)]}' { "log": [ { "commit": "b615f3beac9681f074f56234142931c66b6e8fbb", "tree": "f2693e6b758a4dc127d61eef5a5832e1bb79d790", "parents": [ "f13b5d9aa2ab42363c41ff64f90a11249851f761" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Wed Nov 09 05:48:45 2022 +0000" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Mon Nov 14 17:45:32 2022 +0000" }, "message": "Defer CE key fixations to checkpoint commit\n\nOn the first boot after an upgrade, ensure that any Keystore key\ndeletions triggered by fscrypt_set_user_key_protection() are deferred\nuntil the userdata filesystem checkpoint is committed, so that the\nsystem doesn\u0027t end up in a bad state if the checkpoint is rolled back.\n\nTest: see I77d30f9be57de7b7c4818680732331549ecb73c8\nBug: 232452368\nIgnore-AOSP-First: depends on other changes in internal master\nChange-Id: I59b758bc13b7a2ae270f1a6c409affe2eb61119c\n" }, { "commit": "d86a8abec7afecaf58795a6ef5a8e2f81cafdcce", "tree": "90c5e5f033cd8a5ce6dbb0ba4e51e6a603616b80", "parents": [ "e33bd41f495dbf4a0d92158390c9955ffe2de1b6" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Jun 15 11:34:00 2021 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Jun 15 12:07:15 2021 -0700" }, "message": "Replace most references to Keymaster with Keystore\n\nNow that vold uses Keystore2 rather than the Keymaster HAL directly, and\nalso the new version of Keymaster is called \"KeyMint\" instead, replace\nmost of the references to Keymaster in vold with Keystore.\n\n(I decided not to include the \"2\" in most places, as it seemed\nunnecessarily precise in most places, and it would be something that\nmight need to keep being updated. Only Keystore.{cpp,h} really need to\ncare about the version number.)\n\nI didn\u0027t rename many things in cryptfs.cpp, as that file will be going\naway soon anyway. I also left \"wait_for_keymaster\" and \"vdc keymaster\nearlyBootEnded\" as-is for now, as those are referenced outside vold.\n\nBug: 183669495\nChange-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8\n" }, { "commit": "351a4af7169c68385caa3f69ba801018131089ab", "tree": "e8316a9f0bed9955cacde3a7dbf2eb0cc2c1a631", "parents": [ "0f890a93e191777f885590384c33139646ea26b8" ], "author": { "name": "Satya Tangirala", "email": "satyat@google.com", "time": "Tue Jun 08 12:55:37 2021 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Jun 08 15:57:31 2021 -0700" }, "message": "Don\u0027t export storeKey(), and update comments\n\nstoreKey() is no longer used outside KeyStorage.cpp, so make it a static\nfunction. Also fix the documentation for storeKey() (e.g. it\u0027s no\nlonger safe to directly move/rename directories created by storeKey() --\none must use RenameKeyDir() instead).\n\nNo functional changes.\n\n[ebiggers@ - cleaned up slightly from satyat@\u0027s original change]\n\nBug: 190398249\nChange-Id: I85918359e77bef414dfddfe5ded30fcde6514013\n" }, { "commit": "0f890a93e191777f885590384c33139646ea26b8", "tree": "82135d195b8cffe9d5209343e1f8b6065b4ffda1", "parents": [ "107d21d4842ff8764decd4575d69c8d9d2144aee" ], "author": { "name": "Satya Tangirala", "email": "satyat@google.com", "time": "Tue Jun 08 12:55:24 2021 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Jun 08 15:57:31 2021 -0700" }, "message": "Always use RenameKeyDir() when moving/renaming key directories\n\nMake fixate_user_ce_key() use RenameKeyDir() to rename key directories\nso that any deferred commits for these directories are also updated\nappropriately.\n\nThis fixes a potential lost Keymaster key upgrade if a key were to be\nre-wrapped while a user data checkpoint is pending. This isn\u0027t a huge\nissue as the key will just get upgraded again, but this should be fixed.\n\n[ebiggers@ - cleaned up slightly from satyat@\u0027s original change]\n\nBug: 190398249\nChange-Id: Ic6c5b4468d07ab335368e3d373916145d096af01\n" }, { "commit": "6b98fb6122df0705a5169c1deed586200b358244", "tree": "0a5fa152ce2b7cfbc4ce5bde3d4fa37702b57297", "parents": [ "478cea9783d732d2a93bd056463a406801da5378" ], "author": { "name": "Satya Tangirala", "email": "satyat@google.com", "time": "Tue May 11 19:48:47 2021 -0700" }, "committer": { "name": "Satya Tangirala", "email": "satyat@google.com", "time": "Wed May 12 13:05:35 2021 -0700" }, "message": "Remove unused constants and cleanup KeyStorage.cpp\n\nNow that the salt and hardware auth token related code has been removed,\nwe can remove the associated (and now unused) constants.\n\nAlso cleanup some comments and remove includes related to hardware auth\ntoken support.\n\nBug: 181910578\nTest: Cuttlefish boots.\nChange-Id: I3733d5c6bbf6989adc165c554ee53faa2484f4b6\n" }, { "commit": "e13617100d40079b79863ed504c79e7ef22b084e", "tree": "8054c412b93eb34e8edabd4d57580317d697e6d9", "parents": [ "159a11f600e31eb287600b653fbfe9e8a2283462" ], "author": { "name": "Satya Tangirala", "email": "satyat@google.com", "time": "Mon Mar 15 15:33:08 2021 -0700" }, "committer": { "name": "Satya Tangirala", "email": "satyat@google.com", "time": "Wed Apr 07 02:05:35 2021 -0700" }, "message": "Remove HardwareAuthToken support from vold::Keymaster\n\nHardwareAuthTokens are no longer used by vold since Android P. So remove\nthe auth token parameter from vold. This patch doesn\u0027t remove the token\nfrom IVold.aidl, and the methods in VoldNativeService.cpp return an\nerror if a non-empty auth token is passed to them.\n\nBug: 181910578\nTest: cuttlefish and bramble boot with patch\nChange-Id: I1a9f54e10f9efdda9973906afd0a5de5a699ada5\n" }, { "commit": "3345a2a98c2867bb8c34b8a22a6cd2a1d35aeea8", "tree": "5b25e2f0617371c830ca160ab2694eca2a356e8c", "parents": [ "bd138dd08a905231b003576642337e712c131e1c" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Feb 16 15:59:17 2021 -0800" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Feb 16 16:05:38 2021 -0800" }, "message": "Sync parent directory in storeKeyAtomically()\n\nWhen an FBE or metadata encryption key is created, it\u0027s important that\nit be persisted to disk right away; otherwise the device may fail to\nboot after an unclean shutdown. storeKey() has the needed fsync()s.\nHowever, storeKeyAtomically() doesn\u0027t, as it doesn\u0027t fsync() the parent\ndirectory of key_path after it renames tmp_path to it.\n\nTwo callers do fsync() the parent directory themselves, but others\ndon\u0027t. E.g., the metadata encryption key doesn\u0027t get properly synced.\n\nTherefore, add the needed fsync() to storeKeyAtomically() so that it\ngets done for everyone.\n\nAlso remove the now-unneeded fsync()s from the two callers that did it\nthemselves.\n\nChange-Id: I342ebd94f0a3d2bf3a7a443c35b6bda0f12e1ab2\n" }, { "commit": "bd138dd08a905231b003576642337e712c131e1c", "tree": "61a2524aad1c113bc8eb219948f1daab98350e77", "parents": [ "810bcca4d05eb1283cbac0567c673d2dae76e893" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Feb 16 15:59:17 2021 -0800" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Feb 16 16:05:38 2021 -0800" }, "message": "Move pathExists() to Utils.cpp\n\nThis is useful as a general utility function.\n\nChange-Id: Id43fc106dc6c544c6e4ce65f10c7d4246b99e54a\n" }, { "commit": "5a43d61e66576733d6b6e3335cd3b35e8c984a0c", "tree": "f08f4a8743287eb1ac9a4af9cebf8baa57ac3825", "parents": [ "d9cf8590cbf302026a1422865c9a85e5f9e77b46" ], "author": { "name": "Seth Moore", "email": "sethmo@google.com", "time": "Tue Jan 19 17:51:51 2021 +0000" }, "committer": { "name": "Seth Moore", "email": "sethmo@google.com", "time": "Tue Jan 26 21:30:19 2021 +0000" }, "message": "Add support for binding storage encryption to a seed\n\nWith this change, vold exposes an API that may be used to bind key\nstorage encryption keys to a given seed value. The seed value passed to\nvold must be consistent across reboots, or key storage keys will not be\nderived consistently. The seed is expected to be set very early in boot,\nprior to the use of any key storage encryption keys.\n\nThis feature is intended to be used for embedded applications such as\nin autos, where the seed may be provided by some other component of the\nsystem. In such systems, there is a default user that is automatically\nsigned in without a PIN or other credentials. By binding the file\nencryption to a platform-provided seed, the default user\u0027s data gains\nadditional protection against removal of the Android embedded device\nfrom the integrated system.\n\nBug: 157501579\nTest: Set seed at startup via init.rc. Seed changes fail as expected.\nChange-Id: I9b048ec5e045b84c45883724ace2356d4ef6244d\n" }, { "commit": "f74373b17758886ba2880fc1ed838689e2022467", "tree": "97f6cf28e280832680ba2095d95c7ceab3a87f97", "parents": [ "e244a15f34ae2e85e3f5b40be0bf252e37eab56b" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Nov 05 19:58:26 2020 -0800" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Nov 05 19:58:26 2020 -0800" }, "message": "KeyStorage: rework key upgrade handling\n\nRemove the error-prone \u0027keepOld\u0027 parameter, and instead make begin()\n(renamed to BeginKeymasterOp()) do all the key upgrade handling.\n\nDon\u0027t handle /data and /metadata differently anymore. Previously, when\na checkpoint is active, key blob files were replaced on /data\nimmediately; only the actual Keymaster key deletion was delayed until\ncheckpoint commit. But it\u0027s easier to just delay the key blob file\nreplacement too, as we have to implement that for /metadata anyway.\n\nAlso be more vigilant about deleting any leftover upgraded keys.\n\nTest: Tested on bramble using an OTA rvc-d1-release \u003d\u003e master. In OTA\n success case, verified via logcat that the keys were upgraded and\n then were committed after the boot succeeded. In OTA failure\n case, verified that the device still boots -- i.e., the old keys\n weren\u0027t lost. Verified that in either case, no\n keymaster_key_blob_upgraded files were left over. Finally, also\n tried \u0027pm create-user\u0027 and \u0027pm remove-user\u0027 and verified via\n logcat that the Keymaster keys still get deleted.\nChange-Id: Ic9c3e63e0bcae0c608fc79050ca4a1676b3852ee\n" }, { "commit": "c493903732d0c17b33091cf722cbcc3262292801", "tree": "b89f8a12070e81c3e541ce7e21336c4497fbe0d7", "parents": [ "569fb8365ed365ae8997cdc3d790f0a7b1af242a" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Oct 29 12:59:28 2020 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Fri Oct 30 14:53:43 2020 -0700" }, "message": "KeyUtil: don\u0027t use keepOld\u003dtrue for system DE and volume keys\n\nCommit 77df7f207dce / http://aosp/1217657 (\"Refactor to use\nEncryptionPolicy everywhere we used to use raw_ref\") unintentionally\nmade fscrypt_initialize_systemwide_keys() start specifying keepOld\u003dtrue\n(via default parameter value) when retrieving the system DE key, and\nlikewise for read_or_create_volkey() and volume keys.\n\nAs a result, if the associated Keymaster key needs to be upgraded, the\nupgraded key blob gets written to \"keymaster_key_blob_upgraded\", but it\ndoesn\u0027t replace the original \"keymaster_key_blob\", nor is the original\nkey deleted from Keymaster. This happens at every boot, eventually\nresulting in the RPMB partition in Keymaster becoming full.\n\nOnly the metadata encryption key ever needs keepOld\u003dtrue, since it\u0027s the\nonly key that isn\u0027t stored in /data, and the purpose of keepOld\u003dtrue is\nto allow a key that isn\u0027t stored in /data to be committed or rolled back\nwhen a userdata checkpoint is committed or rolled back.\n\nSo, fix this bug by removing the default value of keepOld, and\nspecifying false everywhere except the metadata encryption key.\n\nNote that when an affected device gets this fix, it will finally upgrade\nits system DE key correctly. However, this fix doesn\u0027t free up space in\nKeymaster that was consumed by this bug.\n\nTest: On bramble:\n - Flashed rvc-d1-dev build, with wiping userdata\n - Flashed a newer build, without wiping userdata\n - Log expectedly shows key upgrades:\n $ adb logcat | grep \u0027Upgrading key\u0027\n D vold : Upgrading key: /metadata/vold/metadata_encryption/key\n D vold : Upgrading key: /data/unencrypted/key\n D vold : Upgrading key: /data/misc/vold/user_keys/de/0\n D vold : Upgrading key: /data/misc/vold/user_keys/ce/0/current\n - Rebooted\n - Log unexpectedly shows the system DE key being upgraded again:\n $ adb logcat | grep \u0027Upgrading key\u0027\n D vold : Upgrading key: /data/unencrypted/key\n - \"keymaster_key_blob_upgraded\" unexpectedly still exists:\n $ adb shell find /data /metadata -name keymaster_key_blob_upgraded\n /data/unencrypted/key/keymaster_key_blob_upgraded\n - Applied this fix and flashed, without wiping userdata\n - Log shows system DE key being upgraded (expected because due to the\n bug, the upgraded key didn\u0027t replace the original one before)\n $ adb logcat | grep \u0027Upgrading key\u0027\n D vold : Upgrading key: /data/unencrypted/key\n - \"keymaster_key_blob_upgraded\" expectedly no longer exists\n $ adb shell find /data /metadata -name keymaster_key_blob_upgraded\n - Rebooted\n - Log expectedly doesn\u0027t show any more key upgrades\n $ adb logcat | grep \u0027Upgrading key\u0027\nBug: 171944521\nBug: 172019387\nChange-Id: I42d3f5fbe32cb2ec229f4b614cfb271412a3ed29\n" }, { "commit": "3dfb094cb26cf37e14b3bbf81e31248b913b3e41", "tree": "60c22742e4653106e93c886e2aa003c3ae0cb0c2", "parents": [ "68b9fb10ae1bf1491c8dc6d854be900e62ebc090" ], "author": { "name": "Barani Muthukumaran", "email": "quic_bmuthuku@quicinc.com", "time": "Mon Feb 03 13:06:45 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Feb 12 14:26:26 2020 -0800" }, "message": "vold: Support Storage keys for FBE\n\nTo prevent keys from being compromised if an attacker\nacquires read access to kernel memory, some inline\nencryption hardware supports protecting the keys in\nhardware without software having access to or the\nability to set the plaintext keys. Instead, software\nonly sees \"wrapped keys\", which may differ on every boot.\n\n\u0027wrappedkey_v0\u0027 fileencryption flag is used to denote\nthat the device supports inline encryption hardware that\nsupports this feature. On such devices keymaster is used\nto generate keys with STORAGE_KEY tag and export a\nper-boot ephemerally wrapped storage key to install it in\nthe kernel.\n\nThe wrapped key framework in the linux kernel ensures the\nwrapped key is provided to the inline encryption hardware\nwhere it is unwrapped and the file contents key is derived\nto encrypt contents without revealing the plaintext key in\nthe clear.\n\nTest: FBE validation with Fscrypt v2 + inline crypt + wrapped\nkey changes kernel.\n\nBug: 147733587\n\nChange-Id: I1f0de61b56534ec1df9baef075acb74bacd00758\n" }, { "commit": "8ae16db72a259c604eded3532b37f629724a13a9", "tree": "e186646052441a232c128caad9335bd7fab11f78", "parents": [ "ef9abab5ee25c700c0f8e865a64d565b40e6d7ff" ], "author": { "name": "Greg Kaiser", "email": "gkaiser@google.com", "time": "Tue Dec 18 11:10:31 2018 -0800" }, "committer": { "name": "Greg Kaiser", "email": "gkaiser@google.com", "time": "Thu Dec 20 10:38:31 2018 -0800" }, "message": "vold: Pass std::string by const reference\n\nIn a couple places, we change to pass a std::string argument\ninstead of by copy.\n\nTest: TreeHugger\nChange-Id: Ib179299a2322fcbab4e6d192051218823ad66a36\n" }, { "commit": "690d6de5bf6ccec3aa6be456dd8e2ca3c18527b6", "tree": "0df3e05b19b13885208f6460dbcd56ad78a7bdc8", "parents": [ "ffa1bb03707cb03a07ebba4970c1d8a5a70e9542" ], "author": { "name": "Daniel Rosenberg", "email": "drosen@google.com", "time": "Fri Dec 14 01:08:10 2018 -0800" }, "committer": { "name": "Daniel Rosenberg", "email": "drosen@google.com", "time": "Fri Dec 14 14:55:28 2018 -0800" }, "message": "Add Support for metadata key with rollback\n\nThis adds the ability to upgrade a key and retain the\nold one for rollback purposes. We delete the old key\nif we boot successfully and delete the new key if we\ndo not.\n\nTest: Enable checkpointing and test rolling back\n between two versions\nBug: 111020314\n\nChange-Id: I19f31a1ac06a811c0644fc956e61b5ca84e7241a\n" }, { "commit": "26a53888a4efa4a966db189dd0b614f7573b2760", "tree": "e9dd12e8c9013fae4064fc073243888cf1f9b58b", "parents": [ "c6433a299df633c45d714a20fe3672b9b86d9312" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Oct 26 11:16:39 2017 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Oct 26 12:19:09 2017 -0700" }, "message": "When we forget a volume, forget per-volume key\n\nProtect all per-volume-per-user keys with a per-volume key, which is\nforgotten when the volume is forgotten. This means that the user\u0027s key\nis securely lost even when their storage is encrypted at forgetting\ntime.\n\nBug: 25861755\nTest: create a volume, forget it, check logs and filesystem.\nChange-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378\n" }, { "commit": "e2e2d308df2da26838de32852318bc2cb690d052", "tree": "6637d5b5af5d3dc50fe68edc6dc0525f3ea92983", "parents": [ "53deec14b8418abbc1a6f30ff89629710437279f" ], "author": { "name": "Pavel Grafov", "email": "pgrafov@google.com", "time": "Tue Aug 01 17:15:53 2017 +0100" }, "committer": { "name": "Pavel Grafov", "email": "pgrafov@google.com", "time": "Thu Aug 10 17:31:03 2017 +0100" }, "message": "Zero memory used for encryuption keys.\n\nstd::vector with custom zeroing allocator is used instead of\nstd::string for data that can contain encryption keys.\n\nBug: 64201177\nTest: manually created a managed profile, changed it\u0027s credentials\nTest: manually upgraded a phone with profile from O to MR1.\nChange-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd\n" }, { "commit": "2436e27717180a43425c6d2b46df3f8868f120c1", "tree": "459cea75563efa400ec51acf22428115078c917b", "parents": [ "e437bad8073c34176016ed90350bc037933ebff4" ], "author": { "name": "Rubin Xu", "email": "rubinxu@google.com", "time": "Thu Apr 27 20:43:10 2017 +0100" }, "committer": { "name": "Rubin Xu", "email": "rubinxu@google.com", "time": "Tue May 16 12:44:02 2017 +0100" }, "message": "Add secdiscard command for secure deletion of files\n\nThis is used by LockSettingsService to delete sensitive credential files.\n\nBug: 34600579\nTest: manual - change device lock under synthetic password, verify\n old data on disk is erased.\n\nChange-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555\n" }, { "commit": "f71ace310eec3e39f0efefd51f62c9ccf4180f48", "tree": "85b507c67ffc3527a069f98065f50e471c73bbc6", "parents": [ "5e32f9c8fc6afdaa9e016e0048ab22bfdffdce77" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jun 02 11:01:19 2016 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Apr 21 10:47:17 2017 -0700" }, "message": "Refactor to lay the groundwork for metadata encryption\n\nBug: 26778031\nTest: Angler, Marlin build and boot\nChange-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5\n" }, { "commit": "6ab2cabd1941bc20bc595e0dd9b4f1f2edb4a39f", "tree": "a40b388555d21a4ee84c69afc674cebd7d81a100", "parents": [ "d8c0a7e426aad56fe22dc6441473c15e9b216c20" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Jan 04 22:32:40 2017 -0800" }, "committer": { "name": "Rubin Xu", "email": "rubinxu@google.com", "time": "Mon Feb 13 23:37:31 2017 +0000" }, "message": "Support keys with a secret but no token, which are handled not using\nKeymaster but in-process crypto.\n\nBug: 33384925\nTest: manual for now: patch KeyAuthentication.usesKeymaster() to always return true;\n flash a FBE device, add a device PIN, reboot and verify PIN can unlock FBE.\n Then clear device PIN, reboot and verify FBE is unlocked automatically.\n In both cases, check there is no keymaster_key_blob in\n /data/misc/vold/user_keys/ce/0/current/\n Unit tests to be added.\nChange-Id: Ia94e2b39d60bfd98c7a8347a5ba043eeab6928c5\n" }, { "commit": "df528a7011b302c91579898c4a37361214ab05bb", "tree": "371c144d17da3da79a96c5eb7736ce89c7abe4f5", "parents": [ "a051eb7a22b7cd97e66d2f22b64884f8ebc73952" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Mar 09 09:31:37 2016 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Mar 09 09:34:13 2016 -0800" }, "message": "Run clang-format over ext4crypt related code\n\nThe formatting here is inconsistent with Android house style; use\nclang-format to bring it back into line.\n\nChange-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb\n" }, { "commit": "a051eb7a22b7cd97e66d2f22b64884f8ebc73952", "tree": "c1a7230be3f042d281412c392754cbab63a3bd47", "parents": [ "320e5e15b621da57a947adc896f7bb8357038bee" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Mar 08 16:08:32 2016 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Mar 09 09:32:02 2016 -0800" }, "message": "Use pointers not references for out arguments\n\nGoogle/Android C++ style requires that arguments passed in for writing\nshould be pointers, not references, so that it\u0027s visible in the caller\nthat they\u0027ll be written to.\n\nBug: 27566014\nChange-Id: I5cd55906cc4b2f61c8b97b223786be0b3ce28862\n" }, { "commit": "0572080814ea5f7456d9feea05f936c858178159", "tree": "1e30986d3d0adde4843367ba25d69353b81a9fb6", "parents": [ "1ab7349e49dc8f53360750833d7e4e942f4408a8" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Feb 08 15:55:41 2016 +0000" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Feb 08 20:03:57 2016 +0000" }, "message": "Password security for FBE disk encryption keys\n\nAdded a new call change_user_key which changes the way that disk\nencryption keys are protected; a key can now be protected with a\ncombination of an auth token and a secret which is a hashed password.\nBoth of these are passed to unlock_user_key.\n\nThis change introduces a security bug, b/26948053, which must be fixed\nbefore we ship.\n\nBug: 22950892\nChange-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf\n" }, { "commit": "13ffd8ef7a02a1b4b4d9a74f45d4a5bb6b814313", "tree": "f57d24094f4de898e25d647a3d8736191c39770f", "parents": [ "c5fdb4b8d331ef287a80fa556f7e801420a8ce2e" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Jan 27 14:30:22 2016 +0000" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Jan 27 15:54:35 2016 +0000" }, "message": "Improvements to the key storage module\n\nThe key storage module didn\u0027t comply with Android coding standards\nand had room for improvemnet in a few other ways, so have cleaned up.\n\nChange-Id: I260ccff316423169cf887e538113b5ea400892f2\n" }, { "commit": "1ef255816c50e462acc23383a9ff747c5f55c4ff", "tree": "2db97d6f6d61394c0f37ad14ee49d5fd33575421", "parents": [ "a042cb5761f4bf954645b404ae5bb0a0d5b583fd" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 21 20:26:12 2016 +0000" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jan 26 18:24:03 2016 +0000" }, "message": "Use a keymaster-based key storage module\n\nInstead of writing raw keys, encrypt the keys with keymaster. This\npaves the way to protecting them with auth tokens and passwords later.\nIn addition, fold in the hash of a 16k file into their encryption, to\nensure secure deletion works properly.\n\nNow even C++ier!\n\nBug: 22502684\nBug: 22950892\nChange-Id: If70f139e342373533c42d5a298444b8438428322\n" } ] }