diff options
author | John Stultz <john.stultz@linaro.org> | 2021-07-27 04:34:04 +0000 |
---|---|---|
committer | John Stultz <john.stultz@linaro.org> | 2021-07-27 04:35:44 +0000 |
commit | 03c11dfce22a389404b492ed9475adc3441774dc (patch) | |
tree | 0a47edba4a3ab2de40bb1ba2abab2b9031fbc5fe /init.common.rc | |
parent | aa4874ddc8cbf666b5c6a8d7e03fa2d237066bb6 (diff) | |
download | hikey-03c11dfce22a389404b492ed9475adc3441774dc.tar.gz |
HiKey960: Enable metadata encryption
This fully enables metadata encryption on hikey960 by following
the instructions here:
https://source.android.com/security/encryption/metadata?hl=en
Mostly just adding --early/--late mountall arguments in the
init.rc and the "latemount" and
"keydirectory=/metadata/vold/metadata_encryption" options to the
userdata fstab line.
Note: You will likely need to flash new userdata (and possibly
reflash metadata as well) after applying this. Use the flashall
script if you are having any trouble.
Test: atest vts_kernel_encryption_test
Reported-by: YongQin Liu <yongqin.liu@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: Idd57774ac21ca1535259e679fc92f127e1e710e0
Diffstat (limited to 'init.common.rc')
-rw-r--r-- | init.common.rc | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/init.common.rc b/init.common.rc index 1ae164b7..7018eeff 100644 --- a/init.common.rc +++ b/init.common.rc @@ -16,8 +16,10 @@ on init start watchdogd +on early-fs + start vold + on fs - mount_all /vendor/etc/fstab.${ro.hardware} setprop ro.crypto.fuse_sdcard false on post-fs |