diff options
| author | John Stultz <john.stultz@linaro.org> | 2021-07-27 04:34:04 +0000 |
|---|---|---|
| committer | John Stultz <john.stultz@linaro.org> | 2021-07-27 04:35:44 +0000 |
| commit | 03c11dfce22a389404b492ed9475adc3441774dc (patch) | |
| tree | 0a47edba4a3ab2de40bb1ba2abab2b9031fbc5fe | |
| parent | aa4874ddc8cbf666b5c6a8d7e03fa2d237066bb6 (diff) | |
| download | hikey-03c11dfce22a389404b492ed9475adc3441774dc.tar.gz | |
HiKey960: Enable metadata encryption
This fully enables metadata encryption on hikey960 by following
the instructions here:
https://source.android.com/security/encryption/metadata?hl=en
Mostly just adding --early/--late mountall arguments in the
init.rc and the "latemount" and
"keydirectory=/metadata/vold/metadata_encryption" options to the
userdata fstab line.
Note: You will likely need to flash new userdata (and possibly
reflash metadata as well) after applying this. Use the flashall
script if you are having any trouble.
Test: atest vts_kernel_encryption_test
Reported-by: YongQin Liu <yongqin.liu@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: Idd57774ac21ca1535259e679fc92f127e1e710e0
| -rw-r--r-- | hikey/init.hikey.rc | 3 | ||||
| -rw-r--r-- | hikey960/fstab.hikey960 | 2 | ||||
| -rw-r--r-- | hikey960/init.hikey960.rc | 6 | ||||
| -rw-r--r-- | init.common.rc | 4 |
4 files changed, 13 insertions, 2 deletions
diff --git a/hikey/init.hikey.rc b/hikey/init.hikey.rc index 8046f91f..6ea3b3b3 100644 --- a/hikey/init.hikey.rc +++ b/hikey/init.hikey.rc @@ -1,5 +1,8 @@ import init.common.rc +on fs + mount_all /vendor/etc/fstab.${ro.hardware} + on post-fs # Set supported opengles version setprop ro.hardware.hwcomposer drm_hikey diff --git a/hikey960/fstab.hikey960 b/hikey960/fstab.hikey960 index 58913231..09356a7a 100644 --- a/hikey960/fstab.hikey960 +++ b/hikey960/fstab.hikey960 @@ -6,7 +6,7 @@ #/dev/block/platform/soc/ff3b0000.ufs/by-name/system_a /system ext4 ro wait #/dev/block/platform/soc/ff3b0000.ufs/by-name/cache /cache ext4 discard,noauto_da_alloc,data=ordered,user_xattr,barrier=1 wait #/dev/block/platform/soc/ff3b0000.ufs/by-name/userdata /data ext4 discard,noauto_da_alloc,data=ordered,user_xattr,barrier=1 wait -/dev/block/by-name/userdata /data ext4 discard,noatime,nosuid,nodev,noauto_da_alloc,data=ordered,user_xattr,barrier=1,inlinecrypt wait,formattable,fileencryption=aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized,quota +/dev/block/by-name/userdata /data ext4 discard,noatime,nosuid,nodev,noauto_da_alloc,data=ordered,user_xattr,barrier=1,inlinecrypt latemount,wait,formattable,fileencryption=aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized,keydirectory=/metadata/vold/metadata_encryption,quota /dev/block/by-name/cache /metadata ext4 noatime,nosuid,nodev,discard wait,formattable,first_stage_mount,check /devices/platform/soc/ff37f000.dwmmc1/mmc_host/mmc* auto auto defaults voldmanaged=sdcard1:auto,encryptable=userdata /devices/platform/soc/ff200000.hisi_usb/ff100000.dwc3/xhci-hcd.*.auto/usb* auto auto defaults voldmanaged=usbdisk:auto,encryptable=userdata diff --git a/hikey960/init.hikey960.rc b/hikey960/init.hikey960.rc index b7671340..92c1385e 100644 --- a/hikey960/init.hikey960.rc +++ b/hikey960/init.hikey960.rc @@ -1,6 +1,12 @@ import init.common.rc +on fs + mount_all /vendor/etc/fstab.${ro.hardware} --early + on post-fs # Set supported opengles version setprop ro.hardware.hwcomposer drm_hikey960 +on late-fs + mount_all /vendor/etc/fstab.${ro.hardware} --late + diff --git a/init.common.rc b/init.common.rc index 1ae164b7..7018eeff 100644 --- a/init.common.rc +++ b/init.common.rc @@ -16,8 +16,10 @@ on init start watchdogd +on early-fs + start vold + on fs - mount_all /vendor/etc/fstab.${ro.hardware} setprop ro.crypto.fuse_sdcard false on post-fs |