufficient.\n\nRename the field in FstabEntry appropriately.\n\nTo avoid breaking fstab files, don\u0027t rename the flag in the fstab file\nitself. So, now the fstab flags map to FstabEntry fields as follows:\n\n keydirectory \u003d\u003e metadata_key_dir\n metadata_encryption \u003d\u003e metadata_encryption_options\n\nChange-Id: I3b5e28c273950bcf13bfd433aaaa49d1e92e177c\n" }, { "commit": "640a1a9f43880085f2ddbf90b44ec24890fd2175", "tree": "e90c302a1a2a89af22fbb8046114e84b8dd4fd1f", "parents": [ "1e1bade6ff9ccaa1445d9e834e1974c36db47524" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Wed Mar 09 20:39:04 2022 +0000" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Wed Mar 09 21:03:52 2022 +0000" }, "message": "Remove progress property support from encrypt_inplace()\n\nNow that FDE support has been removed, encrypt_inplace() is only used by\nmetadata encryption, which passes false for the set_progress_properties\nparameter. Therefore, remove the set_progress_properties parameter and\nthe associated code to update the \"vold.encrypt_inplace\" and\n\"vold.encrypt_time_remaining\" system properties.\n\nNote that encrypt_inplace() still keeps track of its progress to some\nextent, for the purpose of printing log messages; that hasn\u0027t changed.\n\nBug: 208476087\nChange-Id: If695db1c4e23f568ff865bccc9fc1b98148815be\n" }, { "commit": "b910e7e3252081033edb0a51c927a49aa99063f9", "tree": "78d4c3c6649980f48c47a106a27087535ab6848d", "parents": [ "235d1d65f8d91ade54251f8132b06414f140054a" ], "author": { "name": "Will McVicker", "email": "willmcvicker@google.com", "time": "Thu Dec 23 12:23:39 2021 -0800" }, "committer": { "name": "William McVicker", "email": "willmcvicker@google.com", "time": "Thu Dec 23 20:36:44 2021 +0000" }, "message": "MetadataCrypt: fix timeout due to missing userdata dm device\n\nWe need to load the partition table before we can wait on the userdata\ndm device because the kernel (as of [1] doesn\u0027t send the KOBJ_ADD uevent\nuntil after the partition table is loaded. The new flow needs to be:\n\n CreateDevice() -\u003e ioctl(DM_DEV_CREATE)\n LoadTableAndActivate() -\u003e ioctl(DM_TABLE_LOAD)\n WaitForDevice()\n\nThis patch updates create_crypto_blk_dev() to first call\nLoadTableAndActivate() before WaitForDevice().\n\n[1] https://lore.kernel.org/all/20210804094147.459763-8-hch@lst.de/\n\nFixes: 156d9d229378 (\"Pre-create userdata metadata encryption device.\")\nBug: 210737958\nTest: manually test booting raven with android13-5.15\nChange-Id: Iab2214a62d44ba7e53b57f2cf0f08ac06c77b4fd\n" }, { "commit": "e179157dc543cb4b94479fe069c8c7b2228ed71c", "tree": "cdc3820070df7ae858fb38d67b77af7b46c7c2f9", "parents": [ "2a89e7c5778c77d9a01812fb6f9e0ad733ba99d5" ], "author": { "name": "David Anderson", "email": "dvander@google.com", "time": "Fri Nov 05 18:57:49 2021 -0700" }, "committer": { "name": "David Anderson", "email": "dvander@google.com", "time": "Mon Nov 08 13:22:53 2021 -0800" }, "message": "Improve vold logging.\n\nThis patch adds more error logging to mountFstab. In a few cases, the\nwere error paths with no existing error logs. In other cases, the log\nmessages are there to help understand error flow in logs (for example\nwhen a function with lots of error paths returns false).\n\nBug: 205314634\nTest: treehugger builds\nChange-Id: I464edc6e74ea0d7419ee9d9b75fd238752c13f4f\n" }, { "commit": "eb3182f0407fe0628d0da3716ae94dda680d97f8", "tree": "6b6ec6420eb5dc390e4d28bdeb3c7cd199509b4d", "parents": [ "d718c8c577e00f633dd7b56254d8bb19f3404cd5", "156d9d2293780c7b5331915fec4bc4727252c838" ], "author": { "name": "David Anderson", "email": "dvander@google.com", "time": "Mon Sep 27 20:01:24 2021 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Mon Sep 27 20:01:24 2021 +0000" }, "message": "Merge \"Pre-create userdata metadata encryption device.\"" }, { "commit": "156d9d2293780c7b5331915fec4bc4727252c838", "tree": "d928b571c59a0a9b49a3745fa7cd17264a16eb4a", "parents": [ "8bd25f8e74e68983a8dc0ecd2fb105d4057d0cde" ], "author": { "name": "David Anderson", "email": "dvander@google.com", "time": "Tue Sep 21 17:21:57 2021 -0700" }, "committer": { "name": "David Anderson", "email": "dvander@google.com", "time": "Tue Sep 21 17:25:33 2021 -0700" }, "message": "Pre-create userdata metadata encryption device.\n\nCreateDevice() implicitly calls WaitForDevice(), which can impact boot\ntime if there are many uevents waiting to be processed. To alleviate\nthis, create an empty \"userdata\" device when vold starts (if metada\nencryption is enabled). When it comes time to actually enable metadata\nencryption, the device can be re-used and the subsequent Wait should be\nmuch faster.\n\nBug: 198405417\nTest: manual test; device boots\nChange-Id: Iaacd10858272f17353475e25075ea1dda13f8fc4\n" }, { "commit": "cbc1bdba591589f37a0cad306ddafe4b3d7ad72a", "tree": "af674125217e3ec38e250e708ae9670f63c76273", "parents": [ "530329222f6dbba08e5ba7e7fada272912113227" ], "author": { "name": "Howard Chen", "email": "howardsoc@google.com", "time": "Tue Sep 14 14:40:59 2021 +0800" }, "committer": { "name": "Howard Chen", "email": "howardsoc@google.com", "time": "Wed Sep 15 01:59:59 2021 +0000" }, "message": "Make the deleteAllKey feature aware of the DSU mode\n\nCurrently, the vold detects the factory reset by checking the\nmetadata encryption key. This logic is only valid when the\ndevice is not in DSU mode.\n\nBug: 199222795\nTest: run DSU installation on a Pixel device\nChange-Id: Ib40bd44d2ef7c872eba177c9ccfefac8934a49e6\n" }, { "commit": "1e6a5f51065173224700d551693867bd33c7e5b9", "tree": "362e38f825c38ecbaba31000ea0060f6a854b308", "parents": [ "85705f6c86e3598a1b1f3e09f6b0a2d8f4247751" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Aug 06 15:16:10 2021 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Aug 11 10:29:59 2021 -0700" }, "message": "Detect factory reset and deleteAllKeys\n\nWhere metadata encryption is enabled, if there is no metadata encryption\nkey present and we are generating one anew, then there has been a\nfactory reset, and this is the first key to be generated. We then call\ndeleteAllKeys to ensure data from before the factory reset is securely\ndeleted.\n\nThis shouldn\u0027t really be necessary; the factory reset call itself\nshould be doing this. However there are currently three factory reset\npaths (settings, recovery, fastboot -w) and it is not clear that all\nthree are doing this correctly on all devices. Obviously an attacker\ncan prevent this code from being run by running a version of the OS\nthat does not include this change; however, if the bootloader is\nlocked, then keys will be version bound such that they will only work\non locked devices with a sufficiently recent version of the OS. If\nevery sufficiently recent signed version of the OS includes this change\nthe attack is defeated.\n\nBug: 187105270\nTest: booted Cuttlefish twice, checked logs\nChange-Id: I9c5c547140e8b1bbffb9c1d215f75251f0f1354e\n" }, { "commit": "17e1a0919db745548f7063d4cc326653a499ce2d", "tree": "3c07dda98cf83b139042cc88df34d376cf818bab", "parents": [ "ec78a9458663838c16d780edba068b4847240839", "f4430387d2c4dad215ad23ee0e95024badab6d5c" ], "author": { "name": "Treehugger Robot", "email": "treehugger-gerrit@google.com", "time": "Wed Jun 16 09:56:52 2021 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Wed Jun 16 09:56:52 2021 +0000" }, "message": "Merge \"No using inside header files\"" }, { "commit": "f4430387d2c4dad215ad23ee0e95024badab6d5c", "tree": "ed544e0446f6f9e6e6402218c0ac4360120dce7b", "parents": [ "12e48a85fbdcaf04cb67234244b62ff554b13889" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Sun Apr 05 19:34:31 2020 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jun 15 15:20:44 2021 -0700" }, "message": "No using inside header files\n\nI thought it was OK to use \"using\" in a header file so long as it was\ninside a \"namespace\" block, but it just imports symbols from one\nnamespace into another, so things that shouldn\u0027t work do.\n\nTest: Treehugger\nChange-Id: I4d43d35339636af7e95761cada7120b4db638c01\n" }, { "commit": "d86a8abec7afecaf58795a6ef5a8e2f81cafdcce", "tree": "90c5e5f033cd8a5ce6dbb0ba4e51e6a603616b80", "parents": [ "e33bd41f495dbf4a0d92158390c9955ffe2de1b6" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Jun 15 11:34:00 2021 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Jun 15 12:07:15 2021 -0700" }, "message": "Replace most references to Keymaster with Keystore\n\nNow that vold uses Keystore2 rather than the Keymaster HAL directly, and\nalso the new version of Keymaster is called \"KeyMint\" instead, replace\nmost of the references to Keymaster in vold with Keystore.\n\n(I decided not to include the \"2\" in most places, as it seemed\nunnecessarily precise in most places, and it would be something that\nmight need to keep being updated. Only Keystore.{cpp,h} really need to\ncare about the version number.)\n\nI didn\u0027t rename many things in cryptfs.cpp, as that file will be going\naway soon anyway. I also left \"wait_for_keymaster\" and \"vdc keymaster\nearlyBootEnded\" as-is for now, as those are referenced outside vold.\n\nBug: 183669495\nChange-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8\n" }, { "commit": "fec0c0e47233d57996a37c92fa3e227e67e79465", "tree": "a6949f28139885ee86e777beb258c14c8df41e0b", "parents": [ "3345a2a98c2867bb8c34b8a22a6cd2a1d35aeea8" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Feb 16 15:59:17 2021 -0800" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Feb 16 16:18:53 2021 -0800" }, "message": "Add syncs when creating parent directories\n\nvold creates some directories for storing encryption keys if they don\u0027t\nalready exist, potentially including parent directories:\n\n /metadata/vold/metadata_encryption\n /data/misc/vold/volume_keys/$volume_uuid\n /data/misc_de/$user/vold/volume_keys/$volume_uuid\n /data/misc_ce/$user/vold/volume_keys/$volume_uuid\n\nCurrently fs_mkdirs() is used for this. However, fs_mkdirs() doesn\u0027t\ninclude the fsync()s of the parent directories that are needed to ensure\nthat the new directories are persisted to disk right away -- which is\nimportant for encryption keys.\n\nAdd a utility function MkdirsSync() which does what is needed, and make\nthe appropriate places call it.\n\nTest: Booted and checked log for \"Created directory\" message.\n Also ran \u0027atest vold_tests\u0027 to run the new unit test.\nChange-Id: Ie9917b616433080139b8db3fd6877203ee6faf77\n" }, { "commit": "0c52c7125f02d77d428307e5c3f8a445e6fbaecf", "tree": "d4fdeb09c18033a46768e5bd4631958cffa7629b", "parents": [ "168893621b5216ff3cecbdd294bea82d8e6cdf7a" ], "author": { "name": "Jaegeuk Kim", "email": "jaegeuk@google.com", "time": "Tue Dec 15 09:00:49 2020 -0800" }, "committer": { "name": "Jaegeuk Kim", "email": "jaegeuk@google.com", "time": "Tue Dec 22 11:28:50 2020 -0800" }, "message": "Let vold format the encrypted partition\n\nBug: 172378121\nSigned-off-by: Jaegeuk Kim \u003cjaegeuk@google.com\u003e\nChange-Id: I03997eb4cbf25a80e36ea738c50e0adb7f4013dd\n" }, { "commit": "eed957f6a411acafd7f60b514874930e4d674ae6", "tree": "625b4ecf0c744dedcfc2209b2438ac28bd6e6569", "parents": [ "d5de2f22b70cbc97b40bb350f362518b58d3a1bf" ], "author": { "name": "Martijn Coenen", "email": "maco@google.com", "time": "Thu Nov 12 10:59:13 2020 +0100" }, "committer": { "name": "Martijn Coenen", "email": "maco@google.com", "time": "Thu Nov 12 11:03:27 2020 +0100" }, "message": "Call earlyBootEnded from vdc.\n\nThis allows us to determine the place where early boot ends from init.\nIt also allows fixing a bug where early boot wasn\u0027t ended previously on\ndevices without metadata encryption.\n\nBug: 168585635\nBug: 173005594\nTest: inspect logs\nChange-Id: I78775672a7d3c140e007235a10fb1d1bc816fcee\n" }, { "commit": "f74373b17758886ba2880fc1ed838689e2022467", "tree": "97f6cf28e280832680ba2095d95c7ceab3a87f97", "parents": [ "e244a15f34ae2e85e3f5b40be0bf252e37eab56b" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Nov 05 19:58:26 2020 -0800" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Nov 05 19:58:26 2020 -0800" }, "message": "KeyStorage: rework key upgrade handling\n\nRemove the error-prone \u0027keepOld\u0027 parameter, and instead make begin()\n(renamed to BeginKeymasterOp()) do all the key upgrade handling.\n\nDon\u0027t handle /data and /metadata differently anymore. Previously, when\na checkpoint is active, key blob files were replaced on /data\nimmediately; only the actual Keymaster key deletion was delayed until\ncheckpoint commit. But it\u0027s easier to just delay the key blob file\nreplacement too, as we have to implement that for /metadata anyway.\n\nAlso be more vigilant about deleting any leftover upgraded keys.\n\nTest: Tested on bramble using an OTA rvc-d1-release \u003d\u003e master. In OTA\n success case, verified via logcat that the keys were upgraded and\n then were committed after the boot succeeded. In OTA failure\n case, verified that the device still boots -- i.e., the old keys\n weren\u0027t lost. Verified that in either case, no\n keymaster_key_blob_upgraded files were left over. Finally, also\n tried \u0027pm create-user\u0027 and \u0027pm remove-user\u0027 and verified via\n logcat that the Keymaster keys still get deleted.\nChange-Id: Ic9c3e63e0bcae0c608fc79050ca4a1676b3852ee\n" }, { "commit": "f038c5f5e18f9ebcc6bddcff2bc75abdd4aa7bc8", "tree": "656c1179d649fe41672fcd65ed0e02e667ac653a", "parents": [ "7e70d6939d848e6c9000444d162ff6e907ae4534" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Nov 03 14:11:02 2020 -0800" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Nov 03 14:16:32 2020 -0800" }, "message": "Refactor EncryptInplace.cpp\n\nRefactor EncryptInplace.cpp to simplify and improve it a lot. This is\neverything that didn\u0027t fit into prior commits, including:\n\n- Share a lot more code between ext4, f2fs, and full encryption.\n\n- Improve the log messages. Most importantly, don\u0027t spam the log with\n huge numbers of messages, and don\u0027t log errors in expected cases.\n Note: generate_f2fs_info() is still too noisy, but that\u0027s part of\n \"system/extras\", not vold, so this change doesn\u0027t change that.\n\n- When possible, do 32K reads/writes for f2fs and for full encryption,\n not just for ext4. This might improve performance.\n\n- Take advantage of C++ functionality.\n\n- Be more careful about edge cases. E.g. if the calculation of the\n number of blocks to encrypt was wrong, don\u0027t set vold.encrypt_progress\n to \u003e 99 until we\u0027re actually done.\n\nThe net change is over 200 lines removed.\n\nBefore-after comparison of log when enabling metadata encryption:\n\next4 before:\n I vold : Beginning inplace encryption, nr_sec: 16777216\n D vold : cryptfs_enable_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, 0)\n D vold : Opening/dev/block/by-name/userdata\n D vold : Opening/dev/block/dm-8\n I vold : Encrypting ext4 filesystem in place...\n [omitted 6387 log messages]\n I vold : Encrypted to sector 822084608\n D vold : cryptfs_enable_inplace_ext4 success\n I vold : Inplace encryption complete\n\next4 after:\n D vold : encrypt_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, false)\n D vold : ext4 filesystem has 64 block groups\n I vold : Encrypting ext4 filesystem on /dev/block/by-name/userdata in-place via /dev/block/dm-8\n I vold : 50327 blocks (206 MB) of 2097152 blocks are in-use\n D vold : Encrypted 10000 of 50327 blocks\n D vold : Encrypted 20000 of 50327 blocks\n D vold : Encrypted 30000 of 50327 blocks\n D vold : Encrypted 40000 of 50327 blocks\n D vold : Encrypted 50000 of 50327 blocks\n D vold : Encrypted 50327 of 50327 blocks\n I vold : Successfully encrypted ext4 filesystem on /dev/block/by-name/userdata\n\nf2fs before:\n I vold : Beginning inplace encryption, nr_sec: 16777216\n D vold : cryptfs_enable_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, 0)\n D vold : Opening/dev/block/by-name/userdata\n D vold : Opening/dev/block/dm-8\n E vold : Reading ext4 extent caused an exception\n D vold : cryptfs_enable_inplace_ext4()\u003d-1\n [omitted logspam from f2fs_sparseblock]\n I vold : Encrypting from block 0\n I vold : Encrypted to block 15872\n I vold : Encrypting from block 16384\n I vold : Encrypted to block 16385\n I vold : Encrypting from block 17408\n I vold : Encrypted to block 17412\n D vold : cryptfs_enable_inplace_f2fs success\n I vold : Inplace encryption complete\n\nf2fs after:\n D vold : encrypt_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, false)\n [omitted logspam from f2fs_sparseblock]\n I vold : Encrypting f2fs filesystem on /dev/block/by-name/userdata in-place via /dev/block/dm-8\n I vold : 15880 blocks (65 MB) of 2097152 blocks are in-use\n D vold : Encrypted 10000 of 15880 blocks\n D vold : Encrypted 15880 of 15880 blocks\n I vold : Successfully encrypted f2fs filesystem on /dev/block/by-name/userdata\n\nTest: Booted Cuttlefish with metadata encryption enabled and with the\n userdata filesystem using (1) ext4, (2) f2fs, and (3) f2fs but\n with EncryptInplace.cpp patched to not recognize the filesystem\n and fall back to the \"full\" encryption case. Checked that the log\n messages were as expected and that /data was mounted.\n\n I\u0027ve had no luck testing FDE yet; it doesn\u0027t work even without\n these changes. Suggestions appreciated...\n\nChange-Id: I08fc8465f7962abd698904b5466f3ed080d53953\n" }, { "commit": "c01995ea3bfe357e8e85d3fe946014f675a0683f", "tree": "21f0762ed34b339e2339329a40d329956e56bae2", "parents": [ "27f3ab89d0c98a8f23788a54a7c6d040d46c6db4" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Nov 03 14:11:00 2020 -0800" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Nov 03 14:11:00 2020 -0800" }, "message": "Remove unused support for partial encryption\n\nCommit 87999173dd79 (\"Don\u0027t corrupt ssd when encrypting and power\nfails\") added a lot of code to handle pausing in-place conversion from\nunencrypted \u003d\u003e FDE when the battery was low, and resuming it later.\n\nIt was eventually decided that this wasn\u0027t needed, and commit\n7e17e2d22678 (\"Don\u0027t worry about battery levels when encrypting\")\nremoved the checks for low battery.\n\nThis made the partial encryption code unused. So remove it.\n\nNote that this was cluttering up the metadata encryption code too, since\nEncryptInplace.cpp is now shared by both FDE and metadata encryption.\n\nBug: 16868177\nTest: see I08fc8465f7962abd698904b5466f3ed080d53953\nChange-Id: Ibd2eb08a2aa15938097abcb8a67b5a813c4d76c7\n" }, { "commit": "cb581cc8de8f5939d8fba6d333defa3cb5189c4d", "tree": "e86f5af6180cce2ca97cfd0ee01ed95c1a0c9f6e", "parents": [ "739ca2c2980014e2131bd6494fe1551f2ae8ed81", "0af25a3a9857b20f652e96660758632277062c65" ], "author": { "name": "Yo Chiang", "email": "yochiang@google.com", "time": "Mon Oct 26 05:27:36 2020 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Mon Oct 26 05:27:36 2020 +0000" }, "message": "Merge \"Add IVold::destroyDsuMetadataKey()\"" }, { "commit": "836b51bf26a6500e384d73cde379b2def3b1e07c", "tree": "81c2e88c700534bc409eb0ef03d63464ab2c3c65", "parents": [ "e9023dc7bb621e4edd5b02cdf58f98579ebcd8f7" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Oct 15 14:39:34 2020 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Oct 15 14:46:35 2020 -0700" }, "message": "MetadataCrypt: remove unnecessary retry loop\n\nAs per the discussion at http://aosp/1456266, the retry loop in\ncreate_crypto_blk_dev() doesn\u0027t appear to be needed. Remove it.\n\nFor now don\u0027t bother removing the same retry loop in cryptfs.cpp, since\nthe FDE code isn\u0027t really being updated anymore and eventually will be\nremoved entirely.\n\nChange-Id: Iba0b046f9cdd9723ea1a2ae70f4d4aed4355b97b\n" }, { "commit": "0af25a3a9857b20f652e96660758632277062c65", "tree": "28be8874eb403e5c32c6b9b1d0529f8d051ce1d8", "parents": [ "dd66de13ea0461e133070d2a09a7befdd576f427" ], "author": { "name": "Yo Chiang", "email": "yochiang@google.com", "time": "Wed Oct 07 14:20:00 2020 +0800" }, "committer": { "name": "Yo Chiang", "email": "yochiang@google.com", "time": "Tue Oct 13 16:00:43 2020 +0800" }, "message": "Add IVold::destroyDsuMetadataKey()\n\ndestroyDsuMetadataKey() / destroy_dsu_metadata_key() calls\nandroid::gsi::GetDsuMetadataKeyDir() to query the DSU metadata\nencryption key dir and destroy the key.\nThis releases the resource and allows consecutive DSU installations to\nuse the same key *directory*, but not the same key *blob*.\n\nBug: 168571434\nTest: 1. Install a DSU system.\n 2. Boot the DSU system and reboot back to the host system.\n 3. Wipe the DSU installation.\n 4. DSU metadata key dir /metadata/vold/metadata_encryption/dsu/dsu is\n destroyed.\nChange-Id: Ib851177315a5a266807f46ccfd446de1848232cf\n" }, { "commit": "e0c38eba262a9c92dc5579b11ed446e7097f16f8", "tree": "fe1a60d33500e7048d251ac96f415d2fbd5866e3", "parents": [ "dd66de13ea0461e133070d2a09a7befdd576f427" ], "author": { "name": "Martijn Coenen", "email": "maco@google.com", "time": "Mon Oct 12 13:26:52 2020 +0200" }, "committer": { "name": "Martijn Coenen", "email": "maco@google.com", "time": "Mon Oct 12 16:59:50 2020 +0200" }, "message": "Use dm.CreateDevice() with a timeout.\n\nUsing the regular CreateDevice() variant with getDmDeviceByName() has a\nrace-condition that is documented in libdm/dm.h; instead, use the\nvariant with a timeout, which guarantees that the block device exists\nwhen it returns.\n\nTest: atest AdoptableHostTest\nBug: 150935323\nChange-Id: Ic06cad9af7c44e23359d95b262f68dba27ddfb3a\n" }, { "commit": "72d07130acc866a23c505d4bb1bc8653061ab0c6", "tree": "12877fa8fb09b4b27e1a569552d856952a91b8e2", "parents": [ "213dbe30a1b0cfaa45c4a5cef141b96e6ffce3b1" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Mon Aug 10 10:55:56 2020 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Mon Aug 10 11:45:08 2020 -0700" }, "message": "vold: use __ANDROID_API_Q__ instead of pre_gki_level\n\nThe name \"pre_gki_level\" is causing some confusion because not all\ndevices launching with Android R are subject to the GKI requirement.\n(See b/161563110#comment11.) E.g., devices that use a 4.14-based kernel\nare exempt from GKI. However, the encryption requirements still apply.\n\nJust use __ANDROID_API_Q__ directly instead.\n\nNo change in behavior.\n\nChange-Id: Id02ae1140845ac1ae7cf78be4e57fe34da028abf\n" }, { "commit": "1bb7e8a9289fdcf8805aaff13a5745be13b83bac", "tree": "d2e9ed4834ec9036587b5984fbc80666ba6f879d", "parents": [ "b50480bb96dc27d9da49bd7bb51f589d0957f9df", "3fe931109c213dfe057161d8e32a4be3d3c8962c" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Thu Jun 18 21:56:10 2020 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Thu Jun 18 21:56:10 2020 +0000" }, "message": "Merge \"Don\u0027t call block checkpoint functions above dm-default-key\"" }, { "commit": "3fe931109c213dfe057161d8e32a4be3d3c8962c", "tree": "2cd7b368b5a46ba39f7e1b37f994c49e9a897934", "parents": [ "deb70854536ca7a8bddb11c95c311d3b784856aa" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Jun 12 08:12:48 2020 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Jun 12 09:13:42 2020 -0700" }, "message": "Don\u0027t call block checkpoint functions above dm-default-key\n\nBug: 156225476\nTest: Build for f2fs and ext4 device, make sure checkpoints roll back\nand commit\n\nChange-Id: Ic15fadc67d306463dd0b554f679306d8f9081451\n" }, { "commit": "7fbd8d4474aae8bda674c86c08224829ed90bf5d", "tree": "7a605841ecfd8957ae39966ca90d497b35246ffd", "parents": [ "e471d11d464735f8d979aac7f1d90d1ae9d74c72" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Mar 23 08:59:12 2020 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jun 02 11:16:55 2020 -0700" }, "message": "Record use of metadata encryption in property\n\nBug: 152150018\nTest: Cuttlefish with and without keydirectory option\nCherry-Picked-From: 94abae03a97bf67bc2cd04b6a74e07ed08bf30a0\nMerged-In: I400873ec207cb63f0407fefc83962bb3a927e294\nChange-Id: I400873ec207cb63f0407fefc83962bb3a927e294\n" }, { "commit": "28eddbd2ef55ecbc9f7eb6b40b24a4b6277917c0", "tree": "b70fc9c65a2b72d705d8809163a64acf6c0c9bce", "parents": [ "479588c68ef2328ba2cbc383cc23c319fa41b584" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Wed Apr 01 10:02:16 2020 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Apr 09 15:22:43 2020 -0600" }, "message": "Send earlyBootEnded notice to all Keymasters\n\nVold incorrectly sends the earlyBootEnded signal only to the Keymaster\ninstance used for device encryption, but all of them need it.\n\nBug: 152932559\nTest: VtsHalKeymasterV4_1TargetTest\nMerged-In: Id8f01a1dc7d2398395f369c3ea74656a82888829\nChange-Id: Id8f01a1dc7d2398395f369c3ea74656a82888829\n" }, { "commit": "f56d553babc368e557fe90513e78a5ba06626b0d", "tree": "d7c572630261aa8ab4ffaa349a43553d61072d0c", "parents": [ "10a372f1d20ea59cb73a41d423b99040c56c091b" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Sun Mar 22 08:02:06 2020 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Apr 06 08:45:32 2020 -0700" }, "message": "Choose options format using property\n\nTo make it easier to support disk formats created using old versions\nof dm-default-key with new kernels, choose the disk format to use\nbased on options_format_version and first_api_version properties\ninstead of checking the version number of the kernel module.\n\nBug: 150761030\nTest: crosshatch and cuttlefish boot normally; cuttlefish\n fails with \"default-key: Not enough arguments\" as expected when\n option is set to 1\nChange-Id: Ib51071b7c316ce074de72439741087b18335048c\n" }, { "commit": "48aa90cd6b71b65c259f50645edf25b2f7fa19b4", "tree": "d226cc63b65e73b5e20b4edd9cd6d43d07211d1e", "parents": [ "deb70854536ca7a8bddb11c95c311d3b784856aa" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Mar 02 12:57:58 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Mar 02 13:52:22 2020 -0800" }, "message": "Use the blk_device supplied by vdc encryptFstab\n\nfs_mgr may put other dm devices on top of the raw disk, such as for\ncheckpointing, and it hands metadata encryption the uppermost device in\nvdc. That\u0027s what should be encrypted, not the raw disk.\n\nBug: 150354860\nTest: Treehugger\nChange-Id: I279f087b1b7aded40c5a62281154851ce970ba70\n" }, { "commit": "886e572009bd09c3f2cc59d7b0e1683d76ef303c", "tree": "41df071739359e1fa20c173b52dbc125682a1aa9", "parents": [ "312b7df62158254a89df6cbf7d1ee3b146477511" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 07 12:51:56 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Feb 18 13:01:00 2020 -0800" }, "message": "On newer devices, use dm-default-key to encrypt SD cards\n\nThe dm-crypt solution requires a kernel patch that won\u0027t be present in\nthe GKI kernel, while the new metadata encryption system in the GKI\nkernel solves this problem in a much cleaner way.\n\nTest: create private volume on Cuttlefish, setting property both ways.\nBug: 147814592\nChange-Id: Ie02bd647c38d8101af2bbc47637f65845d312cea\n" }, { "commit": "312b7df62158254a89df6cbf7d1ee3b146477511", "tree": "80de85a8b84cbfdf3332683cf8aad1ac10fde6f5", "parents": [ "249c2fb4aa970e43cde7a5e4032506c40c8e9a0e" ], "author": { "name": "Barani Muthukumaran", "email": "quic_bmuthuku@quicinc.com", "time": "Thu Feb 06 22:56:27 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Feb 18 12:51:06 2020 -0800" }, "message": "vold: Wrapped key support for metadata encryption\n\nmetadata_encryption fstab option provides details on the cipher\nand flags used for metadata encryption. wrappedkey_v0 is provided\nto dm-default-key dm device when a wrapped key is used. The\ninline encryption hardware unwraps the key and derives the\nencryption key used to encrypt metadata without returning the key\nin the clear to software.\n\nBug: 147733587\nTest: FBE with metadata encryption using wrapped keys.\nChange-Id: Ibf69bdc12bb18d2f0aef8208e65f3a8dececfd2a\n" }, { "commit": "249c2fb4aa970e43cde7a5e4032506c40c8e9a0e", "tree": "05b3775de00906a9c83b7c9a925d0d592b230d2d", "parents": [ "8e0780cba28d974bd1dc3289a8eedbbfa6a8942b" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 07 12:51:56 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Feb 18 12:49:36 2020 -0800" }, "message": "Refactor: make makeGen local\n\nNo need for KeyUtil to know how to make a KeyGeneration, it\u0027s cleaner\nif each module handles it separately. Also, create a CryptoOptions\nstructure to track metadata encryption options, and simplify legacy\ncipher/option handling.\n\nTest: Treehugger\nBug: 147814592\nChange-Id: I740063882914097329ff72348d0c0855c26c7aab\n" }, { "commit": "4eac2647277f1edf6dc69a050a51cb49f526b69e", "tree": "f3973a179d7cf718a2fe1f7434b421a9dfdf50e6", "parents": [ "7566e467ab2d604970edca9de318f3cf5642b044" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Feb 12 11:04:05 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 14 13:59:06 2020 -0800" }, "message": "Refactor key generation to handle both normal and metadata encryption.\n\nBug: 147733587\nTest: Treehugger\nChange-Id: Iee176037dec2621c84da325c2627f988fcebbc8d\nMerged-In: Iee176037dec2621c84da325c2627f988fcebbc8d\n" }, { "commit": "572c024853b8004dd771daa6a9aa7a97614a8deb", "tree": "3e83d9f3a188046ddea22a931e5fcba52ffe9596", "parents": [ "220567c33a19128b0bfa9d0136f57812ea6a13fc" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 14 01:15:35 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 14 01:15:35 2020 -0800" }, "message": "Refactor MetadataCrypt.cpp to make create_crypto_blk_dev more general\n\nBug: 147814592\nTest: Treehugger\nChange-Id: I13c6f84d729f2953f78626493d6e6d34d578a013\n" }, { "commit": "220567c33a19128b0bfa9d0136f57812ea6a13fc", "tree": "76b1720a1ed8366ccbda3176f07eb3602ce636ee", "parents": [ "a661fb659b4f94218ca4fe8909d0906749023b34" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 07 12:45:20 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 14 00:48:27 2020 -0800" }, "message": "Generalize CryptoType infrastructure\n\nMore consistency between MetadataCrypt and cryptfs, and steps towards\nsupporting Adiantum properly in MetadataCrypt.\n\nTest: create private volume on Cuttlefish\nBug: 147814592\nChange-Id: Ic3993c1fde11b4f5a9e6cc8ee588a7d92241c6ab\n" }, { "commit": "3dfb094cb26cf37e14b3bbf81e31248b913b3e41", "tree": "60c22742e4653106e93c886e2aa003c3ae0cb0c2", "parents": [ "68b9fb10ae1bf1491c8dc6d854be900e62ebc090" ], "author": { "name": "Barani Muthukumaran", "email": "quic_bmuthuku@quicinc.com", "time": "Mon Feb 03 13:06:45 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Feb 12 14:26:26 2020 -0800" }, "message": "vold: Support Storage keys for FBE\n\nTo prevent keys from being compromised if an attacker\nacquires read access to kernel memory, some inline\nencryption hardware supports protecting the keys in\nhardware without software having access to or the\nability to set the plaintext keys. Instead, software\nonly sees \"wrapped keys\", which may differ on every boot.\n\n\u0027wrappedkey_v0\u0027 fileencryption flag is used to denote\nthat the device supports inline encryption hardware that\nsupports this feature. On such devices keymaster is used\nto generate keys with STORAGE_KEY tag and export a\nper-boot ephemerally wrapped storage key to install it in\nthe kernel.\n\nThe wrapped key framework in the linux kernel ensures the\nwrapped key is provided to the inline encryption hardware\nwhere it is unwrapped and the file contents key is derived\nto encrypt contents without revealing the plaintext key in\nthe clear.\n\nTest: FBE validation with Fscrypt v2 + inline crypt + wrapped\nkey changes kernel.\n\nBug: 147733587\n\nChange-Id: I1f0de61b56534ec1df9baef075acb74bacd00758\n" }, { "commit": "2b1ff5aaab693483dc1064137e46214baf3b00a7", "tree": "b7f9f823c2cc26112ea2a26bfe8d877b3fe676a8", "parents": [ "35f0f22c9b8cb9d8672c9cc5226c9037d621da7f" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Jan 16 14:08:36 2020 -0700" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Feb 11 15:51:04 2020 -0700" }, "message": "Have vold inform keymaster that early boot ended\n\nJust before mounting partition(s) not verified by verified boot, vold\nshould notify keymaster that early boot has ended so it won\u0027t allow\nEARLY_BOOT_ONLY keys to be created or used.\n\nTest: VtsHalKeymasterV4_1TargetTest\nChange-Id: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3\nMerged-In: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3\n" }, { "commit": "84e84c5f33b2a9fc5ff361b17d23dabfd97ce2a8", "tree": "deb9ff50461c22c8300e639cef19fab6ef7f0b01", "parents": [ "92a14b6b1666e5d1313c66a451e51007c38c9a02" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Jan 29 16:09:19 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 30 17:20:27 2020 -0800" }, "message": "Set metadata cipher in fstab\n\nBug: 147814592\nTest: Cuttlefish can use adiantum\nChange-Id: I6805ae4acff4dd1ff7cecff9153dbf29e0274165\n" }, { "commit": "92a14b6b1666e5d1313c66a451e51007c38c9a02", "tree": "302e4b94ed301e62ba9a383c9e83f29ef0e8e1c2", "parents": [ "c9b92f0c1771e397fcd3d81fe19f822f63fa3217" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jan 28 10:37:39 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 30 17:20:27 2020 -0800" }, "message": "Add support for v2 of dm-default-key\n\nVersion 2 of dm-default-key has an extra parameter and always sets the\nDUN.\n\nBug: 147814592\nTest: Cuttlefish boots with keydirectory flag\nTest: Crosshatch formatted before this change boots after it\nChange-Id: I59081e385324d2e34a5f252286a97938d6ffb79b\n" }, { "commit": "c9b92f0c1771e397fcd3d81fe19f822f63fa3217", "tree": "1fdf4343f5a5a121bdce283e891211c79a2dacad", "parents": [ "fda79ddd82427f8ea848a097fb3176edb1de62a1" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 30 15:26:15 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 30 16:02:37 2020 -0800" }, "message": "Rename key_dir to metadata_key_dir and refactor\n\nBug: 147814592\nTest: Crosshatch boots\nChange-Id: I9fce0ea5da9c81c2e4e9cf97b75c1cba821adf9e\n" }, { "commit": "77df7f207dcef1f967695fca2e131097abebe28c", "tree": "489bac5ff46816eed4adf17b11cf61044b96166c", "parents": [ "432ca5af06a540f627a3b82c870b9ec099f309b7" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 23 15:29:30 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jan 28 11:17:58 2020 -0800" }, "message": "Refactor to use EncryptionPolicy everywhere we used to use raw_ref\n\nTest: Boots, no bad log messages: Cuttlefish with v2 policies, Taimen\nBug: 147733587\nChange-Id: Ice4acac3236b6b7d90e60a2f57b46814aa1949f5\n" }, { "commit": "f850e6e5648a8dad7678730d5f5c1710f410f827", "tree": "1a6c03725114905a18091b9e9413fbcb1432f150", "parents": [ "6bdfb77d8b6e448f6c4b9c8eda648aeba32238d5" ], "author": { "name": "Nikita Ioffe", "email": "ioffe@google.com", "time": "Mon Dec 09 21:19:11 2019 +0000" }, "committer": { "name": "Nikita Ioffe", "email": "ioffe@google.com", "time": "Mon Dec 09 21:19:11 2019 +0000" }, "message": "Allow fscrypt_mount_metadata_encrypted to be called more than once\n\nIn case of userspace reboot, this function will be called again to\nremount userdata into checkpoint mode.\n\nTest: adb shell setprop sys.init.userdata_remount.force_umount_f2fs 1\nTest: adb shell /system/bin/vdc checkpoint startCheckpoint 1\nTest: adb reboot userspace\nTest: adb shell dumpsys activity\nBug: 135984674\nBug: 143970043\nChange-Id: I300b1960a6c4e95b13c43d806c4f3a9e4a612ac4\n" }, { "commit": "4b140d397f8283021f9be96cf07691179c4128e6", "tree": "3dcb634e3895279cea8c1784fe37f3039f2a3608", "parents": [ "5bcfb5bf45c570e6c956bf9243fa38efae5c538f" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Wed Aug 07 15:22:57 2019 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Wed Aug 14 10:00:09 2019 -0700" }, "message": "Fix ext4/metadata/udc issue\n\nTest: Cannot test since no device supports this combo\nBug: 137924328\nChange-Id: I451c90e0826ede71876f3e4f260e7083f3ab3fdb\n" }, { "commit": "236e5e800e18a0c1720ec1044a74c2700107c60c", "tree": "311f14a8aed9ca5ab9be6351875f895ada2c122f", "parents": [ "2ebb5c5b9679a8ce96927aac55d621884834d173" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Tue Jun 25 14:44:33 2019 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Wed Jun 26 15:19:24 2019 -0700" }, "message": "Make ext4 userdata checkpoints work with metadata encryption\n\nWhen both ext4 user data checkpoints and metadata encryption are\nenabled, we are creating two stacked dm devices. This had not been\nproperly thought through or debugged.\n\nTest: Enable metadata encryption on taimen (add\nkeydirectory\u003d/metadata/vold/metadata_encryption to flags for userdata in\nfstab.hardware)\n Unfortunately metadata is not wiped by fastboot -w, so it is\n necessary to rm metadata/vold -rf whenever you wipe data.\n fastboot flashall -w works\n fastboot reboot -w works\n A normal boot works\n Disable checkpoint commits with\n setprop persist.vold.dont_commit_checkpoint 1\n vdc checkpoint startCheckpoint 10\n adb reboot\n wait for device to fully boot then\n adb reboot\n Wait for device to fully boot then\n adb logcat -d | grep Checkpoint shows the rollback in the logs\n\n This tests encryption on top of checkpoints with commit, encryption\n without checkpoints, and rollback, which seems to be the key cases.\n\nBug: 135905679\nChange-Id: I8365a40298b752af4bb10d00d9ff58ce04beab1f\n" }, { "commit": "b92247368ae8456f0ada2c14b358500b642561e0", "tree": "bc800cd569320b3d582522b24faef70f552142c6", "parents": [ "19e74b3d1fb033a4dda3e55e04239c6feb10863e" ], "author": { "name": "David Anderson", "email": "dvander@google.com", "time": "Mon May 13 13:02:54 2019 -0700" }, "committer": { "name": "David Anderson", "email": "dvander@google.com", "time": "Mon May 13 13:07:12 2019 -0700" }, "message": "Replace manual dm ioctls with libdm.\n\nThis mostly 1:1 replaces manual ioctls to device-mapper with calls to\nlibdm. There were two exceptions:\n\n(1) There is a very old table-load-retry loop to workaround issues with\n umount (b/7220345). This loop has been preserved, however, it now\n includes DM_DEV_CREATE as well as DM_TABLE_LOAD.\n(2) There was some ancient code to set DM_DEV_GEOMETRY for obb\n dm-devices. This never did anything since geometry must be set after\n loading a table. When setting it before (as vold was doing), the\n subsequent DM_TABLE_LOAD will clear it.\n\nBug: 132206403\nTest: FBE device boots\n FBE device w/ metadata encryption boots\n FDE device boots\n atest StorageManagerIntegrationTest\nChange-Id: Ib6db6b47329f093ac7084edaf604eddace8b9ac6\n" }, { "commit": "4c5bde2b9258ccd8a023acfaf47d66758d88f828", "tree": "95ecfd4a22ebdc45993b7632175a4ddfc3ce82ac", "parents": [ "eb00112e09551e1957e9e119c58005992dee720b" ], "author": { "name": "Tom Cherry", "email": "tomcherry@google.com", "time": "Tue Jan 29 14:34:01 2019 -0800" }, "committer": { "name": "Tom Cherry", "email": "tomcherry@google.com", "time": "Thu Jan 31 12:34:39 2019 -0800" }, "message": "Move over to the C++ Fstab class\n\nTest: build and boot\nChange-Id: Id3850c9c133f6644073a2439368501253a2a94a9\n" }, { "commit": "7f3ab95b8d9184114277104c29bbbd2064fe5bc5", "tree": "970aaa7f5876295b13d89623d3265eda1655a359", "parents": [ "f028d279ae5d610b99007d0c9790a3bd8f27c94f" ], "author": { "name": "LongPing Wei", "email": "weilongping@huawei.com", "time": "Wed Jan 30 16:03:14 2019 +0800" }, "committer": { "name": "LongPing Wei", "email": "weilongping@huawei.com", "time": "Wed Jan 30 16:28:02 2019 +0800" }, "message": "Remove secontext.h, secontext.cpp, hash.h\n\ncryptfs.cpp and MetadataCrypt.cpp can use android::vold::sFsckContext directly.\nhash.h is unuseful.\n\nTest: make\nChange-Id: I7acdac97d6ed1c9b2a5dc367fcea8aa2942192e8\n" }, { "commit": "8ae16db72a259c604eded3532b37f629724a13a9", "tree": "e186646052441a232c128caad9335bd7fab11f78", "parents": [ "ef9abab5ee25c700c0f8e865a64d565b40e6d7ff" ], "author": { "name": "Greg Kaiser", "email": "gkaiser@google.com", "time": "Tue Dec 18 11:10:31 2018 -0800" }, "committer": { "name": "Greg Kaiser", "email": "gkaiser@google.com", "time": "Thu Dec 20 10:38:31 2018 -0800" }, "message": "vold: Pass std::string by const reference\n\nIn a couple places, we change to pass a std::string argument\ninstead of by copy.\n\nTest: TreeHugger\nChange-Id: Ib179299a2322fcbab4e6d192051218823ad66a36\n" }, { "commit": "690d6de5bf6ccec3aa6be456dd8e2ca3c18527b6", "tree": "0df3e05b19b13885208f6460dbcd56ad78a7bdc8", "parents": [ "ffa1bb03707cb03a07ebba4970c1d8a5a70e9542" ], "author": { "name": "Daniel Rosenberg", "email": "drosen@google.com", "time": "Fri Dec 14 01:08:10 2018 -0800" }, "committer": { "name": "Daniel Rosenberg", "email": "drosen@google.com", "time": "Fri Dec 14 14:55:28 2018 -0800" }, "message": "Add Support for metadata key with rollback\n\nThis adds the ability to upgrade a key and retain the\nold one for rollback purposes. We delete the old key\nif we boot successfully and delete the new key if we\ndo not.\n\nTest: Enable checkpointing and test rolling back\n between two versions\nBug: 111020314\n\nChange-Id: I19f31a1ac06a811c0644fc956e61b5ca84e7241a\n" }, { "commit": "a701c458ca6d36604f417f55e95c63493d1545d7", "tree": "5ba25fccd5eeb6a0b467142e4623d88a4072f952", "parents": [ "0016efbc446910650cc041194621cc8f9ba04151" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Oct 23 13:06:55 2018 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Oct 25 17:12:32 2018 -0700" }, "message": "vold: rename from \"ext4 encryption\" to fscrypt\n\nWe support file-based encryption on both ext4 and f2fs now, and the\nkernel API is the same. So rename things appropriately in vold:\n\n e4crypt \u003d\u003e fscrypt\n ext4enc \u003d\u003e fscrypt\n Ext4Crypt \u003d\u003e FsCrypt\n EXT4_* \u003d\u003e FS_*\n ext4_encryption_key \u003d\u003e fscrypt_key\n\nAdditionally, the common functions shared by \u0027vold\u0027 and \u0027init\u0027 are now\nin libfscrypt rather than ext4_utils. So update vold to link to\nlibfscrypt and include the renamed headers.\n\nNote: there\u0027s a chance of \u0027fscrypt\u0027 being confused with the dm-crypt\nbased encryption code in vold which is called \u0027cryptfs\u0027. However,\nfscrypt is the name used in the kernel for ext4/f2fs/ubifs encryption,\nand it\u0027s preferable to use the same name in userspace.\n\nTest: built, booted device with f2fs encryption\nChange-Id: I2a46a49f30d9c0b73d6f6fe09e4a4904d4138ff6\n" }, { "commit": "a3381ffc3f7e9159a49d07116a52c8827f05a79e", "tree": "387ae6abec7907cba43bddfe5e9836cd0a234dde", "parents": [ "a2a227e3826712c8388fcac7fb607a26bf22ccb6", "65f99c9e8bd3a546a5dd2f3f4bad1585afbf0dc8" ], "author": { "name": "Treehugger Robot", "email": "treehugger-gerrit@google.com", "time": "Tue Sep 25 21:52:19 2018 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Tue Sep 25 21:52:19 2018 +0000" }, "message": "Merge \"Add support for checkpointing\"" }, { "commit": "625dc787c629cd04e30328a9b1cf4a8e7d6210bc", "tree": "04c9c6fea77cf09ac6e441391a703787c1a63c85", "parents": [ "15b9656ae9acfbed4af62b8cecba30c35cd514a8" ], "author": { "name": "Oleksiy Avramchenko", "email": "oleksiy.avramchenko@sony.com", "time": "Wed May 23 10:50:46 2018 +0200" }, "committer": { "name": "John Eckerdal", "email": "john.eckerdal@sony.com", "time": "Mon Sep 24 14:25:24 2018 +0200" }, "message": "Add GetBlockDevSize, GetBlockDevSectors helpers\n\nHelpers to get a block device size in bytes or 512 byte sectors,\nusing BLKGETSIZE64 and returning value of uint64_t type.\n\nThis also removes get_blkdev_size().\n\nTest: build, manual, mount exFAT volume\nBug: 80202067\nChange-Id: Ib07e8ac6ef7ff49de0ed570d1fa202e8b558b80c\n" }, { "commit": "65f99c9e8bd3a546a5dd2f3f4bad1585afbf0dc8", "tree": "d2cc8c8f1e1e4e3bbbbd8667c16f4aafee347fcb", "parents": [ "15b9656ae9acfbed4af62b8cecba30c35cd514a8" ], "author": { "name": "Daniel Rosenberg", "email": "drosen@google.com", "time": "Tue Aug 28 01:58:49 2018 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Sep 21 21:54:11 2018 +0000" }, "message": "Add support for checkpointing\n\nCheckpointing uses a combination of files on the meta partition\nand the checkpoint\u003d fs_mgr flag. Checkpointed partitions will\nrevert to their starting state on reboot unless checkpoint commit\nis called.\n\nTest: Run vdc commands, check file on metadata\nMerged-In: Icba16578608a6cbf922472e9d4ae5b8cf5f016c6\nChange-Id: Icba16578608a6cbf922472e9d4ae5b8cf5f016c6\n" }, { "commit": "14c8c0765a2968f8605c58f27dc68dcc3b6b0807", "tree": "7c7981c54cadbcb3689996815d5b89f8b4159922", "parents": [ "1251ef0bcfb82ff7aef2c4472620e6565d0c4ba6" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Sep 18 13:30:21 2018 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Sep 18 15:41:22 2018 -0700" }, "message": "clang-format many files.\n\nTest: Format-only changes; treehugger suffices.\nChange-Id: I23cde3f0bbcac13bef555d13514e922c79d5ad48\n" }, { "commit": "98a23a19d123a4714c30f8892bc971ef84b59214", "tree": "20fd9318cf7249973af65999db5d9b8f72d53792", "parents": [ "8f82879901968d9793705eb1d06c9b32607ced13" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed May 09 13:01:16 2018 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu May 10 15:19:15 2018 -0700" }, "message": "Fix spurious error\n\nBug: 79542247\nTest: error no longer appears\nChange-Id: I2cf91c8cd937b81041a47e4b64a882445a80eb0b\n" }, { "commit": "0fd2626fc3457e4013a9949190c45aa5fb00c5d3", "tree": "fadf3aed43f4fecb94ca1fc48cceebbe5b5eba8d", "parents": [ "772cc85d712dd36e1a328bf6d2518103e1763f07" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jan 30 09:48:19 2018 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Feb 01 10:08:17 2018 -0800" }, "message": "Add a mount with metadata encryption service\n\nDon\u0027t use the FDE flow to support metadata encryption; just provide a\nvold service which directly mounts the volume and use that.\n\nBug: 63927601\nTest: Boot Taimen to SUW with and without metadata encryption.\nChange-Id: Ifc6a012c02c0ea66893020ed1d0da4cba6914aed\n" }, { "commit": "e2ee152e4641a6d59ab702ac2a7bd41be57089e1", "tree": "f0030cece4f84aed048dce8b1e2bf8563861a6c6", "parents": [ "77823360b457902869f041fa9128c06c15691c45" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Sep 26 14:05:26 2017 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Sep 26 14:21:10 2017 -0700" }, "message": "Refactor of use of fstab in advance of fix.\n\nTest: Ensure device still boots.\nBug: 65737446\nChange-Id: Ie466db9f5d8c77656cc525c0d49fe6a3cce154f1\n" }, { "commit": "e2e2d308df2da26838de32852318bc2cb690d052", "tree": "6637d5b5af5d3dc50fe68edc6dc0525f3ea92983", "parents": [ "53deec14b8418abbc1a6f30ff89629710437279f" ], "author": { "name": "Pavel Grafov", "email": "pgrafov@google.com", "time": "Tue Aug 01 17:15:53 2017 +0100" }, "committer": { "name": "Pavel Grafov", "email": "pgrafov@google.com", "time": "Thu Aug 10 17:31:03 2017 +0100" }, "message": "Zero memory used for encryuption keys.\n\nstd::vector with custom zeroing allocator is used instead of\nstd::string for data that can contain encryption keys.\n\nBug: 64201177\nTest: manually created a managed profile, changed it\u0027s credentials\nTest: manually upgraded a phone with profile from O to MR1.\nChange-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd\n" }, { "commit": "e4c93da49297f70c8f0fc11fbc5c21efeedc5e98", "tree": "bac676058cb07bab053c856b08e79a8527c64e3c", "parents": [ "9a64a4e3650710f66bab0504086052df600e373a" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Jun 16 09:21:18 2017 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Jun 16 16:14:03 2017 -0700" }, "message": "Abolish AutoCloseFD.h in favour of unique_fd\n\nAndroid has a standard way to do what AutoCloseFD.h does, so use that\ninstead. Refactor before work on the bug.\n\nBug: 36029169\nTest: Deleted a user and checked that secdiscard logs looked good.\nChange-Id: I5d8bedfb3fa1f032fd2bced88b1b561e4a8c2ff4\n" }, { "commit": "5b6c6a2c4a37d927ebc283a66d1ec94e29d54874", "tree": "b9da24c0e732172c0454c8b261855bb8bd9494f8", "parents": [ "3963b2364561a7d732995d5b8fec42097f548caa" ], "author": { "name": "Guang Zhu", "email": "guangzhu@google.com", "time": "Fri Apr 28 23:56:45 2017 +0000" }, "committer": { "name": "Guang Zhu", "email": "guangzhu@google.com", "time": "Fri Apr 28 23:58:39 2017 +0000" }, "message": "Revert \"Enable metadata encryption\"\n\nBug: 37792477\n\nThis reverts commit 3963b2364561a7d732995d5b8fec42097f548caa.\n\nChange-Id: I3b6bf5a9a4c3899aabe2c824d8498a06981daed8\n" }, { "commit": "3963b2364561a7d732995d5b8fec42097f548caa", "tree": "924fb009af2d68b4a7609241a133dbdae0550016", "parents": [ "d5759811ffe0eef50612dbd32166a08f0b32cfdc" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Tue Apr 25 09:26:56 2017 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Apr 28 16:44:23 2017 +0000" }, "message": "Enable metadata encryption\n\nBug: 26778031\nTest: Boots, reboots, sector 0 of userdata encrypted\n Make sure an FDE device, both default and password protected,\n boots.\n Make sure an FBE device without metadata encryption boots.\nChange-Id: Ic44a32ce7e9b978e9c9e2dc112b26206741c838d\n" }, { "commit": "d5759811ffe0eef50612dbd32166a08f0b32cfdc", "tree": "b9da24c0e732172c0454c8b261855bb8bd9494f8", "parents": [ "f71ace310eec3e39f0efefd51f62c9ccf4180f48" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jun 02 11:04:27 2016 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Apr 21 13:40:20 2017 -0700" }, "message": "Add support for metadata encryption\n\nSupport encrypting metadata in /userdata using the dm-default-key\ndriver with a key in the /metadata partition.\n\nBug: 29189559\nTest: Angler \u0026 Marlin build and boot\nChange-Id: I716b117508d4bb4f6a4039293acb848cbc60f67b\n" } ] }