)]}' { "log": [ { "commit": "f038c5f5e18f9ebcc6bddcff2bc75abdd4aa7bc8", "tree": "656c1179d649fe41672fcd65ed0e02e667ac653a", "parents": [ "7e70d6939d848e6c9000444d162ff6e907ae4534" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Nov 03 14:11:02 2020 -0800" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Nov 03 14:16:32 2020 -0800" }, "message": "Refactor EncryptInplace.cpp\n\nRefactor EncryptInplace.cpp to simplify and improve it a lot. This is\neverything that didn\u0027t fit into prior commits, including:\n\n- Share a lot more code between ext4, f2fs, and full encryption.\n\n- Improve the log messages. Most importantly, don\u0027t spam the log with\n huge numbers of messages, and don\u0027t log errors in expected cases.\n Note: generate_f2fs_info() is still too noisy, but that\u0027s part of\n \"system/extras\", not vold, so this change doesn\u0027t change that.\n\n- When possible, do 32K reads/writes for f2fs and for full encryption,\n not just for ext4. This might improve performance.\n\n- Take advantage of C++ functionality.\n\n- Be more careful about edge cases. E.g. if the calculation of the\n number of blocks to encrypt was wrong, don\u0027t set vold.encrypt_progress\n to \u003e 99 until we\u0027re actually done.\n\nThe net change is over 200 lines removed.\n\nBefore-after comparison of log when enabling metadata encryption:\n\next4 before:\n I vold : Beginning inplace encryption, nr_sec: 16777216\n D vold : cryptfs_enable_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, 0)\n D vold : Opening/dev/block/by-name/userdata\n D vold : Opening/dev/block/dm-8\n I vold : Encrypting ext4 filesystem in place...\n [omitted 6387 log messages]\n I vold : Encrypted to sector 822084608\n D vold : cryptfs_enable_inplace_ext4 success\n I vold : Inplace encryption complete\n\next4 after:\n D vold : encrypt_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, false)\n D vold : ext4 filesystem has 64 block groups\n I vold : Encrypting ext4 filesystem on /dev/block/by-name/userdata in-place via /dev/block/dm-8\n I vold : 50327 blocks (206 MB) of 2097152 blocks are in-use\n D vold : Encrypted 10000 of 50327 blocks\n D vold : Encrypted 20000 of 50327 blocks\n D vold : Encrypted 30000 of 50327 blocks\n D vold : Encrypted 40000 of 50327 blocks\n D vold : Encrypted 50000 of 50327 blocks\n D vold : Encrypted 50327 of 50327 blocks\n I vold : Successfully encrypted ext4 filesystem on /dev/block/by-name/userdata\n\nf2fs before:\n I vold : Beginning inplace encryption, nr_sec: 16777216\n D vold : cryptfs_enable_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, 0)\n D vold : Opening/dev/block/by-name/userdata\n D vold : Opening/dev/block/dm-8\n E vold : Reading ext4 extent caused an exception\n D vold : cryptfs_enable_inplace_ext4()\u003d-1\n [omitted logspam from f2fs_sparseblock]\n I vold : Encrypting from block 0\n I vold : Encrypted to block 15872\n I vold : Encrypting from block 16384\n I vold : Encrypted to block 16385\n I vold : Encrypting from block 17408\n I vold : Encrypted to block 17412\n D vold : cryptfs_enable_inplace_f2fs success\n I vold : Inplace encryption complete\n\nf2fs after:\n D vold : encrypt_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, false)\n [omitted logspam from f2fs_sparseblock]\n I vold : Encrypting f2fs filesystem on /dev/block/by-name/userdata in-place via /dev/block/dm-8\n I vold : 15880 blocks (65 MB) of 2097152 blocks are in-use\n D vold : Encrypted 10000 of 15880 blocks\n D vold : Encrypted 15880 of 15880 blocks\n I vold : Successfully encrypted f2fs filesystem on /dev/block/by-name/userdata\n\nTest: Booted Cuttlefish with metadata encryption enabled and with the\n userdata filesystem using (1) ext4, (2) f2fs, and (3) f2fs but\n with EncryptInplace.cpp patched to not recognize the filesystem\n and fall back to the \"full\" encryption case. Checked that the log\n messages were as expected and that /data was mounted.\n\n I\u0027ve had no luck testing FDE yet; it doesn\u0027t work even without\n these changes. Suggestions appreciated...\n\nChange-Id: I08fc8465f7962abd698904b5466f3ed080d53953\n" }, { "commit": "c01995ea3bfe357e8e85d3fe946014f675a0683f", "tree": "21f0762ed34b339e2339329a40d329956e56bae2", "parents": [ "27f3ab89d0c98a8f23788a54a7c6d040d46c6db4" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Nov 03 14:11:00 2020 -0800" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Nov 03 14:11:00 2020 -0800" }, "message": "Remove unused support for partial encryption\n\nCommit 87999173dd79 (\"Don\u0027t corrupt ssd when encrypting and power\nfails\") added a lot of code to handle pausing in-place conversion from\nunencrypted \u003d\u003e FDE when the battery was low, and resuming it later.\n\nIt was eventually decided that this wasn\u0027t needed, and commit\n7e17e2d22678 (\"Don\u0027t worry about battery levels when encrypting\")\nremoved the checks for low battery.\n\nThis made the partial encryption code unused. So remove it.\n\nNote that this was cluttering up the metadata encryption code too, since\nEncryptInplace.cpp is now shared by both FDE and metadata encryption.\n\nBug: 16868177\nTest: see I08fc8465f7962abd698904b5466f3ed080d53953\nChange-Id: Ibd2eb08a2aa15938097abcb8a67b5a813c4d76c7\n" }, { "commit": "cb581cc8de8f5939d8fba6d333defa3cb5189c4d", "tree": "e86f5af6180cce2ca97cfd0ee01ed95c1a0c9f6e", "parents": [ "739ca2c2980014e2131bd6494fe1551f2ae8ed81", "0af25a3a9857b20f652e96660758632277062c65" ], "author": { "name": "Yo Chiang", "email": "yochiang@google.com", "time": "Mon Oct 26 05:27:36 2020 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Mon Oct 26 05:27:36 2020 +0000" }, "message": "Merge \"Add IVold::destroyDsuMetadataKey()\"" }, { "commit": "836b51bf26a6500e384d73cde379b2def3b1e07c", "tree": "81c2e88c700534bc409eb0ef03d63464ab2c3c65", "parents": [ "e9023dc7bb621e4edd5b02cdf58f98579ebcd8f7" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Oct 15 14:39:34 2020 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Oct 15 14:46:35 2020 -0700" }, "message": "MetadataCrypt: remove unnecessary retry loop\n\nAs per the discussion at http://aosp/1456266, the retry loop in\ncreate_crypto_blk_dev() doesn\u0027t appear to be needed. Remove it.\n\nFor now don\u0027t bother removing the same retry loop in cryptfs.cpp, since\nthe FDE code isn\u0027t really being updated anymore and eventually will be\nremoved entirely.\n\nChange-Id: Iba0b046f9cdd9723ea1a2ae70f4d4aed4355b97b\n" }, { "commit": "0af25a3a9857b20f652e96660758632277062c65", "tree": "28be8874eb403e5c32c6b9b1d0529f8d051ce1d8", "parents": [ "dd66de13ea0461e133070d2a09a7befdd576f427" ], "author": { "name": "Yo Chiang", "email": "yochiang@google.com", "time": "Wed Oct 07 14:20:00 2020 +0800" }, "committer": { "name": "Yo Chiang", "email": "yochiang@google.com", "time": "Tue Oct 13 16:00:43 2020 +0800" }, "message": "Add IVold::destroyDsuMetadataKey()\n\ndestroyDsuMetadataKey() / destroy_dsu_metadata_key() calls\nandroid::gsi::GetDsuMetadataKeyDir() to query the DSU metadata\nencryption key dir and destroy the key.\nThis releases the resource and allows consecutive DSU installations to\nuse the same key *directory*, but not the same key *blob*.\n\nBug: 168571434\nTest: 1. Install a DSU system.\n 2. Boot the DSU system and reboot back to the host system.\n 3. Wipe the DSU installation.\n 4. DSU metadata key dir /metadata/vold/metadata_encryption/dsu/dsu is\n destroyed.\nChange-Id: Ib851177315a5a266807f46ccfd446de1848232cf\n" }, { "commit": "e0c38eba262a9c92dc5579b11ed446e7097f16f8", "tree": "fe1a60d33500e7048d251ac96f415d2fbd5866e3", "parents": [ "dd66de13ea0461e133070d2a09a7befdd576f427" ], "author": { "name": "Martijn Coenen", "email": "maco@google.com", "time": "Mon Oct 12 13:26:52 2020 +0200" }, "committer": { "name": "Martijn Coenen", "email": "maco@google.com", "time": "Mon Oct 12 16:59:50 2020 +0200" }, "message": "Use dm.CreateDevice() with a timeout.\n\nUsing the regular CreateDevice() variant with getDmDeviceByName() has a\nrace-condition that is documented in libdm/dm.h; instead, use the\nvariant with a timeout, which guarantees that the block device exists\nwhen it returns.\n\nTest: atest AdoptableHostTest\nBug: 150935323\nChange-Id: Ic06cad9af7c44e23359d95b262f68dba27ddfb3a\n" }, { "commit": "72d07130acc866a23c505d4bb1bc8653061ab0c6", "tree": "12877fa8fb09b4b27e1a569552d856952a91b8e2", "parents": [ "213dbe30a1b0cfaa45c4a5cef141b96e6ffce3b1" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Mon Aug 10 10:55:56 2020 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Mon Aug 10 11:45:08 2020 -0700" }, "message": "vold: use __ANDROID_API_Q__ instead of pre_gki_level\n\nThe name \"pre_gki_level\" is causing some confusion because not all\ndevices launching with Android R are subject to the GKI requirement.\n(See b/161563110#comment11.) E.g., devices that use a 4.14-based kernel\nare exempt from GKI. However, the encryption requirements still apply.\n\nJust use __ANDROID_API_Q__ directly instead.\n\nNo change in behavior.\n\nChange-Id: Id02ae1140845ac1ae7cf78be4e57fe34da028abf\n" }, { "commit": "1bb7e8a9289fdcf8805aaff13a5745be13b83bac", "tree": "d2e9ed4834ec9036587b5984fbc80666ba6f879d", "parents": [ "b50480bb96dc27d9da49bd7bb51f589d0957f9df", "3fe931109c213dfe057161d8e32a4be3d3c8962c" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Thu Jun 18 21:56:10 2020 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Thu Jun 18 21:56:10 2020 +0000" }, "message": "Merge \"Don\u0027t call block checkpoint functions above dm-default-key\"" }, { "commit": "3fe931109c213dfe057161d8e32a4be3d3c8962c", "tree": "2cd7b368b5a46ba39f7e1b37f994c49e9a897934", "parents": [ "deb70854536ca7a8bddb11c95c311d3b784856aa" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Jun 12 08:12:48 2020 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Jun 12 09:13:42 2020 -0700" }, "message": "Don\u0027t call block checkpoint functions above dm-default-key\n\nBug: 156225476\nTest: Build for f2fs and ext4 device, make sure checkpoints roll back\nand commit\n\nChange-Id: Ic15fadc67d306463dd0b554f679306d8f9081451\n" }, { "commit": "7fbd8d4474aae8bda674c86c08224829ed90bf5d", "tree": "7a605841ecfd8957ae39966ca90d497b35246ffd", "parents": [ "e471d11d464735f8d979aac7f1d90d1ae9d74c72" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Mar 23 08:59:12 2020 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jun 02 11:16:55 2020 -0700" }, "message": "Record use of metadata encryption in property\n\nBug: 152150018\nTest: Cuttlefish with and without keydirectory option\nCherry-Picked-From: 94abae03a97bf67bc2cd04b6a74e07ed08bf30a0\nMerged-In: I400873ec207cb63f0407fefc83962bb3a927e294\nChange-Id: I400873ec207cb63f0407fefc83962bb3a927e294\n" }, { "commit": "28eddbd2ef55ecbc9f7eb6b40b24a4b6277917c0", "tree": "b70fc9c65a2b72d705d8809163a64acf6c0c9bce", "parents": [ "479588c68ef2328ba2cbc383cc23c319fa41b584" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Wed Apr 01 10:02:16 2020 -0600" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Apr 09 15:22:43 2020 -0600" }, "message": "Send earlyBootEnded notice to all Keymasters\n\nVold incorrectly sends the earlyBootEnded signal only to the Keymaster\ninstance used for device encryption, but all of them need it.\n\nBug: 152932559\nTest: VtsHalKeymasterV4_1TargetTest\nMerged-In: Id8f01a1dc7d2398395f369c3ea74656a82888829\nChange-Id: Id8f01a1dc7d2398395f369c3ea74656a82888829\n" }, { "commit": "f56d553babc368e557fe90513e78a5ba06626b0d", "tree": "d7c572630261aa8ab4ffaa349a43553d61072d0c", "parents": [ "10a372f1d20ea59cb73a41d423b99040c56c091b" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Sun Mar 22 08:02:06 2020 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Apr 06 08:45:32 2020 -0700" }, "message": "Choose options format using property\n\nTo make it easier to support disk formats created using old versions\nof dm-default-key with new kernels, choose the disk format to use\nbased on options_format_version and first_api_version properties\ninstead of checking the version number of the kernel module.\n\nBug: 150761030\nTest: crosshatch and cuttlefish boot normally; cuttlefish\n fails with \"default-key: Not enough arguments\" as expected when\n option is set to 1\nChange-Id: Ib51071b7c316ce074de72439741087b18335048c\n" }, { "commit": "48aa90cd6b71b65c259f50645edf25b2f7fa19b4", "tree": "d226cc63b65e73b5e20b4edd9cd6d43d07211d1e", "parents": [ "deb70854536ca7a8bddb11c95c311d3b784856aa" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Mar 02 12:57:58 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Mon Mar 02 13:52:22 2020 -0800" }, "message": "Use the blk_device supplied by vdc encryptFstab\n\nfs_mgr may put other dm devices on top of the raw disk, such as for\ncheckpointing, and it hands metadata encryption the uppermost device in\nvdc. That\u0027s what should be encrypted, not the raw disk.\n\nBug: 150354860\nTest: Treehugger\nChange-Id: I279f087b1b7aded40c5a62281154851ce970ba70\n" }, { "commit": "886e572009bd09c3f2cc59d7b0e1683d76ef303c", "tree": "41df071739359e1fa20c173b52dbc125682a1aa9", "parents": [ "312b7df62158254a89df6cbf7d1ee3b146477511" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 07 12:51:56 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Feb 18 13:01:00 2020 -0800" }, "message": "On newer devices, use dm-default-key to encrypt SD cards\n\nThe dm-crypt solution requires a kernel patch that won\u0027t be present in\nthe GKI kernel, while the new metadata encryption system in the GKI\nkernel solves this problem in a much cleaner way.\n\nTest: create private volume on Cuttlefish, setting property both ways.\nBug: 147814592\nChange-Id: Ie02bd647c38d8101af2bbc47637f65845d312cea\n" }, { "commit": "312b7df62158254a89df6cbf7d1ee3b146477511", "tree": "80de85a8b84cbfdf3332683cf8aad1ac10fde6f5", "parents": [ "249c2fb4aa970e43cde7a5e4032506c40c8e9a0e" ], "author": { "name": "Barani Muthukumaran", "email": "quic_bmuthuku@quicinc.com", "time": "Thu Feb 06 22:56:27 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Feb 18 12:51:06 2020 -0800" }, "message": "vold: Wrapped key support for metadata encryption\n\nmetadata_encryption fstab option provides details on the cipher\nand flags used for metadata encryption. wrappedkey_v0 is provided\nto dm-default-key dm device when a wrapped key is used. The\ninline encryption hardware unwraps the key and derives the\nencryption key used to encrypt metadata without returning the key\nin the clear to software.\n\nBug: 147733587\nTest: FBE with metadata encryption using wrapped keys.\nChange-Id: Ibf69bdc12bb18d2f0aef8208e65f3a8dececfd2a\n" }, { "commit": "249c2fb4aa970e43cde7a5e4032506c40c8e9a0e", "tree": "05b3775de00906a9c83b7c9a925d0d592b230d2d", "parents": [ "8e0780cba28d974bd1dc3289a8eedbbfa6a8942b" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 07 12:51:56 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Feb 18 12:49:36 2020 -0800" }, "message": "Refactor: make makeGen local\n\nNo need for KeyUtil to know how to make a KeyGeneration, it\u0027s cleaner\nif each module handles it separately. Also, create a CryptoOptions\nstructure to track metadata encryption options, and simplify legacy\ncipher/option handling.\n\nTest: Treehugger\nBug: 147814592\nChange-Id: I740063882914097329ff72348d0c0855c26c7aab\n" }, { "commit": "4eac2647277f1edf6dc69a050a51cb49f526b69e", "tree": "f3973a179d7cf718a2fe1f7434b421a9dfdf50e6", "parents": [ "7566e467ab2d604970edca9de318f3cf5642b044" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Feb 12 11:04:05 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 14 13:59:06 2020 -0800" }, "message": "Refactor key generation to handle both normal and metadata encryption.\n\nBug: 147733587\nTest: Treehugger\nChange-Id: Iee176037dec2621c84da325c2627f988fcebbc8d\nMerged-In: Iee176037dec2621c84da325c2627f988fcebbc8d\n" }, { "commit": "572c024853b8004dd771daa6a9aa7a97614a8deb", "tree": "3e83d9f3a188046ddea22a931e5fcba52ffe9596", "parents": [ "220567c33a19128b0bfa9d0136f57812ea6a13fc" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 14 01:15:35 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 14 01:15:35 2020 -0800" }, "message": "Refactor MetadataCrypt.cpp to make create_crypto_blk_dev more general\n\nBug: 147814592\nTest: Treehugger\nChange-Id: I13c6f84d729f2953f78626493d6e6d34d578a013\n" }, { "commit": "220567c33a19128b0bfa9d0136f57812ea6a13fc", "tree": "76b1720a1ed8366ccbda3176f07eb3602ce636ee", "parents": [ "a661fb659b4f94218ca4fe8909d0906749023b34" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 07 12:45:20 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Feb 14 00:48:27 2020 -0800" }, "message": "Generalize CryptoType infrastructure\n\nMore consistency between MetadataCrypt and cryptfs, and steps towards\nsupporting Adiantum properly in MetadataCrypt.\n\nTest: create private volume on Cuttlefish\nBug: 147814592\nChange-Id: Ic3993c1fde11b4f5a9e6cc8ee588a7d92241c6ab\n" }, { "commit": "3dfb094cb26cf37e14b3bbf81e31248b913b3e41", "tree": "60c22742e4653106e93c886e2aa003c3ae0cb0c2", "parents": [ "68b9fb10ae1bf1491c8dc6d854be900e62ebc090" ], "author": { "name": "Barani Muthukumaran", "email": "quic_bmuthuku@quicinc.com", "time": "Mon Feb 03 13:06:45 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Feb 12 14:26:26 2020 -0800" }, "message": "vold: Support Storage keys for FBE\n\nTo prevent keys from being compromised if an attacker\nacquires read access to kernel memory, some inline\nencryption hardware supports protecting the keys in\nhardware without software having access to or the\nability to set the plaintext keys. Instead, software\nonly sees \"wrapped keys\", which may differ on every boot.\n\n\u0027wrappedkey_v0\u0027 fileencryption flag is used to denote\nthat the device supports inline encryption hardware that\nsupports this feature. On such devices keymaster is used\nto generate keys with STORAGE_KEY tag and export a\nper-boot ephemerally wrapped storage key to install it in\nthe kernel.\n\nThe wrapped key framework in the linux kernel ensures the\nwrapped key is provided to the inline encryption hardware\nwhere it is unwrapped and the file contents key is derived\nto encrypt contents without revealing the plaintext key in\nthe clear.\n\nTest: FBE validation with Fscrypt v2 + inline crypt + wrapped\nkey changes kernel.\n\nBug: 147733587\n\nChange-Id: I1f0de61b56534ec1df9baef075acb74bacd00758\n" }, { "commit": "2b1ff5aaab693483dc1064137e46214baf3b00a7", "tree": "b7f9f823c2cc26112ea2a26bfe8d877b3fe676a8", "parents": [ "35f0f22c9b8cb9d8672c9cc5226c9037d621da7f" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Jan 16 14:08:36 2020 -0700" }, "committer": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Tue Feb 11 15:51:04 2020 -0700" }, "message": "Have vold inform keymaster that early boot ended\n\nJust before mounting partition(s) not verified by verified boot, vold\nshould notify keymaster that early boot has ended so it won\u0027t allow\nEARLY_BOOT_ONLY keys to be created or used.\n\nTest: VtsHalKeymasterV4_1TargetTest\nChange-Id: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3\nMerged-In: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3\n" }, { "commit": "84e84c5f33b2a9fc5ff361b17d23dabfd97ce2a8", "tree": "deb9ff50461c22c8300e639cef19fab6ef7f0b01", "parents": [ "92a14b6b1666e5d1313c66a451e51007c38c9a02" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed Jan 29 16:09:19 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 30 17:20:27 2020 -0800" }, "message": "Set metadata cipher in fstab\n\nBug: 147814592\nTest: Cuttlefish can use adiantum\nChange-Id: I6805ae4acff4dd1ff7cecff9153dbf29e0274165\n" }, { "commit": "92a14b6b1666e5d1313c66a451e51007c38c9a02", "tree": "302e4b94ed301e62ba9a383c9e83f29ef0e8e1c2", "parents": [ "c9b92f0c1771e397fcd3d81fe19f822f63fa3217" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jan 28 10:37:39 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 30 17:20:27 2020 -0800" }, "message": "Add support for v2 of dm-default-key\n\nVersion 2 of dm-default-key has an extra parameter and always sets the\nDUN.\n\nBug: 147814592\nTest: Cuttlefish boots with keydirectory flag\nTest: Crosshatch formatted before this change boots after it\nChange-Id: I59081e385324d2e34a5f252286a97938d6ffb79b\n" }, { "commit": "c9b92f0c1771e397fcd3d81fe19f822f63fa3217", "tree": "1fdf4343f5a5a121bdce283e891211c79a2dacad", "parents": [ "fda79ddd82427f8ea848a097fb3176edb1de62a1" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 30 15:26:15 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 30 16:02:37 2020 -0800" }, "message": "Rename key_dir to metadata_key_dir and refactor\n\nBug: 147814592\nTest: Crosshatch boots\nChange-Id: I9fce0ea5da9c81c2e4e9cf97b75c1cba821adf9e\n" }, { "commit": "77df7f207dcef1f967695fca2e131097abebe28c", "tree": "489bac5ff46816eed4adf17b11cf61044b96166c", "parents": [ "432ca5af06a540f627a3b82c870b9ec099f309b7" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jan 23 15:29:30 2020 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jan 28 11:17:58 2020 -0800" }, "message": "Refactor to use EncryptionPolicy everywhere we used to use raw_ref\n\nTest: Boots, no bad log messages: Cuttlefish with v2 policies, Taimen\nBug: 147733587\nChange-Id: Ice4acac3236b6b7d90e60a2f57b46814aa1949f5\n" }, { "commit": "f850e6e5648a8dad7678730d5f5c1710f410f827", "tree": "1a6c03725114905a18091b9e9413fbcb1432f150", "parents": [ "6bdfb77d8b6e448f6c4b9c8eda648aeba32238d5" ], "author": { "name": "Nikita Ioffe", "email": "ioffe@google.com", "time": "Mon Dec 09 21:19:11 2019 +0000" }, "committer": { "name": "Nikita Ioffe", "email": "ioffe@google.com", "time": "Mon Dec 09 21:19:11 2019 +0000" }, "message": "Allow fscrypt_mount_metadata_encrypted to be called more than once\n\nIn case of userspace reboot, this function will be called again to\nremount userdata into checkpoint mode.\n\nTest: adb shell setprop sys.init.userdata_remount.force_umount_f2fs 1\nTest: adb shell /system/bin/vdc checkpoint startCheckpoint 1\nTest: adb reboot userspace\nTest: adb shell dumpsys activity\nBug: 135984674\nBug: 143970043\nChange-Id: I300b1960a6c4e95b13c43d806c4f3a9e4a612ac4\n" }, { "commit": "4b140d397f8283021f9be96cf07691179c4128e6", "tree": "3dcb634e3895279cea8c1784fe37f3039f2a3608", "parents": [ "5bcfb5bf45c570e6c956bf9243fa38efae5c538f" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Wed Aug 07 15:22:57 2019 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Wed Aug 14 10:00:09 2019 -0700" }, "message": "Fix ext4/metadata/udc issue\n\nTest: Cannot test since no device supports this combo\nBug: 137924328\nChange-Id: I451c90e0826ede71876f3e4f260e7083f3ab3fdb\n" }, { "commit": "236e5e800e18a0c1720ec1044a74c2700107c60c", "tree": "311f14a8aed9ca5ab9be6351875f895ada2c122f", "parents": [ "2ebb5c5b9679a8ce96927aac55d621884834d173" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Tue Jun 25 14:44:33 2019 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Wed Jun 26 15:19:24 2019 -0700" }, "message": "Make ext4 userdata checkpoints work with metadata encryption\n\nWhen both ext4 user data checkpoints and metadata encryption are\nenabled, we are creating two stacked dm devices. This had not been\nproperly thought through or debugged.\n\nTest: Enable metadata encryption on taimen (add\nkeydirectory\u003d/metadata/vold/metadata_encryption to flags for userdata in\nfstab.hardware)\n Unfortunately metadata is not wiped by fastboot -w, so it is\n necessary to rm metadata/vold -rf whenever you wipe data.\n fastboot flashall -w works\n fastboot reboot -w works\n A normal boot works\n Disable checkpoint commits with\n setprop persist.vold.dont_commit_checkpoint 1\n vdc checkpoint startCheckpoint 10\n adb reboot\n wait for device to fully boot then\n adb reboot\n Wait for device to fully boot then\n adb logcat -d | grep Checkpoint shows the rollback in the logs\n\n This tests encryption on top of checkpoints with commit, encryption\n without checkpoints, and rollback, which seems to be the key cases.\n\nBug: 135905679\nChange-Id: I8365a40298b752af4bb10d00d9ff58ce04beab1f\n" }, { "commit": "b92247368ae8456f0ada2c14b358500b642561e0", "tree": "bc800cd569320b3d582522b24faef70f552142c6", "parents": [ "19e74b3d1fb033a4dda3e55e04239c6feb10863e" ], "author": { "name": "David Anderson", "email": "dvander@google.com", "time": "Mon May 13 13:02:54 2019 -0700" }, "committer": { "name": "David Anderson", "email": "dvander@google.com", "time": "Mon May 13 13:07:12 2019 -0700" }, "message": "Replace manual dm ioctls with libdm.\n\nThis mostly 1:1 replaces manual ioctls to device-mapper with calls to\nlibdm. There were two exceptions:\n\n(1) There is a very old table-load-retry loop to workaround issues with\n umount (b/7220345). This loop has been preserved, however, it now\n includes DM_DEV_CREATE as well as DM_TABLE_LOAD.\n(2) There was some ancient code to set DM_DEV_GEOMETRY for obb\n dm-devices. This never did anything since geometry must be set after\n loading a table. When setting it before (as vold was doing), the\n subsequent DM_TABLE_LOAD will clear it.\n\nBug: 132206403\nTest: FBE device boots\n FBE device w/ metadata encryption boots\n FDE device boots\n atest StorageManagerIntegrationTest\nChange-Id: Ib6db6b47329f093ac7084edaf604eddace8b9ac6\n" }, { "commit": "4c5bde2b9258ccd8a023acfaf47d66758d88f828", "tree": "95ecfd4a22ebdc45993b7632175a4ddfc3ce82ac", "parents": [ "eb00112e09551e1957e9e119c58005992dee720b" ], "author": { "name": "Tom Cherry", "email": "tomcherry@google.com", "time": "Tue Jan 29 14:34:01 2019 -0800" }, "committer": { "name": "Tom Cherry", "email": "tomcherry@google.com", "time": "Thu Jan 31 12:34:39 2019 -0800" }, "message": "Move over to the C++ Fstab class\n\nTest: build and boot\nChange-Id: Id3850c9c133f6644073a2439368501253a2a94a9\n" }, { "commit": "7f3ab95b8d9184114277104c29bbbd2064fe5bc5", "tree": "970aaa7f5876295b13d89623d3265eda1655a359", "parents": [ "f028d279ae5d610b99007d0c9790a3bd8f27c94f" ], "author": { "name": "LongPing Wei", "email": "weilongping@huawei.com", "time": "Wed Jan 30 16:03:14 2019 +0800" }, "committer": { "name": "LongPing Wei", "email": "weilongping@huawei.com", "time": "Wed Jan 30 16:28:02 2019 +0800" }, "message": "Remove secontext.h, secontext.cpp, hash.h\n\ncryptfs.cpp and MetadataCrypt.cpp can use android::vold::sFsckContext directly.\nhash.h is unuseful.\n\nTest: make\nChange-Id: I7acdac97d6ed1c9b2a5dc367fcea8aa2942192e8\n" }, { "commit": "8ae16db72a259c604eded3532b37f629724a13a9", "tree": "e186646052441a232c128caad9335bd7fab11f78", "parents": [ "ef9abab5ee25c700c0f8e865a64d565b40e6d7ff" ], "author": { "name": "Greg Kaiser", "email": "gkaiser@google.com", "time": "Tue Dec 18 11:10:31 2018 -0800" }, "committer": { "name": "Greg Kaiser", "email": "gkaiser@google.com", "time": "Thu Dec 20 10:38:31 2018 -0800" }, "message": "vold: Pass std::string by const reference\n\nIn a couple places, we change to pass a std::string argument\ninstead of by copy.\n\nTest: TreeHugger\nChange-Id: Ib179299a2322fcbab4e6d192051218823ad66a36\n" }, { "commit": "690d6de5bf6ccec3aa6be456dd8e2ca3c18527b6", "tree": "0df3e05b19b13885208f6460dbcd56ad78a7bdc8", "parents": [ "ffa1bb03707cb03a07ebba4970c1d8a5a70e9542" ], "author": { "name": "Daniel Rosenberg", "email": "drosen@google.com", "time": "Fri Dec 14 01:08:10 2018 -0800" }, "committer": { "name": "Daniel Rosenberg", "email": "drosen@google.com", "time": "Fri Dec 14 14:55:28 2018 -0800" }, "message": "Add Support for metadata key with rollback\n\nThis adds the ability to upgrade a key and retain the\nold one for rollback purposes. We delete the old key\nif we boot successfully and delete the new key if we\ndo not.\n\nTest: Enable checkpointing and test rolling back\n between two versions\nBug: 111020314\n\nChange-Id: I19f31a1ac06a811c0644fc956e61b5ca84e7241a\n" }, { "commit": "a701c458ca6d36604f417f55e95c63493d1545d7", "tree": "5ba25fccd5eeb6a0b467142e4623d88a4072f952", "parents": [ "0016efbc446910650cc041194621cc8f9ba04151" ], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Tue Oct 23 13:06:55 2018 -0700" }, "committer": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Thu Oct 25 17:12:32 2018 -0700" }, "message": "vold: rename from \"ext4 encryption\" to fscrypt\n\nWe support file-based encryption on both ext4 and f2fs now, and the\nkernel API is the same. So rename things appropriately in vold:\n\n e4crypt \u003d\u003e fscrypt\n ext4enc \u003d\u003e fscrypt\n Ext4Crypt \u003d\u003e FsCrypt\n EXT4_* \u003d\u003e FS_*\n ext4_encryption_key \u003d\u003e fscrypt_key\n\nAdditionally, the common functions shared by \u0027vold\u0027 and \u0027init\u0027 are now\nin libfscrypt rather than ext4_utils. So update vold to link to\nlibfscrypt and include the renamed headers.\n\nNote: there\u0027s a chance of \u0027fscrypt\u0027 being confused with the dm-crypt\nbased encryption code in vold which is called \u0027cryptfs\u0027. However,\nfscrypt is the name used in the kernel for ext4/f2fs/ubifs encryption,\nand it\u0027s preferable to use the same name in userspace.\n\nTest: built, booted device with f2fs encryption\nChange-Id: I2a46a49f30d9c0b73d6f6fe09e4a4904d4138ff6\n" }, { "commit": "a3381ffc3f7e9159a49d07116a52c8827f05a79e", "tree": "387ae6abec7907cba43bddfe5e9836cd0a234dde", "parents": [ "a2a227e3826712c8388fcac7fb607a26bf22ccb6", "65f99c9e8bd3a546a5dd2f3f4bad1585afbf0dc8" ], "author": { "name": "Treehugger Robot", "email": "treehugger-gerrit@google.com", "time": "Tue Sep 25 21:52:19 2018 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Tue Sep 25 21:52:19 2018 +0000" }, "message": "Merge \"Add support for checkpointing\"" }, { "commit": "625dc787c629cd04e30328a9b1cf4a8e7d6210bc", "tree": "04c9c6fea77cf09ac6e441391a703787c1a63c85", "parents": [ "15b9656ae9acfbed4af62b8cecba30c35cd514a8" ], "author": { "name": "Oleksiy Avramchenko", "email": "oleksiy.avramchenko@sony.com", "time": "Wed May 23 10:50:46 2018 +0200" }, "committer": { "name": "John Eckerdal", "email": "john.eckerdal@sony.com", "time": "Mon Sep 24 14:25:24 2018 +0200" }, "message": "Add GetBlockDevSize, GetBlockDevSectors helpers\n\nHelpers to get a block device size in bytes or 512 byte sectors,\nusing BLKGETSIZE64 and returning value of uint64_t type.\n\nThis also removes get_blkdev_size().\n\nTest: build, manual, mount exFAT volume\nBug: 80202067\nChange-Id: Ib07e8ac6ef7ff49de0ed570d1fa202e8b558b80c\n" }, { "commit": "65f99c9e8bd3a546a5dd2f3f4bad1585afbf0dc8", "tree": "d2cc8c8f1e1e4e3bbbbd8667c16f4aafee347fcb", "parents": [ "15b9656ae9acfbed4af62b8cecba30c35cd514a8" ], "author": { "name": "Daniel Rosenberg", "email": "drosen@google.com", "time": "Tue Aug 28 01:58:49 2018 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Sep 21 21:54:11 2018 +0000" }, "message": "Add support for checkpointing\n\nCheckpointing uses a combination of files on the meta partition\nand the checkpoint\u003d fs_mgr flag. Checkpointed partitions will\nrevert to their starting state on reboot unless checkpoint commit\nis called.\n\nTest: Run vdc commands, check file on metadata\nMerged-In: Icba16578608a6cbf922472e9d4ae5b8cf5f016c6\nChange-Id: Icba16578608a6cbf922472e9d4ae5b8cf5f016c6\n" }, { "commit": "14c8c0765a2968f8605c58f27dc68dcc3b6b0807", "tree": "7c7981c54cadbcb3689996815d5b89f8b4159922", "parents": [ "1251ef0bcfb82ff7aef2c4472620e6565d0c4ba6" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Sep 18 13:30:21 2018 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Sep 18 15:41:22 2018 -0700" }, "message": "clang-format many files.\n\nTest: Format-only changes; treehugger suffices.\nChange-Id: I23cde3f0bbcac13bef555d13514e922c79d5ad48\n" }, { "commit": "98a23a19d123a4714c30f8892bc971ef84b59214", "tree": "20fd9318cf7249973af65999db5d9b8f72d53792", "parents": [ "8f82879901968d9793705eb1d06c9b32607ced13" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Wed May 09 13:01:16 2018 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu May 10 15:19:15 2018 -0700" }, "message": "Fix spurious error\n\nBug: 79542247\nTest: error no longer appears\nChange-Id: I2cf91c8cd937b81041a47e4b64a882445a80eb0b\n" }, { "commit": "0fd2626fc3457e4013a9949190c45aa5fb00c5d3", "tree": "fadf3aed43f4fecb94ca1fc48cceebbe5b5eba8d", "parents": [ "772cc85d712dd36e1a328bf6d2518103e1763f07" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Jan 30 09:48:19 2018 -0800" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Feb 01 10:08:17 2018 -0800" }, "message": "Add a mount with metadata encryption service\n\nDon\u0027t use the FDE flow to support metadata encryption; just provide a\nvold service which directly mounts the volume and use that.\n\nBug: 63927601\nTest: Boot Taimen to SUW with and without metadata encryption.\nChange-Id: Ifc6a012c02c0ea66893020ed1d0da4cba6914aed\n" }, { "commit": "e2ee152e4641a6d59ab702ac2a7bd41be57089e1", "tree": "f0030cece4f84aed048dce8b1e2bf8563861a6c6", "parents": [ "77823360b457902869f041fa9128c06c15691c45" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Sep 26 14:05:26 2017 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Tue Sep 26 14:21:10 2017 -0700" }, "message": "Refactor of use of fstab in advance of fix.\n\nTest: Ensure device still boots.\nBug: 65737446\nChange-Id: Ie466db9f5d8c77656cc525c0d49fe6a3cce154f1\n" }, { "commit": "e2e2d308df2da26838de32852318bc2cb690d052", "tree": "6637d5b5af5d3dc50fe68edc6dc0525f3ea92983", "parents": [ "53deec14b8418abbc1a6f30ff89629710437279f" ], "author": { "name": "Pavel Grafov", "email": "pgrafov@google.com", "time": "Tue Aug 01 17:15:53 2017 +0100" }, "committer": { "name": "Pavel Grafov", "email": "pgrafov@google.com", "time": "Thu Aug 10 17:31:03 2017 +0100" }, "message": "Zero memory used for encryuption keys.\n\nstd::vector with custom zeroing allocator is used instead of\nstd::string for data that can contain encryption keys.\n\nBug: 64201177\nTest: manually created a managed profile, changed it\u0027s credentials\nTest: manually upgraded a phone with profile from O to MR1.\nChange-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd\n" }, { "commit": "e4c93da49297f70c8f0fc11fbc5c21efeedc5e98", "tree": "bac676058cb07bab053c856b08e79a8527c64e3c", "parents": [ "9a64a4e3650710f66bab0504086052df600e373a" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Jun 16 09:21:18 2017 -0700" }, "committer": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Fri Jun 16 16:14:03 2017 -0700" }, "message": "Abolish AutoCloseFD.h in favour of unique_fd\n\nAndroid has a standard way to do what AutoCloseFD.h does, so use that\ninstead. Refactor before work on the bug.\n\nBug: 36029169\nTest: Deleted a user and checked that secdiscard logs looked good.\nChange-Id: I5d8bedfb3fa1f032fd2bced88b1b561e4a8c2ff4\n" }, { "commit": "5b6c6a2c4a37d927ebc283a66d1ec94e29d54874", "tree": "b9da24c0e732172c0454c8b261855bb8bd9494f8", "parents": [ "3963b2364561a7d732995d5b8fec42097f548caa" ], "author": { "name": "Guang Zhu", "email": "guangzhu@google.com", "time": "Fri Apr 28 23:56:45 2017 +0000" }, "committer": { "name": "Guang Zhu", "email": "guangzhu@google.com", "time": "Fri Apr 28 23:58:39 2017 +0000" }, "message": "Revert \"Enable metadata encryption\"\n\nBug: 37792477\n\nThis reverts commit 3963b2364561a7d732995d5b8fec42097f548caa.\n\nChange-Id: I3b6bf5a9a4c3899aabe2c824d8498a06981daed8\n" }, { "commit": "3963b2364561a7d732995d5b8fec42097f548caa", "tree": "924fb009af2d68b4a7609241a133dbdae0550016", "parents": [ "d5759811ffe0eef50612dbd32166a08f0b32cfdc" ], "author": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Tue Apr 25 09:26:56 2017 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Apr 28 16:44:23 2017 +0000" }, "message": "Enable metadata encryption\n\nBug: 26778031\nTest: Boots, reboots, sector 0 of userdata encrypted\n Make sure an FDE device, both default and password protected,\n boots.\n Make sure an FBE device without metadata encryption boots.\nChange-Id: Ic44a32ce7e9b978e9c9e2dc112b26206741c838d\n" }, { "commit": "d5759811ffe0eef50612dbd32166a08f0b32cfdc", "tree": "b9da24c0e732172c0454c8b261855bb8bd9494f8", "parents": [ "f71ace310eec3e39f0efefd51f62c9ccf4180f48" ], "author": { "name": "Paul Crowley", "email": "paulcrowley@google.com", "time": "Thu Jun 02 11:04:27 2016 -0700" }, "committer": { "name": "Paul Lawrence", "email": "paullawrence@google.com", "time": "Fri Apr 21 13:40:20 2017 -0700" }, "message": "Add support for metadata encryption\n\nSupport encrypting metadata in /userdata using the dm-default-key\ndriver with a key in the /metadata partition.\n\nBug: 29189559\nTest: Angler \u0026 Marlin build and boot\nChange-Id: I716b117508d4bb4f6a4039293acb848cbc60f67b\n" } ] }