| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Change-Id: Iba69c6feb976cab2e466d30241f899540eff4b51
|
|
|
|
|
|
|
| |
Add strnlen() instead of strlen() to fix the buffer overflow
while processing the password.
Change-Id: I5996bb62980741b7463c8829a43524e79abc4f19
|
|
|
|
|
|
|
| |
Add support for is_hw_fde_enabled routine to get the fde
status based on the chipset.
Change-Id: I7e0e078da6668e347a78de487da44ddc331bd478
|
|
|
|
|
|
|
|
| |
As the partition names are changing from branch to branch, device
FDE key is not wrapped with Hw keymaster which is less secure.
So removing the partition name related checks to avoid failures.
Change-Id: If181b093122479ca57ff6846b10d6aa2fb3eaa0c
|
|
|
|
|
|
|
|
|
| |
While verifying or updating passwords, those are copied into temp
variables which are freed after use. These variables should be
cleaned up before freeing so that passwords are not left in memory
if someone dumps the memory.
Change-Id: I94f76f679bac18a682c796fe98236549e8f5e1aa
|
|
|
|
|
|
|
|
|
| |
Replace the sys.listener.registered with sys.keymaster.loaded
because the keymaster loading is the final operation done by
the qseecomd and key operations should wait till the qseecomd
initialization completes.
Change-Id: I78a2a6941058f8ec6197ef88b324f6178f7ae2fb
|
|
|
|
|
|
|
|
|
|
|
| |
Sometime it is possible that KMS APIs are invoked and QSEECom
listeners are not up. This would cause failure from secure side
and KMS API will fail eventually. This change waits for QSEECom
listeners to be up before calling KMS APIs. If QSEECom listeners
are not up even after wait period, API would fail without going
to secure side.
Change-Id: I211248645f92fc0fcfe6f250cb1f26661f5fb06c
|
|
|
|
|
|
|
|
|
| |
HW FDE keys would be tied to keymaster so that if someone changes
Root of Trust (ROT), encrypted data can't be used. Cryptfs_hw module
is exposing a new API so that caller can determine whether to create
dependency between HW FDE keys and keymaster.
Change-Id: I85c85ffd9086f6c060032e4ae701b10363d88529
|
|
|
|
|
|
|
| |
Update cryptfs_hw API signatures as per the vold project
requests to avoid compilation errors.
Change-Id: I1c2133f3cee395892e7fa160afc6314059ba0bcb
|
|
|
|
| |
Change-Id: I7f64400bfa33dcb87d2c6260b8a055d0262f7511
|
|
|
|
|
|
|
| |
Update cryptfs_hw APIs to take old password along with the new
passowrd.
Change-Id: Ieca5c4bac36ba4bb2371d2f3bbe0cadf79e256d7
|
|
|
|
|
|
| |
Add support for wipe_key routine to clean key.
Change-Id: I9e258e1506d0634c4fc5b5142475005f6eb51c4e
|
|
|
|
|
|
|
|
|
| |
ICE (Inline Crypto Engine) encrypts/decrypts storage IO requests to
minimize degradation in storage IO throughput. ICE has been added to
eMMC based storage hardware as well. Adding required support for eMMC
based ICE.
Change-Id: I7986d95ccabca9d6d029653c804608e7d78ad9ef
|
|
|
|
|
|
|
|
| |
ICE requires keys to be set in key LUT. Changing APIs so that it
return the key index in key LUT. It also needs to take care if
ICE is available on the chip.
Change-Id: I22be18738ba33e5b5c61639c24b320484d0ad7f2
|
|
|
|
|
|
| |
open system call is added with NOFOLLOW flag
Change-Id: I402643635e3ee11b3ac5df63c3b71a9fd6f0d2db
|
|
|
|
|
|
|
| |
64 bit platform generates library at a different path compared to
32 bit platform.Added macros to take care of both kind of platforms.
Change-Id: Ie32b8edaeb9f8f34095c7f18c4add83fe957d82a
|
|
|
|
|
|
|
|
| |
qseecom_create_key which is a function pointer is used after
dereferencing it. Also fixed the issue where userdata may not be
wiped after certain number of attemps.
Change-Id: I4d14366e33c09da64f89000a16b7eef7d981cfda
|
|
|
|
|
|
|
| |
All vendors developed libraries must be in vendor folder on
device. Using appropriate directive to accomplish the objective.
Change-Id: I4ed413b799c0b66a86321f799713068776fa538a
|
|
SW based device encryption uses SW crypto engine. This module
provides the support for VOLD to utilize HW crypto engine. HW
based crypto engine is more efficient both in terms of power
and throughput.
Change-Id: I34107a0ce50d9fc5c80c15ace0678a0bba7adee5
|