summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorandroid-build-team Robot <android-build-team-robot@google.com>2017-08-13 09:34:31 +0200
committerandroid-build-team Robot <android-build-team-robot@google.com>2017-08-13 09:34:31 +0200
commit52f0e206e2da41ece5159e6a21bba876430b6dc2 (patch)
tree66a7aacf3860945b828db046d57f4aed567547aa
parentrelease-request-7f84484c-eec6-4577-8d5a-55079be4f3c5-for-git_oc-mr1-release-4262309 snap-temp-L02100000091441105 (diff)
parentupdate_verifier: Support androidboot.veritymode being empty or 'disabled'. (diff)
downloadandroid_bootable_recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.tar
android_bootable_recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.tar.gz
android_bootable_recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.tar.bz2
android_bootable_recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.tar.lz
android_bootable_recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.tar.xz
android_bootable_recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.tar.zst
android_bootable_recovery-52f0e206e2da41ece5159e6a21bba876430b6dc2.zip
Diffstat
-rw-r--r--update_verifier/update_verifier.cpp21
1 files changed, 17 insertions, 4 deletions
diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp
index ceb3ec948..faebbede0 100644
--- a/update_verifier/update_verifier.cpp
+++ b/update_verifier/update_verifier.cpp
@@ -272,23 +272,36 @@ int update_verifier(int argc, char** argv) {
// The current slot has not booted successfully.
#if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE)
+ bool skip_verification = false;
std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", "");
if (verity_mode.empty()) {
+ // With AVB it's possible to disable verification entirely and
+ // in this case ro.boot.veritymode is empty.
+#if defined(BOARD_AVB_ENABLE)
+ LOG(WARNING) << "verification has been disabled; marking without verification.";
+ skip_verification = true;
+#else
LOG(ERROR) << "Failed to get dm-verity mode.";
return reboot_device();
+#endif
} else if (android::base::EqualsIgnoreCase(verity_mode, "eio")) {
// We shouldn't see verity in EIO mode if the current slot hasn't booted successfully before.
// Continue the verification until we fail to read some blocks.
LOG(WARNING) << "Found dm-verity in EIO mode.";
+ } else if (android::base::EqualsIgnoreCase(verity_mode, "disabled")) {
+ LOG(WARNING) << "dm-verity in disabled mode; marking without verification.";
+ skip_verification = true;
} else if (verity_mode != "enforcing") {
LOG(ERROR) << "Unexpected dm-verity mode : " << verity_mode << ", expecting enforcing.";
return reboot_device();
}
- static constexpr auto CARE_MAP_FILE = "/data/ota_package/care_map.txt";
- if (!verify_image(CARE_MAP_FILE)) {
- LOG(ERROR) << "Failed to verify all blocks in care map file.";
- return reboot_device();
+ if (!skip_verification) {
+ static constexpr auto CARE_MAP_FILE = "/data/ota_package/care_map.txt";
+ if (!verify_image(CARE_MAP_FILE)) {
+ LOG(ERROR) << "Failed to verify all blocks in care map file.";
+ return reboot_device();
+ }
}
#else
LOG(WARNING) << "dm-verity not enabled; marking without verification.";
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-05 11:54:52 +0200