diff options
author | Shivaprasad Hongal <shongal@codeaurora.org> | 2018-08-30 14:20:44 -0700 |
---|---|---|
committer | Shivaprasad Hongal <shongal@codeaurora.org> | 2018-08-30 14:20:44 -0700 |
commit | 07f77ac64f3fb1bfe1bc4213f5add34b5bfb9dac (patch) | |
tree | 12591afb767536ae8ae5e4a14522d1539cbd5393 | |
parent | 7cc34529cd52b1522ed60497437851758312c066 (diff) | |
download | android_vendor_qcom_opensource_cryptfs_hw-07f77ac64f3fb1bfe1bc4213f5add34b5bfb9dac.tar.gz android_vendor_qcom_opensource_cryptfs_hw-07f77ac64f3fb1bfe1bc4213f5add34b5bfb9dac.tar.bz2 android_vendor_qcom_opensource_cryptfs_hw-07f77ac64f3fb1bfe1bc4213f5add34b5bfb9dac.zip |
cryptfs_hw: Add a workaround for metadata encryption
Add a workaround for is_ice_enabled to return 0 if the metadata
partition is present to support metadata encryption.
This is because HW FDE is a compile time flag and would go on to
encrypt the whole disk even for metadata encryption if this does
not return 0. Hence, checking for metadata partition.
Change-Id: I0b08aaf4fbe5b15acb3e8963e16e75b9ad515d09
Signed-off-by: Shivaprasad Hongal <shongal@codeaurora.org>
-rw-r--r-- | cryptfs_hw.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/cryptfs_hw.c b/cryptfs_hw.c index 65618df..ebf9381 100644 --- a/cryptfs_hw.c +++ b/cryptfs_hw.c @@ -68,6 +68,8 @@ #define CRYPTFS_HW_ALGO_MODE_AES_XTS 0x3 +#define METADATA_PARTITION_NAME "/dev/block/bootdevice/by-name/metadata" + enum cryptfs_hw_key_management_usage_type { CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION = 0x01, CRYPTFS_HW_KM_USAGE_FILE_ENCRYPTION = 0x02, @@ -363,6 +365,18 @@ int is_ice_enabled(void) int storage_type = 0; int fd; + /* + * Since HW FDE is a compile time flag (due to QSSI requirements), + * this API conflicts with Metadata encryption even when ICE is + * enabled, as it encrypts the whole disk instead. Adding this + * workaround to return 0 if metadata partition is present. + */ + + if (access(METADATA_PARTITION_NAME, F_OK) == 0) { + SLOGI("Metadata partition, returning false"); + return 0; + } + if (property_get("ro.boot.bootdevice", prop_storage, "")) { if (strstr(prop_storage, "ufs")) { /* All UFS based devices has ICE in it. So we dont need |