Generate a separate fstab file for FIPS mode

Add a file "fstab.gs201-fips" alongside the existing "fstab.gs201" in order to specify different encryption settings in FIPS mode. "androidboot.fstab_suffix=gs201-fips" on the kernel command line will be used to select the FIPS fstab when needed. As the two fstabs should be otherwise identical, generate them from a template file so that they will stay in sync. Note that generating the fstabs requires that they be installed as build system modules rather than via PRODUCT_COPY_FILES, which results in the vendor_ramdisk copy of the fstabs being installed to system/etc rather than /. This shouldn't cause any problem, now that Android has been updated to look for the fstab in this location too. (cherry-pick from device/google/gs101) Test: Boot to home screen with/without fips mode Bug: 202417706 Signed-off-by: Konstantin Vyshetsky <vkon@google.com> Change-Id: I8fdc1c9a91399816fa2d4c53f282d63e988ce7d5
author: Konstantin Vyshetsky <vkon@google.com> 2021-10-07 14:27:38 -0700
committer: TreeHugger Robot <treehugger-gerrit@google.com> 2021-11-11 05:04:50 +0000
commit: 067512ec32b105fb41b8a8878b17082d53203fd6 (patch)
tree: 78086ed381c7f2fff5cdd517d805682d54f41153 /conf/fstab.gs201.in
parent: 11475b1588120ac8c36af302d7bb2ada8f4c6df6 (diff)
download: gs201-067512ec32b105fb41b8a8878b17082d53203fd6.tar.gz
1 files changed, 23 insertions, 0 deletions
diff --git a/conf/fstab.gs201.in b/conf/fstab.gs201.in
new file mode 100644
index 0000000..9edf95b
--- /dev/null
+++ b/conf/fstab.gs201.in
@@ -0,0 +1,23 @@
+# Android fstab file.
+#
+# The filesystem that contains the filesystem checker binary (typically /system) cannot
+# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
+#
+#<src>                                                   <mnt_point>                 <type>  <mnt_flags and options>  <fs_mgr_flags>
+system                                                   /system                     ext4    ro,barrier=1             wait,slotselect,avb=vbmeta_system,logical,first_stage_mount,readahead_size_kb=128
+system_ext                                               /system_ext                 ext4    ro,barrier=1             wait,slotselect,avb=vbmeta_system,logical,first_stage_mount
+product                                                  /product                    ext4    ro,barrier=1             wait,slotselect,avb=vbmeta_system,logical,first_stage_mount
+vendor                                                   /vendor                     ext4    ro,barrier=1             wait,slotselect,avb=vbmeta_vendor,logical,first_stage_mount
+vendor_dlkm                                              /vendor_dlkm                ext4    ro,barrier=1             wait,slotselect,avb=vbmeta,logical,first_stage_mount
+/dev/block/platform/14700000.ufs/by-name/boot            /boot                       emmc    defaults                 slotselect,avb=boot,first_stage_mount
+/dev/block/platform/14700000.ufs/by-name/efs             /mnt/vendor/efs             f2fs    noatime,sync             wait,check,formattable
+/dev/block/platform/14700000.ufs/by-name/efs_backup      /mnt/vendor/efs_backup      f2fs    noatime,sync             wait,check,formattable
+/dev/block/platform/14700000.ufs/by-name/modem_userdata  /mnt/vendor/modem_userdata  f2fs    noatime,sync             wait,check,formattable
+/dev/block/platform/14700000.ufs/by-name/modem           /mnt/vendor/modem_img       ext4    ro,defaults,context=u:object_r:modem_img_file:s0,barrier=1    wait,slotselect
+/dev/block/platform/14700000.ufs/by-name/misc            /misc                       emmc    defaults                 wait
+/dev/block/platform/14700000.ufs/by-name/metadata        /metadata                   f2fs    noatime,nosuid,nodev,sync  wait,check,formattable,first_stage_mount
+#/dev/block/platform/14700000.ufs/by-name/pvmfw           /pvmfw                      emmc    defaults                 wait,slotselect,avb=pvmfw,first_stage_mount
+/dev/block/platform/14700000.ufs/by-name/userdata        /data                       f2fs    noatime,nosuid,nodev,discard,reserve_root=32768,resgid=1065,fsync_mode=nobarrier,inlinecrypt,compress_extension=apk,compress_extension=apex,compress_extension=so,compress_extension=vdex,compress_extension=odex,atgc,checkpoint_merge    latemount,wait,check,quota,formattable,sysfs_path=/dev/sys/block/bootdevice,checkpoint=fs,reservedsize=128M,fileencryption=@fileencryption@,metadata_encryption=@metadata_encryption@,keydirectory=/metadata/vold/metadata_encryption,fscompress,readahead_size_kb=128
+/dev/block/platform/14700000.ufs/by-name/vbmeta          /vbmeta                     emmc    defaults                 slotselect,first_stage_mount
+/dev/block/zram0                                         none                        swap    defaults                 zramsize=2147483648,max_comp_streams=8,zram_backingdev_size=512M
+/devices/platform/11210000.usb*                          auto                        vfat    defaults                 voldmanaged=usb:auto
author	Konstantin Vyshetsky <vkon@google.com>	2021-10-07 14:27:38 -0700
committer	TreeHugger Robot <treehugger-gerrit@google.com>	2021-11-11 05:04:50 +0000
commit	067512ec32b105fb41b8a8878b17082d53203fd6 (patch)
tree	78086ed381c7f2fff5cdd517d805682d54f41153 /conf/fstab.gs201.in
parent	11475b1588120ac8c36af302d7bb2ada8f4c6df6 (diff)
download	gs201-067512ec32b105fb41b8a8878b17082d53203fd6.tar.gz