From 3222dc0d76ca0f19795df2aad417dec2293b7242 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Mon, 7 Aug 2017 18:47:27 -0400 Subject: update_verifier: Support androidboot.veritymode being empty or 'disabled'. Bootloaders using libavb will set androidboot.veritymode=disabled if the "disable dm-verity" flag has been set. Additionally if the "disable verification" flag is set androidboot.veritymode will not be set at all. Handle both cases. Without this fix we'll end up in a bootloop. Test: Manually tested on a device using AVB. (cherry-picked from commit 1a0929cc8aac532dba00b3c98cea22715719a421) Bug: 64404283 Change-Id: I3adf93f8dfd528fe9b869a63afa775f5730a3f69 --- update_verifier/update_verifier.cpp | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp index d3a5185b8..48242a5d0 100644 --- a/update_verifier/update_verifier.cpp +++ b/update_verifier/update_verifier.cpp @@ -239,23 +239,36 @@ int update_verifier(int argc, char** argv) { // The current slot has not booted successfully. #if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE) + bool skip_verification = false; std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", ""); if (verity_mode.empty()) { + // With AVB it's possible to disable verification entirely and + // in this case ro.boot.veritymode is empty. +#if defined(BOARD_AVB_ENABLE) + LOG(WARNING) << "verification has been disabled; marking without verification."; + skip_verification = true; +#else LOG(ERROR) << "Failed to get dm-verity mode."; return reboot_device(); +#endif } else if (android::base::EqualsIgnoreCase(verity_mode, "eio")) { // We shouldn't see verity in EIO mode if the current slot hasn't booted successfully before. // Continue the verification until we fail to read some blocks. LOG(WARNING) << "Found dm-verity in EIO mode."; + } else if (android::base::EqualsIgnoreCase(verity_mode, "disabled")) { + LOG(WARNING) << "dm-verity in disabled mode; marking without verification."; + skip_verification = true; } else if (verity_mode != "enforcing") { LOG(ERROR) << "Unexpected dm-verity mode : " << verity_mode << ", expecting enforcing."; return reboot_device(); } - static constexpr auto CARE_MAP_FILE = "/data/ota_package/care_map.txt"; - if (!verify_image(CARE_MAP_FILE)) { - LOG(ERROR) << "Failed to verify all blocks in care map file."; - return reboot_device(); + if (!skip_verification) { + static constexpr auto CARE_MAP_FILE = "/data/ota_package/care_map.txt"; + if (!verify_image(CARE_MAP_FILE)) { + LOG(ERROR) << "Failed to verify all blocks in care map file."; + return reboot_device(); + } } #else LOG(WARNING) << "dm-verity not enabled; marking without verification."; -- cgit v1.2.3 From 3e2345e1fe12e980484266d99d22f6b66c8ded4d Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Wed, 9 Aug 2017 16:33:07 -0700 Subject: tests: Add the missing dependency on libhidlbase. It fails to build recovery_component_test with the following errors: out/soong/.intermediates/hardware/interfaces/boot/1.0/android.hardware.boot@1.0_genc++_headers/gen/android/hardware/boot/1.0/types.h:14: error: undefined reference to 'android::hardware::hidl_string::hidl_string(android::hardware::hidl_string const&)' out/soong/.intermediates/hardware/interfaces/boot/1.0/android.hardware.boot@1.0_genc++_headers/gen/android/hardware/boot/1.0/types.h:14: error: undefined reference to 'android::hardware::hidl_string::operator=(android::hardware::hidl_string const&)' out/soong/.intermediates/hardware/interfaces/boot/1.0/android.hardware.boot@1.0_genc++_headers/gen/android/hardware/boot/1.0/types.h:14: error: undefined reference to 'android::hardware::hidl_string::~hidl_string()' libupdate_verifier includes , which includes the 'types.h' above. In 'types.h', it defines struct CommandResult that's using android::hardware::hidl_string. Since libhidlbase doesn't have a static library target, remove 'LOCAL_FORCE_STATIC_EXECUTABLE := true', which isn't required for running tests. Test: mmma -j bootable/recovery Bug: 64538692 Change-Id: Iaa7c08adc241128d787274fcaea9b363e7ff93f4 (cherry picked from commit 102016ce1fe62190ace7016f2e7484b37f6391ea) --- tests/Android.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/Android.mk b/tests/Android.mk index 8b1dc1099..f2497b8b3 100644 --- a/tests/Android.mk +++ b/tests/Android.mk @@ -111,7 +111,8 @@ LOCAL_SRC_FILES := \ component/update_verifier_test.cpp \ component/verifier_test.cpp -LOCAL_FORCE_STATIC_EXECUTABLE := true +LOCAL_SHARED_LIBRARIES := \ + libhidlbase tune2fs_static_libraries := \ libext2_com_err \ -- cgit v1.2.3 From 5226f4715d6c961311249552f7e41d68ae2e80e6 Mon Sep 17 00:00:00 2001 From: Wei Wang Date: Wed, 2 Aug 2017 10:27:31 -0700 Subject: update_verifier: verify blocks in parallel This CL is to change update_verifier to verify blocks in parallel to maximize storage bandwidth, it also preallocate the buffer to avoid vector allocation within reading loop. Test: care_map.txt: system 16,0,517,556,32770,33084,98306,98620,163842,164156,229378,229692,294914,295228,483544,524288,524296 vendor 8,0,119,135,32770,32831,96150,98304,98306 With CL: init: Service 'update_verifier_nonencrypted' (pid 711) exited with status 0 waiting took 2.978424 seconds Without CL: init: Service 'update_verifier_nonencrypted' (pid 695) exited with status 0 waiting took 4.466320 seconds Bug: 63686531 Test: reboot with manual insert care_map.txt Change-Id: Idf791865f15f6ff6cad89bf7ff230ee46c6adccc (cherry picked from commit bd9664b5a01c8941949212973ca12be4df1b5d54) --- update_verifier/update_verifier.cpp | 82 +++++++++++++++++++++++-------------- 1 file changed, 51 insertions(+), 31 deletions(-) diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp index 4c3cc46cf..faebbede0 100644 --- a/update_verifier/update_verifier.cpp +++ b/update_verifier/update_verifier.cpp @@ -45,6 +45,7 @@ #include #include +#include #include #include @@ -123,11 +124,6 @@ static bool read_blocks(const std::string& partition, const std::string& range_s LOG(ERROR) << "Failed to find dm block device for " << partition; return false; } - android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(dm_block_device.c_str(), O_RDONLY))); - if (fd.get() == -1) { - PLOG(ERROR) << "Error reading " << dm_block_device << " for partition " << partition; - return false; - } // For block range string, first integer 'count' equals 2 * total number of valid ranges, // followed by 'count' number comma separated integers. Every two integers reprensent a @@ -142,37 +138,61 @@ static bool read_blocks(const std::string& partition, const std::string& range_s return false; } - size_t blk_count = 0; - for (size_t i = 1; i < ranges.size(); i += 2) { - unsigned int range_start, range_end; - bool parse_status = android::base::ParseUint(ranges[i], &range_start); - parse_status = parse_status && android::base::ParseUint(ranges[i + 1], &range_end); - if (!parse_status || range_start >= range_end) { - LOG(ERROR) << "Invalid range pair " << ranges[i] << ", " << ranges[i + 1]; - return false; - } - - static constexpr size_t BLOCKSIZE = 4096; - if (lseek64(fd.get(), static_cast(range_start) * BLOCKSIZE, SEEK_SET) == -1) { - PLOG(ERROR) << "lseek to " << range_start << " failed"; - return false; - } + std::vector> threads; + size_t thread_num = std::thread::hardware_concurrency() ?: 4; + thread_num = std::min(thread_num, range_count / 2); + size_t group_range_count = range_count / thread_num; - size_t remain = (range_end - range_start) * BLOCKSIZE; - while (remain > 0) { - size_t to_read = std::min(remain, 1024 * BLOCKSIZE); - std::vector buf(to_read); - if (!android::base::ReadFully(fd.get(), buf.data(), to_read)) { - PLOG(ERROR) << "Failed to read blocks " << range_start << " to " << range_end; + for (size_t t = 0; t < thread_num; t++) { + auto thread_func = [t, group_range_count, &dm_block_device, &ranges, &partition]() { + size_t blk_count = 0; + static constexpr size_t kBlockSize = 4096; + std::vector buf(1024 * kBlockSize); + android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(dm_block_device.c_str(), O_RDONLY))); + if (fd.get() == -1) { + PLOG(ERROR) << "Error reading " << dm_block_device << " for partition " << partition; return false; } - remain -= to_read; - } - blk_count += (range_end - range_start); + + for (size_t i = 1 + group_range_count * t; i < group_range_count * (t + 1) + 1; i += 2) { + unsigned int range_start, range_end; + bool parse_status = android::base::ParseUint(ranges[i], &range_start); + parse_status = parse_status && android::base::ParseUint(ranges[i + 1], &range_end); + if (!parse_status || range_start >= range_end) { + LOG(ERROR) << "Invalid range pair " << ranges[i] << ", " << ranges[i + 1]; + return false; + } + + if (lseek64(fd.get(), static_cast(range_start) * kBlockSize, SEEK_SET) == -1) { + PLOG(ERROR) << "lseek to " << range_start << " failed"; + return false; + } + + size_t remain = (range_end - range_start) * kBlockSize; + while (remain > 0) { + size_t to_read = std::min(remain, 1024 * kBlockSize); + if (!android::base::ReadFully(fd.get(), buf.data(), to_read)) { + PLOG(ERROR) << "Failed to read blocks " << range_start << " to " << range_end; + return false; + } + remain -= to_read; + } + blk_count += (range_end - range_start); + } + LOG(INFO) << "Finished reading " << blk_count << " blocks on " << dm_block_device; + return true; + }; + + threads.emplace_back(std::async(std::launch::async, thread_func)); } - LOG(INFO) << "Finished reading " << blk_count << " blocks on " << dm_block_device; - return true; + bool ret = true; + for (auto& t : threads) { + ret = t.get() && ret; + } + LOG(INFO) << "Finished reading blocks on " << dm_block_device << " with " << thread_num + << " threads."; + return ret; } // Returns true to indicate a passing verification (or the error should be ignored); Otherwise -- cgit v1.2.3 From 616256e7398db7432822dde42d0f4e343961f934 Mon Sep 17 00:00:00 2001 From: Bill Yi Date: Sat, 12 Aug 2017 06:53:13 -0700 Subject: Import translations. DO NOT MERGE Change-Id: I99a2cf060c75a70b3baf3c22d538fbfa08828474 Auto-generated-cl: translation import Exempt-From-Owner-Approval: translation import --- tools/recovery_l10n/res/values-az/strings.xml | 9 --------- tools/recovery_l10n/res/values-b+sr+Latn/strings.xml | 9 --------- tools/recovery_l10n/res/values-be/strings.xml | 9 --------- tools/recovery_l10n/res/values-bs/strings.xml | 9 --------- tools/recovery_l10n/res/values-en-rAU/strings.xml | 9 --------- tools/recovery_l10n/res/values-gu/strings.xml | 9 --------- tools/recovery_l10n/res/values-kk/strings.xml | 9 --------- tools/recovery_l10n/res/values-kn/strings.xml | 9 --------- tools/recovery_l10n/res/values-mr/strings.xml | 4 ++-- tools/recovery_l10n/res/values-pa/strings.xml | 9 --------- tools/recovery_l10n/res/values-pt-rBR/strings.xml | 9 --------- tools/recovery_l10n/res/values-sq/strings.xml | 9 --------- tools/recovery_l10n/res/values-te/strings.xml | 9 --------- tools/recovery_l10n/res/values-ur/strings.xml | 9 --------- tools/recovery_l10n/res/values-uz/strings.xml | 9 --------- 15 files changed, 2 insertions(+), 128 deletions(-) delete mode 100644 tools/recovery_l10n/res/values-az/strings.xml delete mode 100644 tools/recovery_l10n/res/values-b+sr+Latn/strings.xml delete mode 100644 tools/recovery_l10n/res/values-be/strings.xml delete mode 100644 tools/recovery_l10n/res/values-bs/strings.xml delete mode 100644 tools/recovery_l10n/res/values-en-rAU/strings.xml delete mode 100644 tools/recovery_l10n/res/values-gu/strings.xml delete mode 100644 tools/recovery_l10n/res/values-kk/strings.xml delete mode 100644 tools/recovery_l10n/res/values-kn/strings.xml delete mode 100644 tools/recovery_l10n/res/values-pa/strings.xml delete mode 100644 tools/recovery_l10n/res/values-pt-rBR/strings.xml delete mode 100644 tools/recovery_l10n/res/values-sq/strings.xml delete mode 100644 tools/recovery_l10n/res/values-te/strings.xml delete mode 100644 tools/recovery_l10n/res/values-ur/strings.xml delete mode 100644 tools/recovery_l10n/res/values-uz/strings.xml diff --git a/tools/recovery_l10n/res/values-az/strings.xml b/tools/recovery_l10n/res/values-az/strings.xml deleted file mode 100644 index c6765a9ea..000000000 --- a/tools/recovery_l10n/res/values-az/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "Sistem güncəlləməsi quraşdırılır..." - "Silinir" - "Əmr yoxdur" - "Xəta!" - "Təhlükəsizlik güncəlləməsi yüklənir" - diff --git a/tools/recovery_l10n/res/values-b+sr+Latn/strings.xml b/tools/recovery_l10n/res/values-b+sr+Latn/strings.xml deleted file mode 100644 index c2d8f2239..000000000 --- a/tools/recovery_l10n/res/values-b+sr+Latn/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "Ažuriranje sistema se instalira" - "Briše se" - "Nema komande" - "Greška!" - "Instalira se bezbednosno ažuriranje" - diff --git a/tools/recovery_l10n/res/values-be/strings.xml b/tools/recovery_l10n/res/values-be/strings.xml deleted file mode 100644 index 7c0954d31..000000000 --- a/tools/recovery_l10n/res/values-be/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "Усталёўка абнаўлення сістэмы" - "Сціранне" - "Няма каманды" - "Памылка" - "Усталёўка абнаўлення сістэмы бяспекі" - diff --git a/tools/recovery_l10n/res/values-bs/strings.xml b/tools/recovery_l10n/res/values-bs/strings.xml deleted file mode 100644 index 412cf0276..000000000 --- a/tools/recovery_l10n/res/values-bs/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "Ažuriranje sistema…" - "Brisanje u toku" - "Nema komande" - "Greška!" - "Instaliranje sigurnosnog ažuriranja…" - diff --git a/tools/recovery_l10n/res/values-en-rAU/strings.xml b/tools/recovery_l10n/res/values-en-rAU/strings.xml deleted file mode 100644 index dc75c2374..000000000 --- a/tools/recovery_l10n/res/values-en-rAU/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "Installing system update" - "Erasing" - "No command" - "Error!" - "Installing security update" - diff --git a/tools/recovery_l10n/res/values-gu/strings.xml b/tools/recovery_l10n/res/values-gu/strings.xml deleted file mode 100644 index 2355a0f4f..000000000 --- a/tools/recovery_l10n/res/values-gu/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "સિસ્ટમ અપડેટ ઇન્સ્ટૉલ કરી રહ્યાં છે" - "કાઢી નાખી રહ્યું છે" - "કોઈ આદેશ નથી" - "ભૂલ!" - "સુરક્ષા અપડેટ ઇન્સ્ટૉલ કરી રહ્યાં છે" - diff --git a/tools/recovery_l10n/res/values-kk/strings.xml b/tools/recovery_l10n/res/values-kk/strings.xml deleted file mode 100644 index a4bd86e66..000000000 --- a/tools/recovery_l10n/res/values-kk/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "Жүйе жаңартуы орнатылуда" - "Өшірілуде" - "Пәрмен жоқ" - "Қате!" - "Қауіпсіздік жаңартуы орнатылуда" - diff --git a/tools/recovery_l10n/res/values-kn/strings.xml b/tools/recovery_l10n/res/values-kn/strings.xml deleted file mode 100644 index 5bf6260ee..000000000 --- a/tools/recovery_l10n/res/values-kn/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "ಸಿಸ್ಟಂ ಅಪ್‌ಡೇಟ್‌ ಸ್ಥಾಪಿಸಲಾಗುತ್ತಿದೆ" - "ಅಳಿಸಲಾಗುತ್ತಿದೆ" - "ಯಾವುದೇ ಆದೇಶವಿಲ್ಲ" - "ದೋಷ!" - "ಭದ್ರತೆಯ ಅಪ್‌ಡೇಟ್‌ ಸ್ಥಾಪಿಸಲಾಗುತ್ತಿದೆ" - diff --git a/tools/recovery_l10n/res/values-mr/strings.xml b/tools/recovery_l10n/res/values-mr/strings.xml index 8cf86f773..017a515c0 100644 --- a/tools/recovery_l10n/res/values-mr/strings.xml +++ b/tools/recovery_l10n/res/values-mr/strings.xml @@ -1,9 +1,9 @@ - "सिस्टम अद्यतन स्थापित करीत आहे" + "सिस्टम अपडेट इंस्टॉल करत आहे" "मिटवत आहे" "कोणताही आदेश नाही" "त्रुटी!" - "सुरक्षा अद्यतन स्थापित करीत आहे" + "सुरक्षा अपडेट इंस्टॉल करत आहे" diff --git a/tools/recovery_l10n/res/values-pa/strings.xml b/tools/recovery_l10n/res/values-pa/strings.xml deleted file mode 100644 index 8564c9c36..000000000 --- a/tools/recovery_l10n/res/values-pa/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "ਸਿਸਟਮ ਅੱਪਡੇਟ ਸਥਾਪਤ ਕੀਤੀ ਜਾ ਰਹੀ ਹੈ" - "ਮਿਟਾਈ ਜਾ ਰਹੀ ਹੈ" - "ਕੋਈ ਕਮਾਂਡ ਨਹੀਂ" - "ਅਸ਼ੁੱਧੀ!" - "ਸੁਰੱਖਿਆ ਅੱਪਡੇਟ ਸਥਾਪਤ ਕੀਤੀ ਜਾ ਰਹੀ ਹੈ" - diff --git a/tools/recovery_l10n/res/values-pt-rBR/strings.xml b/tools/recovery_l10n/res/values-pt-rBR/strings.xml deleted file mode 100644 index b72704385..000000000 --- a/tools/recovery_l10n/res/values-pt-rBR/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "Instalando atualização do sistema" - "Apagando" - "Nenhum comando" - "Erro!" - "Instalando atualização de segurança" - diff --git a/tools/recovery_l10n/res/values-sq/strings.xml b/tools/recovery_l10n/res/values-sq/strings.xml deleted file mode 100644 index 1156931fb..000000000 --- a/tools/recovery_l10n/res/values-sq/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "Po instalon përditësimin e sistemit" - "Po spastron" - "Nuk ka komanda" - "Gabim!" - "Po instalon përditësimin e sigurisë" - diff --git a/tools/recovery_l10n/res/values-te/strings.xml b/tools/recovery_l10n/res/values-te/strings.xml deleted file mode 100644 index cfb02c915..000000000 --- a/tools/recovery_l10n/res/values-te/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "సిస్టమ్ నవీకరణను ఇన్‍స్టాల్ చేస్తోంది" - "డేటాను తొలగిస్తోంది" - "ఆదేశం లేదు" - "లోపం సంభవించింది!" - "భద్రతా నవీకరణను ఇన్‌స్టాల్ చేస్తోంది" - diff --git a/tools/recovery_l10n/res/values-ur/strings.xml b/tools/recovery_l10n/res/values-ur/strings.xml deleted file mode 100644 index 12e32fbc1..000000000 --- a/tools/recovery_l10n/res/values-ur/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "سسٹم اپ ڈیٹ انسٹال ہو رہی ہے" - "صاف ہو رہا ہے" - "کوئی کمانڈ نہیں ہے" - "خرابی!" - "سیکیورٹی اپ ڈیٹ انسٹال ہو رہی ہے" - diff --git a/tools/recovery_l10n/res/values-uz/strings.xml b/tools/recovery_l10n/res/values-uz/strings.xml deleted file mode 100644 index 2c309d646..000000000 --- a/tools/recovery_l10n/res/values-uz/strings.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - "Tizim yangilanishi o‘rnatilmoqda" - "Tozalanmoqda…" - "Buyruq yo‘q" - "Xato!" - "Xavfsizlik yangilanishi o‘rnatilmoqda" - -- cgit v1.2.3