)]}' { "log": [ { "commit": "72d07130acc866a23c505d4bb1bc8653061ab0c6", "tree": "12877fa8fb09b4b27e1a569552d856952a91b8e2", "parents": [ "213dbe30a1b0cfaa45c4a5cef141b96e6ffce3b1" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Mon Aug 10 10:55:56 2020 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Mon Aug 10 11:45:08 2020 -0700" }, "message": "vold: use __ANDROID_API_Q__ instead of pre_gki_level\n\nThe name \"pre_gki_level\" is causing some confusion because not all\ndevices launching with Android R are subject to the GKI requirement.\n(See b/161563110#comment11.) E.g., devices that use a 4.14-based kernel\nare exempt from GKI. However, the encryption requirements still apply.\n\nJust use __ANDROID_API_Q__ directly instead.\n\nNo change in behavior.\n\nChange-Id: Id02ae1140845ac1ae7cf78be4e57fe34da028abf\n" }, { "commit": "1bb7e8a9289fdcf8805aaff13a5745be13b83bac", "tree": "d2e9ed4834ec9036587b5984fbc80666ba6f879d", "parents": [ "b50480bb96dc27d9da49bd7bb51f589d0957f9df", "3fe931109c213dfe057161d8e32a4be3d3c8962c" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Thu Jun 18 21:56:10 2020 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Thu Jun 18 21:56:10 2020 +0000" }, "message": "Merge \"Don\u0027t call block checkpoint functions above dm-default-key\"" }, { "commit": "3fe931109c213dfe057161d8e32a4be3d3c8962c", "tree": "2cd7b368b5a46ba39f7e1b37f994c49e9a897934", "parents": [ "deb70854536ca7a8bddb11c95c311d3b784856aa" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Jun 12 08:12:48 2020 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Jun 12 09:13:42 2020 -0700" }, "message": "Don\u0027t call block checkpoint functions above dm-default-key\n\nBug: 156225476\nTest: Build for f2fs and ext4 device, make sure checkpoints roll back\nand commit\n\nChange-Id: Ic15fadc67d306463dd0b554f679306d8f9081451\n" }, { "commit": "7fbd8d4474aae8bda674c86c08224829ed90bf5d", "tree": "7a605841ecfd8957ae39966ca90d497b35246ffd", "parents": [ "e471d11d464735f8d979aac7f1d90d1ae9d74c72" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Mar 23 08:59:12 2020 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jun 02 11:16:55 2020 -0700" }, "message": "Record use of metadata encryption in property\n\nBug: 152150018\nTest: Cuttlefish with and without keydirectory option\nCherry-Picked-From: 94abae03a97bf67bc2cd04b6a74e07ed08bf30a0\nMerged-In: I400873ec207cb63f0407fefc83962bb3a927e294\nChange-Id: I400873ec207cb63f0407fefc83962bb3a927e294\n" }, { "commit": "28eddbd2ef55ecbc9f7eb6b40b24a4b6277917c0", "tree": "b70fc9c65a2b72d705d8809163a64acf6c0c9bce", "parents": [ "479588c68ef2328ba2cbc383cc23c319fa41b584" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Wed Apr 01 10:02:16 2020 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Apr 09 15:22:43 2020 -0600" }, "message": "Send earlyBootEnded notice to all Keymasters\n\nVold incorrectly sends the earlyBootEnded signal only to the Keymaster\ninstance used for device encryption, but all of them need it.\n\nBug: 152932559\nTest: VtsHalKeymasterV4_1TargetTest\nMerged-In: Id8f01a1dc7d2398395f369c3ea74656a82888829\nChange-Id: Id8f01a1dc7d2398395f369c3ea74656a82888829\n" }, { "commit": "f56d553babc368e557fe90513e78a5ba06626b0d", "tree": "d7c572630261aa8ab4ffaa349a43553d61072d0c", "parents": [ "10a372f1d20ea59cb73a41d423b99040c56c091b" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Sun Mar 22 08:02:06 2020 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Apr 06 08:45:32 2020 -0700" }, "message": "Choose options format using property\n\nTo make it easier to support disk formats created using old versions\nof dm-default-key with new kernels, choose the disk format to use\nbased on options_format_version and first_api_version properties\ninstead of checking the version number of the kernel module.\n\nBug: 150761030\nTest: crosshatch and cuttlefish boot normally; cuttlefish\n fails with \"default-key: Not enough arguments\" as expected when\n option is set to 1\nChange-Id: Ib51071b7c316ce074de72439741087b18335048c\n" }, { "commit": "48aa90cd6b71b65c259f50645edf25b2f7fa19b4", "tree": "d226cc63b65e73b5e20b4edd9cd6d43d07211d1e", "parents": [ "deb70854536ca7a8bddb11c95c311d3b784856aa" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Mar 02 12:57:58 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Mar 02 13:52:22 2020 -0800" }, "message": "Use the blk_device supplied by vdc encryptFstab\n\nfs_mgr may put other dm devices on top of the raw disk, such as for\ncheckpointing, and it hands metadata encryption the uppermost device in\nvdc. That\u0027s what should be encrypted, not the raw disk.\n\nBug: 150354860\nTest: Treehugger\nChange-Id: I279f087b1b7aded40c5a62281154851ce970ba70\n" }, { "commit": "886e572009bd09c3f2cc59d7b0e1683d76ef303c", "tree": "41df071739359e1fa20c173b52dbc125682a1aa9", "parents": [ "312b7df62158254a89df6cbf7d1ee3b146477511" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 07 12:51:56 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Feb 18 13:01:00 2020 -0800" }, "message": "On newer devices, use dm-default-key to encrypt SD cards\n\nThe dm-crypt solution requires a kernel patch that won\u0027t be present in\nthe GKI kernel, while the new metadata encryption system in the GKI\nkernel solves this problem in a much cleaner way.\n\nTest: create private volume on Cuttlefish, setting property both ways.\nBug: 147814592\nChange-Id: Ie02bd647c38d8101af2bbc47637f65845d312cea\n" }, { "commit": "312b7df62158254a89df6cbf7d1ee3b146477511", "tree": "80de85a8b84cbfdf3332683cf8aad1ac10fde6f5", "parents": [ "249c2fb4aa970e43cde7a5e4032506c40c8e9a0e" ], "author": { "name": "Barani Muthukumaran", "email": "quic_bmuthuku@quicinc.com", "time": "Thu Feb 06 22:56:27 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Feb 18 12:51:06 2020 -0800" }, "message": "vold: Wrapped key support for metadata encryption\n\nmetadata_encryption fstab option provides details on the cipher\nand flags used for metadata encryption. wrappedkey_v0 is provided\nto dm-default-key dm device when a wrapped key is used. The\ninline encryption hardware unwraps the key and derives the\nencryption key used to encrypt metadata without returning the key\nin the clear to software.\n\nBug: 147733587\nTest: FBE with metadata encryption using wrapped keys.\nChange-Id: Ibf69bdc12bb18d2f0aef8208e65f3a8dececfd2a\n" }, { "commit": "249c2fb4aa970e43cde7a5e4032506c40c8e9a0e", "tree": "05b3775de00906a9c83b7c9a925d0d592b230d2d", "parents": [ "8e0780cba28d974bd1dc3289a8eedbbfa6a8942b" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 07 12:51:56 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Feb 18 12:49:36 2020 -0800" }, "message": "Refactor: make makeGen local\n\nNo need for KeyUtil to know how to make a KeyGeneration, it\u0027s cleaner\nif each module handles it separately. Also, create a CryptoOptions\nstructure to track metadata encryption options, and simplify legacy\ncipher/option handling.\n\nTest: Treehugger\nBug: 147814592\nChange-Id: I740063882914097329ff72348d0c0855c26c7aab\n" }, { "commit": "4eac2647277f1edf6dc69a050a51cb49f526b69e", "tree": "f3973a179d7cf718a2fe1f7434b421a9dfdf50e6", "parents": [ "7566e467ab2d604970edca9de318f3cf5642b044" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Feb 12 11:04:05 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 14 13:59:06 2020 -0800" }, "message": "Refactor key generation to handle both normal and metadata encryption.\n\nBug: 147733587\nTest: Treehugger\nChange-Id: Iee176037dec2621c84da325c2627f988fcebbc8d\nMerged-In: Iee176037dec2621c84da325c2627f988fcebbc8d\n" }, { "commit": "572c024853b8004dd771daa6a9aa7a97614a8deb", "tree": "3e83d9f3a188046ddea22a931e5fcba52ffe9596", "parents": [ "220567c33a19128b0bfa9d0136f57812ea6a13fc" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 14 01:15:35 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 14 01:15:35 2020 -0800" }, "message": "Refactor MetadataCrypt.cpp to make create_crypto_blk_dev more general\n\nBug: 147814592\nTest: Treehugger\nChange-Id: I13c6f84d729f2953f78626493d6e6d34d578a013\n" }, { "commit": "220567c33a19128b0bfa9d0136f57812ea6a13fc", "tree": "76b1720a1ed8366ccbda3176f07eb3602ce636ee", "parents": [ "a661fb659b4f94218ca4fe8909d0906749023b34" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 07 12:45:20 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 14 00:48:27 2020 -0800" }, "message": "Generalize CryptoType infrastructure\n\nMore consistency between MetadataCrypt and cryptfs, and steps towards\nsupporting Adiantum properly in MetadataCrypt.\n\nTest: create private volume on Cuttlefish\nBug: 147814592\nChange-Id: Ic3993c1fde11b4f5a9e6cc8ee588a7d92241c6ab\n" }, { "commit": "3dfb094cb26cf37e14b3bbf81e31248b913b3e41", "tree": "60c22742e4653106e93c886e2aa003c3ae0cb0c2", "parents": [ "68b9fb10ae1bf1491c8dc6d854be900e62ebc090" ], "author": { "name": "Barani Muthukumaran", "email": "quic_bmuthuku@quicinc.com", "time": "Mon Feb 03 13:06:45 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Feb 12 14:26:26 2020 -0800" }, "message": "vold: Support Storage keys for FBE\n\nTo prevent keys from being compromised if an attacker\nacquires read access to kernel memory, some inline\nencryption hardware supports protecting the keys in\nhardware without software having access to or the\nability to set the plaintext keys. Instead, software\nonly sees \"wrapped keys\", which may differ on every boot.\n\n\u0027wrappedkey_v0\u0027 fileencryption flag is used to denote\nthat the device supports inline encryption hardware that\nsupports this feature. On such devices keymaster is used\nto generate keys with STORAGE_KEY tag and export a\nper-boot ephemerally wrapped storage key to install it in\nthe kernel.\n\nThe wrapped key framework in the linux kernel ensures the\nwrapped key is provided to the inline encryption hardware\nwhere it is unwrapped and the file contents key is derived\nto encrypt contents without revealing the plaintext key in\nthe clear.\n\nTest: FBE validation with Fscrypt v2 + inline crypt + wrapped\nkey changes kernel.\n\nBug: 147733587\n\nChange-Id: I1f0de61b56534ec1df9baef075acb74bacd00758\n" }, { "commit": "2b1ff5aaab693483dc1064137e46214baf3b00a7", "tree": "b7f9f823c2cc26112ea2a26bfe8d877b3fe676a8", "parents": [ "35f0f22c9b8cb9d8672c9cc5226c9037d621da7f" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Jan 16 14:08:36 2020 -0700" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Feb 11 15:51:04 2020 -0700" }, "message": "Have vold inform keymaster that early boot ended\n\nJust before mounting partition(s) not verified by verified boot, vold\nshould notify keymaster that early boot has ended so it won\u0027t allow\nEARLY_BOOT_ONLY keys to be created or used.\n\nTest: VtsHalKeymasterV4_1TargetTest\nChange-Id: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3\nMerged-In: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3\n" }, { "commit": "84e84c5f33b2a9fc5ff361b17d23dabfd97ce2a8", "tree": "deb9ff50461c22c8300e639cef19fab6ef7f0b01", "parents": [ "92a14b6b1666e5d1313c66a451e51007c38c9a02" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Jan 29 16:09:19 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 30 17:20:27 2020 -0800" }, "message": "Set metadata cipher in fstab\n\nBug: 147814592\nTest: Cuttlefish can use adiantum\nChange-Id: I6805ae4acff4dd1ff7cecff9153dbf29e0274165\n" }, { "commit": "92a14b6b1666e5d1313c66a451e51007c38c9a02", "tree": "302e4b94ed301e62ba9a383c9e83f29ef0e8e1c2", "parents": [ "c9b92f0c1771e397fcd3d81fe19f822f63fa3217" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jan 28 10:37:39 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 30 17:20:27 2020 -0800" }, "message": "Add support for v2 of dm-default-key\n\nVersion 2 of dm-default-key has an extra parameter and always sets the\nDUN.\n\nBug: 147814592\nTest: Cuttlefish boots with keydirectory flag\nTest: Crosshatch formatted before this change boots after it\nChange-Id: I59081e385324d2e34a5f252286a97938d6ffb79b\n" }, { "commit": "c9b92f0c1771e397fcd3d81fe19f822f63fa3217", "tree": "1fdf4343f5a5a121bdce283e891211c79a2dacad", "parents": [ "fda79ddd82427f8ea848a097fb3176edb1de62a1" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 30 15:26:15 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 30 16:02:37 2020 -0800" }, "message": "Rename key_dir to metadata_key_dir and refactor\n\nBug: 147814592\nTest: Crosshatch boots\nChange-Id: I9fce0ea5da9c81c2e4e9cf97b75c1cba821adf9e\n" }, { "commit": "77df7f207dcef1f967695fca2e131097abebe28c", "tree": "489bac5ff46816eed4adf17b11cf61044b96166c", "parents": [ "432ca5af06a540f627a3b82c870b9ec099f309b7" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 23 15:29:30 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jan 28 11:17:58 2020 -0800" }, "message": "Refactor to use EncryptionPolicy everywhere we used to use raw_ref\n\nTest: Boots, no bad log messages: Cuttlefish with v2 policies, Taimen\nBug: 147733587\nChange-Id: Ice4acac3236b6b7d90e60a2f57b46814aa1949f5\n" }, { "commit": "f850e6e5648a8dad7678730d5f5c1710f410f827", "tree": "1a6c03725114905a18091b9e9413fbcb1432f150", "parents": [ "6bdfb77d8b6e448f6c4b9c8eda648aeba32238d5" ], "author": { "name": "Nikita Ioffe", "email": "ioffe@google.com", "time": "Mon Dec 09 21:19:11 2019 +0000" }, "committer": { "name": "Nikita Ioffe", "email": "ioffe@google.com", "time": "Mon Dec 09 21:19:11 2019 +0000" }, "message": "Allow fscrypt_mount_metadata_encrypted to be called more than once\n\nIn case of userspace reboot, this function will be called again to\nremount userdata into checkpoint mode.\n\nTest: adb shell setprop sys.init.userdata_remount.force_umount_f2fs 1\nTest: adb shell /system/bin/vdc checkpoint startCheckpoint 1\nTest: adb reboot userspace\nTest: adb shell dumpsys activity\nBug: 135984674\nBug: 143970043\nChange-Id: I300b1960a6c4e95b13c43d806c4f3a9e4a612ac4\n" }, { "commit": "4b140d397f8283021f9be96cf07691179c4128e6", "tree": "3dcb634e3895279cea8c1784fe37f3039f2a3608", "parents": [ "5bcfb5bf45c570e6c956bf9243fa38efae5c538f" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Wed Aug 07 15:22:57 2019 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Wed Aug 14 10:00:09 2019 -0700" }, "message": "Fix ext4/metadata/udc issue\n\nTest: Cannot test since no device supports this combo\nBug: 137924328\nChange-Id: I451c90e0826ede71876f3e4f260e7083f3ab3fdb\n" }, { "commit": "236e5e800e18a0c1720ec1044a74c2700107c60c", "tree": "311f14a8aed9ca5ab9be6351875f895ada2c122f", "parents": [ "2ebb5c5b9679a8ce96927aac55d621884834d173" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Tue Jun 25 14:44:33 2019 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Wed Jun 26 15:19:24 2019 -0700" }, "message": "Make ext4 userdata checkpoints work with metadata encryption\n\nWhen both ext4 user data checkpoints and metadata encryption are\nenabled, we are creating two stacked dm devices. This had not been\nproperly thought through or debugged.\n\nTest: Enable metadata encryption on taimen (add\nkeydirectory\u003d/metadata/vold/metadata_encryption to flags for userdata in\nfstab.hardware)\n Unfortunately metadata is not wiped by fastboot -w, so it is\n necessary to rm metadata/vold -rf whenever you wipe data.\n fastboot flashall -w works\n fastboot reboot -w works\n A normal boot works\n Disable checkpoint commits with\n setprop persist.vold.dont_commit_checkpoint 1\n vdc checkpoint startCheckpoint 10\n adb reboot\n wait for device to fully boot then\n adb reboot\n Wait for device to fully boot then\n adb logcat -d | grep Checkpoint shows the rollback in the logs\n\n This tests encryption on top of checkpoints with commit, encryption\n without checkpoints, and rollback, which seems to be the key cases.\n\nBug: 135905679\nChange-Id: I8365a40298b752af4bb10d00d9ff58ce04beab1f\n" }, { "commit": "b92247368ae8456f0ada2c14b358500b642561e0", "tree": "bc800cd569320b3d582522b24faef70f552142c6", "parents": [ "19e74b3d1fb033a4dda3e55e04239c6feb10863e" ], "author": { "name": "David Anderson", "email": "dvander@google.com", "time": "Mon May 13 13:02:54 2019 -0700" }, "committer": { "name": "David Anderson", "email": "dvander@google.com", "time": "Mon May 13 13:07:12 2019 -0700" }, "message": "Replace manual dm ioctls with libdm.\n\nThis mostly 1:1 replaces manual ioctls to device-mapper with calls to\nlibdm. There were two exceptions:\n\n(1) There is a very old table-load-retry loop to workaround issues with\n umount (b/7220345). This loop has been preserved, however, it now\n includes DM_DEV_CREATE as well as DM_TABLE_LOAD.\n(2) There was some ancient code to set DM_DEV_GEOMETRY for obb\n dm-devices. This never did anything since geometry must be set after\n loading a table. When setting it before (as vold was doing), the\n subsequent DM_TABLE_LOAD will clear it.\n\nBug: 132206403\nTest: FBE device boots\n FBE device w/ metadata encryption boots\n FDE device boots\n atest StorageManagerIntegrationTest\nChange-Id: Ib6db6b47329f093ac7084edaf604eddace8b9ac6\n" }, { "commit": "4c5bde2b9258ccd8a023acfaf47d66758d88f828", "tree": "95ecfd4a22ebdc45993b7632175a4ddfc3ce82ac", "parents": [ "eb00112e09551e1957e9e119c58005992dee720b" ], "author": { "name": "Tom Cherry", "email": "tomcherry@google.com", "time": "Tue Jan 29 14:34:01 2019 -0800" }, "committer": { "name": "Tom Cherry", "email": "tomcherry@google.com", "time": "Thu Jan 31 12:34:39 2019 -0800" }, "message": "Move over to the C++ Fstab class\n\nTest: build and boot\nChange-Id: Id3850c9c133f6644073a2439368501253a2a94a9\n" }, { "commit": "7f3ab95b8d9184114277104c29bbbd2064fe5bc5", "tree": "970aaa7f5876295b13d89623d3265eda1655a359", "parents": [ "f028d279ae5d610b99007d0c9790a3bd8f27c94f" ], "author": { "name": "LongPing Wei", "email": "weilongping@huawei.com", "time": "Wed Jan 30 16:03:14 2019 +0800" }, "committer": { "name": "LongPing Wei", "email": "weilongping@huawei.com", "time": "Wed Jan 30 16:28:02 2019 +0800" }, "message": "Remove secontext.h, secontext.cpp, hash.h\n\ncryptfs.cpp and MetadataCrypt.cpp can use android::vold::sFsckContext directly.\nhash.h is unuseful.\n\nTest: make\nChange-Id: I7acdac97d6ed1c9b2a5dc367fcea8aa2942192e8\n" }, { "commit": "8ae16db72a259c604eded3532b37f629724a13a9", "tree": "e186646052441a232c128caad9335bd7fab11f78", "parents": [ "ef9abab5ee25c700c0f8e865a64d565b40e6d7ff" ], "author": { "name": "Greg Kaiser", "email": "gkaiser@google.com", "time": "Tue Dec 18 11:10:31 2018 -0800" }, "committer": { "name": "Greg Kaiser", "email": "gkaiser@google.com", "time": "Thu Dec 20 10:38:31 2018 -0800" }, "message": "vold: Pass std::string by const reference\n\nIn a couple places, we change to pass a std::string argument\ninstead of by copy.\n\nTest: TreeHugger\nChange-Id: Ib179299a2322fcbab4e6d192051218823ad66a36\n" }, { "commit": "690d6de5bf6ccec3aa6be456dd8e2ca3c18527b6", "tree": "0df3e05b19b13885208f6460dbcd56ad78a7bdc8", "parents": [ "ffa1bb03707cb03a07ebba4970c1d8a5a70e9542" ], "author": { "name": "Daniel Rosenberg", "email": "drosen@google.com", "time": "Fri Dec 14 01:08:10 2018 -0800" }, "committer": { "name": "Daniel Rosenberg", "email": "drosen@google.com", "time": "Fri Dec 14 14:55:28 2018 -0800" }, "message": "Add Support for metadata key with rollback\n\nThis adds the ability to upgrade a key and retain the\nold one for rollback purposes. We delete the old key\nif we boot successfully and delete the new key if we\ndo not.\n\nTest: Enable checkpointing and test rolling back\n between two versions\nBug: 111020314\n\nChange-Id: I19f31a1ac06a811c0644fc956e61b5ca84e7241a\n" }, { "commit": "a701c458ca6d36604f417f55e95c63493d1545d7", "tree": "5ba25fccd5eeb6a0b467142e4623d88a4072f952", "parents": [ "0016efbc446910650cc041194621cc8f9ba04151" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Oct 23 13:06:55 2018 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Oct 25 17:12:32 2018 -0700" }, "message": "vold: rename from \"ext4 encryption\" to fscrypt\n\nWe support file-based encryption on both ext4 and f2fs now, and the\nkernel API is the same. So rename things appropriately in vold:\n\n e4crypt \u003d\u003e fscrypt\n ext4enc \u003d\u003e fscrypt\n Ext4Crypt \u003d\u003e FsCrypt\n EXT4_* \u003d\u003e FS_*\n ext4_encryption_key \u003d\u003e fscrypt_key\n\nAdditionally, the common functions shared by \u0027vold\u0027 and \u0027init\u0027 are now\nin libfscrypt rather than ext4_utils. So update vold to link to\nlibfscrypt and include the renamed headers.\n\nNote: there\u0027s a chance of \u0027fscrypt\u0027 being confused with the dm-crypt\nbased encryption code in vold which is called \u0027cryptfs\u0027. However,\nfscrypt is the name used in the kernel for ext4/f2fs/ubifs encryption,\nand it\u0027s preferable to use the same name in userspace.\n\nTest: built, booted device with f2fs encryption\nChange-Id: I2a46a49f30d9c0b73d6f6fe09e4a4904d4138ff6\n" }, { "commit": "a3381ffc3f7e9159a49d07116a52c8827f05a79e", "tree": "387ae6abec7907cba43bddfe5e9836cd0a234dde", "parents": [ "a2a227e3826712c8388fcac7fb607a26bf22ccb6", "65f99c9e8bd3a546a5dd2f3f4bad1585afbf0dc8" ], "author": { "name": "Treehugger Robot", "email": "treehugger-gerrit@google.com", "time": "Tue Sep 25 21:52:19 2018 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Tue Sep 25 21:52:19 2018 +0000" }, "message": "Merge \"Add support for checkpointing\"" }, { "commit": "625dc787c629cd04e30328a9b1cf4a8e7d6210bc", "tree": "04c9c6fea77cf09ac6e441391a703787c1a63c85", "parents": [ "15b9656ae9acfbed4af62b8cecba30c35cd514a8" ], "author": { "name": "Oleksiy Avramchenko", "email": "oleksiy.avramchenko@sony.com", "time": "Wed May 23 10:50:46 2018 +0200" }, "committer": { "name": "John Eckerdal", "email": "john.eckerdal@sony.com", "time": "Mon Sep 24 14:25:24 2018 +0200" }, "message": "Add GetBlockDevSize, GetBlockDevSectors helpers\n\nHelpers to get a block device size in bytes or 512 byte sectors,\nusing BLKGETSIZE64 and returning value of uint64_t type.\n\nThis also removes get_blkdev_size().\n\nTest: build, manual, mount exFAT volume\nBug: 80202067\nChange-Id: Ib07e8ac6ef7ff49de0ed570d1fa202e8b558b80c\n" }, { "commit": "65f99c9e8bd3a546a5dd2f3f4bad1585afbf0dc8", "tree": "d2cc8c8f1e1e4e3bbbbd8667c16f4aafee347fcb", "parents": [ "15b9656ae9acfbed4af62b8cecba30c35cd514a8" ], "author": { "name": "Daniel Rosenberg", "email": "drosen@google.com", "time": "Tue Aug 28 01:58:49 2018 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Sep 21 21:54:11 2018 +0000" }, "message": "Add support for checkpointing\n\nCheckpointing uses a combination of files on the meta partition\nand the checkpoint\u003d fs_mgr flag. Checkpointed partitions will\nrevert to their starting state on reboot unless checkpoint commit\nis called.\n\nTest: Run vdc commands, check file on metadata\nMerged-In: Icba16578608a6cbf922472e9d4ae5b8cf5f016c6\nChange-Id: Icba16578608a6cbf922472e9d4ae5b8cf5f016c6\n" }, { "commit": "14c8c0765a2968f8605c58f27dc68dcc3b6b0807", "tree": "7c7981c54cadbcb3689996815d5b89f8b4159922", "parents": [ "1251ef0bcfb82ff7aef2c4472620e6565d0c4ba6" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Sep 18 13:30:21 2018 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Sep 18 15:41:22 2018 -0700" }, "message": "clang-format many files.\n\nTest: Format-only changes; treehugger suffices.\nChange-Id: I23cde3f0bbcac13bef555d13514e922c79d5ad48\n" }, { "commit": "98a23a19d123a4714c30f8892bc971ef84b59214", "tree": "20fd9318cf7249973af65999db5d9b8f72d53792", "parents": [ "8f82879901968d9793705eb1d06c9b32607ced13" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed May 09 13:01:16 2018 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu May 10 15:19:15 2018 -0700" }, "message": "Fix spurious error\n\nBug: 79542247\nTest: error no longer appears\nChange-Id: I2cf91c8cd937b81041a47e4b64a882445a80eb0b\n" }, { "commit": "0fd2626fc3457e4013a9949190c45aa5fb00c5d3", "tree": "fadf3aed43f4fecb94ca1fc48cceebbe5b5eba8d", "parents": [ "772cc85d712dd36e1a328bf6d2518103e1763f07" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jan 30 09:48:19 2018 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Feb 01 10:08:17 2018 -0800" }, "message": "Add a mount with metadata encryption service\n\nDon\u0027t use the FDE flow to support metadata encryption; just provide a\nvold service which directly mounts the volume and use that.\n\nBug: 63927601\nTest: Boot Taimen to SUW with and without metadata encryption.\nChange-Id: Ifc6a012c02c0ea66893020ed1d0da4cba6914aed\n" }, { "commit": "e2ee152e4641a6d59ab702ac2a7bd41be57089e1", "tree": "f0030cece4f84aed048dce8b1e2bf8563861a6c6", "parents": [ "77823360b457902869f041fa9128c06c15691c45" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Sep 26 14:05:26 2017 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Sep 26 14:21:10 2017 -0700" }, "message": "Refactor of use of fstab in advance of fix.\n\nTest: Ensure device still boots.\nBug: 65737446\nChange-Id: Ie466db9f5d8c77656cc525c0d49fe6a3cce154f1\n" }, { "commit": "e2e2d308df2da26838de32852318bc2cb690d052", "tree": "6637d5b5af5d3dc50fe68edc6dc0525f3ea92983", "parents": [ "53deec14b8418abbc1a6f30ff89629710437279f" ], "author": { "name": "Pavel Grafov", "email": "pgrafov@google.com", "time": "Tue Aug 01 17:15:53 2017 +0100" }, "committer": { "name": "Pavel Grafov", "email": "pgrafov@google.com", "time": "Thu Aug 10 17:31:03 2017 +0100" }, "message": "Zero memory used for encryuption keys.\n\nstd::vector with custom zeroing allocator is used instead of\nstd::string for data that can contain encryption keys.\n\nBug: 64201177\nTest: manually created a managed profile, changed it\u0027s credentials\nTest: manually upgraded a phone with profile from O to MR1.\nChange-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd\n" }, { "commit": "e4c93da49297f70c8f0fc11fbc5c21efeedc5e98", "tree": "bac676058cb07bab053c856b08e79a8527c64e3c", "parents": [ "9a64a4e3650710f66bab0504086052df600e373a" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Jun 16 09:21:18 2017 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Jun 16 16:14:03 2017 -0700" }, "message": "Abolish AutoCloseFD.h in favour of unique_fd\n\nAndroid has a standard way to do what AutoCloseFD.h does, so use that\ninstead. Refactor before work on the bug.\n\nBug: 36029169\nTest: Deleted a user and checked that secdiscard logs looked good.\nChange-Id: I5d8bedfb3fa1f032fd2bced88b1b561e4a8c2ff4\n" }, { "commit": "5b6c6a2c4a37d927ebc283a66d1ec94e29d54874", "tree": "b9da24c0e732172c0454c8b261855bb8bd9494f8", "parents": [ "3963b2364561a7d732995d5b8fec42097f548caa" ], "author": { "name": "Guang Zhu", "email": "guangzhu@google.com", "time": "Fri Apr 28 23:56:45 2017 +0000" }, "committer": { "name": "Guang Zhu", "email": "guangzhu@google.com", "time": "Fri Apr 28 23:58:39 2017 +0000" }, "message": "Revert \"Enable metadata encryption\"\n\nBug: 37792477\n\nThis reverts commit 3963b2364561a7d732995d5b8fec42097f548caa.\n\nChange-Id: I3b6bf5a9a4c3899aabe2c824d8498a06981daed8\n" }, { "commit": "3963b2364561a7d732995d5b8fec42097f548caa", "tree": "924fb009af2d68b4a7609241a133dbdae0550016", "parents": [ "d5759811ffe0eef50612dbd32166a08f0b32cfdc" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Tue Apr 25 09:26:56 2017 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Apr 28 16:44:23 2017 +0000" }, "message": "Enable metadata encryption\n\nBug: 26778031\nTest: Boots, reboots, sector 0 of userdata encrypted\n Make sure an FDE device, both default and password protected,\n boots.\n Make sure an FBE device without metadata encryption boots.\nChange-Id: Ic44a32ce7e9b978e9c9e2dc112b26206741c838d\n" }, { "commit": "d5759811ffe0eef50612dbd32166a08f0b32cfdc", "tree": "b9da24c0e732172c0454c8b261855bb8bd9494f8", "parents": [ "f71ace310eec3e39f0efefd51f62c9ccf4180f48" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jun 02 11:04:27 2016 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Apr 21 13:40:20 2017 -0700" }, "message": "Add support for metadata encryption\n\nSupport encrypting metadata in /userdata using the dm-default-key\ndriver with a key in the /metadata partition.\n\nBug: 29189559\nTest: Angler \u0026 Marlin build and boot\nChange-Id: I716b117508d4bb4f6a4039293acb848cbc60f67b\n" } ] }