diff options
-rw-r--r-- | Android.mk | 4 | ||||
-rwxr-xr-x | cryptfs_hw.c | 57 | ||||
-rwxr-xr-x | cryptfs_hw.h | 1 |
3 files changed, 62 insertions, 0 deletions
@@ -22,6 +22,10 @@ LOCAL_SHARED_LIBRARIES := $(commonSharedLibraries) LOCAL_MODULE_OWNER := qcom +ifeq ($(TARGET_SWV8_DISK_ENCRYPTION),true) +LOCAL_CFLAGS += -DCONFIG_SWV8_DISK_ENCRYPTION +endif + # USE_ICE_FOR_STORAGE_ENCRYPTION would be true in future if # TARGET_USE_EMMC_USE_ICE is set ifeq ($(TARGET_USE_UFS_ICE),true) diff --git a/cryptfs_hw.c b/cryptfs_hw.c index 6695552..ff06c9f 100755 --- a/cryptfs_hw.c +++ b/cryptfs_hw.c @@ -64,6 +64,11 @@ /* Operations that be performed on HW based device encryption key */ #define SET_HW_DISK_ENC_KEY 1 #define UPDATE_HW_DISK_ENC_KEY 2 +#define MAX_DEVICE_ID_LENGTH 4 /* 4 = 3 (MAX_SOC_ID_LENGTH) + 1 */ + +static unsigned int cpu_id[] = { + 239, /* MSM8939 SOC ID */ +}; #define QSEECOM_UP_CHECK_COUNT 10 @@ -235,6 +240,58 @@ unsigned int is_hw_disk_encryption(const char* encryption_mode) return ret; } +/* + * By default HW FDE is enabled, if the execution comes to + * is_hw_fde_enabled() API then for specific device/soc id, + * HW FDE is disabled. + */ +#ifdef CONFIG_SWV8_DISK_ENCRYPTION +unsigned int is_hw_fde_enabled(void) +{ + unsigned int device_id = -1; + unsigned int array_size; + unsigned int status = 1; + FILE *fd = NULL; + unsigned int i; + int ret = -1; + char buf[MAX_DEVICE_ID_LENGTH]; + + fd = fopen("/sys/devices/soc0/soc_id", "r"); + if (fd) { + ret = fread(buf, 1, MAX_DEVICE_ID_LENGTH, fd); + fclose(fd); + } else { + fd = fopen("/sys/devices/system/soc/soc0/id", "r"); + if (fd) { + ret = fread(buf, 1, MAX_DEVICE_ID_LENGTH, fd); + fclose(fd); + } + } + + if (ret > 0) { + device_id = atoi(buf); + } else { + SLOGE("Failed to read device id"); + return status; + } + + array_size = sizeof(cpu_id) / sizeof(cpu_id[0]); + for (i = 0; i < array_size; i++) { + if (device_id == cpu_id[i]) { + status = 0; + break; + } + } + + return status; +} +#else +unsigned int is_hw_fde_enabled(void) +{ + return 1; +} +#endif + int is_ice_enabled(void) { char prop_storage[PATH_MAX]; diff --git a/cryptfs_hw.h b/cryptfs_hw.h index e857c47..9862212 100755 --- a/cryptfs_hw.h +++ b/cryptfs_hw.h @@ -37,6 +37,7 @@ int set_hw_device_encryption_key(const char*, const char*); int update_hw_device_encryption_key(const char*, const char*, const char*); int clear_hw_device_encryption_key(); unsigned int is_hw_disk_encryption(const char*); +unsigned int is_hw_fde_enabled(void); int is_ice_enabled(void); int should_use_keymaster(); |