summaryrefslogtreecommitdiffstats
path: root/crypto/ext4crypt (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ext4crypt: change to upgrade key if export failsPeter Cai2019-09-013-9/+27
| | | | | | | | | Add support to upgrade key when export fails with KEY_REQUIRES_UPGRADE. Ported from https://source.codeaurora.org/quic/la/platform/system/vold/commit/?h=LA.UM.7.9.r1-06100-sm6150.0&id=85c46eaacc60290db5e71380d89eb4d99ed67995 Change-Id: Ic64be8ade00c0b0d014370ecc9341b1ecc9b0d7a
* ext4crypt: support wrappedkey for FBEPeter Cai2019-09-018-6/+163
| | | | | | | | | | | | | | | | | Qualcomm devices use a special `wrappedkey` mode for FBE. This is ported from CAF https://source.codeaurora.org/quic/la/platform/system/vold/commit/?h=LA.UM.7.8.r4-01000-SDM710.0&id=9229262d893a8592f7bc1b4e8a8dab7aad8df68c, originally by folks at Mokee for vold https://mokeedev.review/c/MoKee/android_system_vold/+/34102. This patch ports the above changes to `ext4crypt`, which we can use in recovery. Note that since we do not have `fs_mgr` in the recovery, we cannot read the `wrappedkey` flag from fstab. Instead, similar to `fbe.contents`, we use a special property `fbe.data.wrappedkey` to indicate support for wrappedkey mode. Devices that need to use this should set this property to `true` to activate corresponding code. Change-Id: I79c2855d577156670b45c10c7c7b1fcd9fece8d9
* Merge "ext4crypt: support synthetic keys v3 on May update" into android-9.0big biff2019-06-253-13/+55
|\
| * ext4crypt: support synthetic keys v3 on May updatePeter Cai2019-05-243-13/+55
| | | | | | | | | | | | | | | | | | | | | | | | Re-implemented SP800Derive in C++, which is added as the new key derivation function in Android 9.0 May update. From file services/core/java/com/android/server/locksettings/SP800Derive.java in frameworks/base. This is required to get TWRP working on any Android device that has a screen lock set up after the May update. Change-Id: I5c1a51b110033f2b0b75d5e36fd8098c05e95179
* | Switch between dependencies and modulesEthan Yonker2019-05-241-1/+5
|/ | | | | | | Use LOCAL_REQUIRED_MODULES for Pie and up and LOCAL_ADDITIONAL_DEPENDENCIES for Oreo and down. Change-Id: I5365e782f98f3bbf4bf246be22c8f573824b65ee
* ext4crypt: add missing cflagcodeworkx2019-04-231-1/+5
| | | | | | | Avoid calling e4crypt_prepare_user_storage with wrong input parameters. Change-Id: I5c8945370cb642e46f08c65090c0290c15fe0b57 libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 632 (recovery), pid 564 (recovery)
* Update FDE decrypt to pie from CAFEthan Yonker2019-03-204-9/+40
| | | | | | | | cryptfs.cpp based on CAF tag LA.UM.7.3.r1-05900-sdm845.0 Used CAF because AOSP no longer contains code for qcom's hardware crypto. Change-Id: I921cbe9bed70989f91449e23b5ac3ec1037b7b97
* Add metadata decrypt support for FBEEthan Yonker2019-01-175-5/+301
| | | | Change-Id: Ie0292f4ffea5993a4ae74fa04fc5c8252ca2cfcf
* Decrypt FBE on 9.0 (backwards compatible)Ethan Yonker2018-08-3118-45/+2610
| | | | | | | | | | Building in 9.0 may require you to add a flag to your twrp fstab with the fileencryption details like: fileencryption=ice:aes-256-heh Verify this against your device's stock fstab of course. Change-Id: If9286f5d5787280814daca9fbc8f5191ff26a839
* Merge AOSP android-9.0.0_r3Ethan Yonker2018-08-242-5/+8
| | | | | | Fix conflicts and make it build in 5.1, 6.0, 7.1, 8.1, and 9.0 Change-Id: Ida0a64c29ff27d339b7f42a18d820930964ac6e4
* Merge "ext4crypt: keymaster: fix missing include" into android-8.1big biff2018-03-241-0/+1
|\
| * ext4crypt: keymaster: fix missing includecodeworkx2017-12-261-0/+1
| | | | | | | | Change-Id: I9a6c5a1384bed7f0169d9af94ff8cb22913ff8e4
* | FBE: Decrypt spblob v2 (February security patch)Ethan Yonker2018-03-091-165/+319
| | | | | | | | Change-Id: Iad82fa5d90ce7f3e4b1cf5cd5c6d6fef644f6762
* | Add spblob decrypt for secdis method (Pixel 1 non-weaver)Ethan Yonker2018-01-044-64/+326
|/ | | | | | | | | | | | | | | | | | | | | | | | Support decrypting Pixel 1 devices using secdis method with the gatekeeper instead of weaver. Add a bit of a dirty workaround to a permissions issue that the keystore presents because the keystore checks the uid of the calling process and refuses to let the root user add authorization tokens. We write the auth token to a file and start a separate service that runs under the system user. The service reads the token from the file and adds it to the keystore. You must define this service in your init.recovery.{hardware}.rc file: service keystore_auth /sbin/keystore_auth disabled oneshot user system group root seclabel u:r:recovery:s0 TWRP will run this service when needed. Change-Id: I0ff48d3355f03dc0be8e75cddb8b484bdef98772
* Better compatibility across 8.0.0 treesEthan Yonker2017-11-291-4/+11
| | | | Change-Id: Ic8200da4e99826736e002a1ab5f9e5f967e84193
* FBE for Pixel 2Ethan Yonker2017-11-2815-47/+2154
| | | | | | | | | | | | Includes various minor fixes for building in Android 8 trees with r23+ tag Update FBE extended header in libtar to version 2 and include the entire ext4_encryption_policy structure now after translating the policy. See this post for more details: https://plus.google.com/u/1/+DeesTroy/posts/i33ygUi7tiu Change-Id: I2af981e51f459b17fcd895fb8c2d3f6c8200e24b
* DO NOT MERGE Android 8.0 stuffEthan Yonker2017-08-251-1/+1
| | | | Change-Id: I8c8a9734adbf36c33463123844fa6e078934ae34
* Support backup/restore of FBE policiesEthan Yonker2016-12-137-5/+348
| | | | Change-Id: Iba8ef20f57b0fb57bb9406c53148a806441d0b59
* Support File Based EncryptionEthan Yonker2016-12-1316-0/+2114
Change-Id: Ib688ddd0c32d3999590cacd86b6d9b18eac336e9
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 16:54:12 +0200