diff options
-rw-r--r-- | cryptfs_hw.c | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/cryptfs_hw.c b/cryptfs_hw.c index 57a65d0..482e28b 100644 --- a/cryptfs_hw.c +++ b/cryptfs_hw.c @@ -79,6 +79,8 @@ static int (*qseecom_wipe_key)(int); #define CRYPTFS_HW_ALGO_MODE_AES_XTS 0x3 +#define METADATA_PARTITION_NAME "/dev/block/bootdevice/by-name/metadata" + enum cryptfs_hw_key_management_usage_type { CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION = 0x01, CRYPTFS_HW_KM_USAGE_FILE_ENCRYPTION = 0x02, @@ -434,6 +436,18 @@ int is_ice_enabled(void) char prop_storage[PATH_MAX]; int storage_type = 0; + /* + * Since HW FDE is a compile time flag (due to QSSI requirements), + * this API conflicts with Metadata encryption even when ICE is + * enabled, as it encrypts the whole disk instead. Adding this + * workaround to return 0 if metadata partition is present. + */ + + if (access(METADATA_PARTITION_NAME, F_OK) == 0) { + SLOGI("Metadata partition, returning false"); + return 0; + } + if (property_get("ro.boot.bootdevice", prop_storage, "")) { if (strstr(prop_storage, "ufs")) { /* All UFS based devices has ICE in it. So we dont need @@ -453,7 +467,6 @@ int clear_hw_device_encryption_key() return cryptfs_hw_wipe_key(map_usage(CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION)); } -#ifdef LEGACY_HW_DISK_ENCRYPTION static int get_keymaster_version() { int rc = -1; @@ -466,25 +479,29 @@ static int get_keymaster_version() return mod->module_api_version; } -#endif int should_use_keymaster() { + int rc = 1; #ifdef LEGACY_HW_DISK_ENCRYPTION /* * HW FDE key should be tied to keymaster only if * new Keymaster is available */ - int rc = 0; if (get_keymaster_version() != KEYMASTER_MODULE_API_VERSION_1_0) { SLOGI("Keymaster version is not 1.0"); - return rc; + rc = 0; } #else /* * HW FDE key should be tied to keymaster + * if version is above 0.3. this is to + * support msm8909 go target. */ + if (get_keymaster_version() == KEYMASTER_MODULE_API_VERSION_0_3) { + SLOGI("Keymaster version is 0.3"); + rc = 0; + } #endif - - return 1; + return rc; } |