| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
* LOG_TAG should be defined before including log.h
vendor/qcom/opensource/cryptfs_hw/cryptfs_hw.c:45:9: warning: 'LOG_TAG'
macro redefined [-Wmacro-redefined]
^
system/core/liblog/include/log/log.h:51:9: note: previous definition is
here
Change-Id: Id6fdf6f1582360514de9140bd42feaa698527557
|
|
|
|
| |
Change-Id: Iba69c6feb976cab2e466d30241f899540eff4b51
|
|
|
|
|
|
| |
This reverts commit 3054ec0a85887d6a4aa3630b502183e9875ce9c9.
Change-Id: Ia8f40158e08675f2a0229ea78d13df066b2668b5
|
|
|
|
| |
Change-Id: I9f0934d22d9e2001e61e3906af958d7300a8c0e4
|
|
|
|
|
|
| |
* Match keymaster change to support older blobs
Change-Id: I2d45fe60e0f4bf076d064d6c432740af0b3c840c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Restore compatibility for pre-O way of hw crypto
interaction with qsee as the new way is not
compatible with old blobs.
* Old blobs and current OSS keymaster still use the
old property to check if qseecomd is loaded.
* This conditionally reverts:
cryptfs_hw: Add new APIs for key management
84ac4882d6feeceb24e983a4eaba1d148c2ba3e6
cryptfs_hw: Use HW keymaster for FDE keys
a5d3a02eb13362490222ac2a7eefde6543546e31
cryptfs_hw: Wait for qseecom daemon to start FDE operation
b01c6ec9373bee3e9d71d2300ebce7c287c3d687
Change-Id: I9a5db406c16c3610237a1b85fbfab5c0d63e4960
|
|
|
|
|
|
|
|
|
| |
FDE operation requires listener services. Qseecom daemon
should be up and running to ensure all listeners are
registered and running.
Change-Id: I45637fe25a4ccc9a9ae4939449d310b9a7313e10
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
|
|
|
|
|
|
|
| |
Use hardware keymsater for hardware FDE keys to increase the
key complexity to avoid attacks.
Change-Id: If4c1b84796b2f01331a3ef3f93c3a7af8af00f29
|
|
|
|
|
|
|
| |
Fix compilation error for qseecom.h which encountered while
creating the clean build.
Change-Id: I1271866d453f0f3d60bfc23ac12819b1cd0cabea
|
|
|
|
|
|
|
| |
Add new APIs for create, wipe and update keys, which is
required for HW based Full Disk Encryption.
Change-Id: I483ce1a734db7b7cbfb2a06fe74baf559cfb51fb
|
|
|
|
|
|
|
|
|
|
|
| |
After reaching the maximum number of retires with wrong password,
userdata is erased based on the info written on /cache partition.
As per the latest changes of A/B, cache partition is not present
which leads to failure of userdata wipe before reboot. This patch
removes reboot from cryptfs_hw layer if max entries reached, as
frameworks take care of userdata wipe.
Change-Id: If97f2f7452beb004f44d7d41d1d76def23fe2720
|
|
|
|
|
|
|
| |
Add liblog to cryptfs_hw to compile the adb log message related
functions to enable logging.
Change-Id: Ibc6b8617431cae687d964d1ab56ac25e1b1b96f2
|
|
|
|
|
|
|
| |
Add strnlen() instead of strlen() to fix the buffer overflow
while processing the password.
Change-Id: I5996bb62980741b7463c8829a43524e79abc4f19
|
|
|
|
|
|
|
| |
Add support for is_hw_fde_enabled routine to get the fde
status based on the chipset.
Change-Id: I7e0e078da6668e347a78de487da44ddc331bd478
|
|
|
|
|
|
|
|
| |
As the partition names are changing from branch to branch, device
FDE key is not wrapped with Hw keymaster which is less secure.
So removing the partition name related checks to avoid failures.
Change-Id: If181b093122479ca57ff6846b10d6aa2fb3eaa0c
|
|
|
|
|
|
|
|
|
| |
While verifying or updating passwords, those are copied into temp
variables which are freed after use. These variables should be
cleaned up before freeing so that passwords are not left in memory
if someone dumps the memory.
Change-Id: I94f76f679bac18a682c796fe98236549e8f5e1aa
|
|
|
|
|
|
|
|
|
| |
Replace the sys.listener.registered with sys.keymaster.loaded
because the keymaster loading is the final operation done by
the qseecomd and key operations should wait till the qseecomd
initialization completes.
Change-Id: I78a2a6941058f8ec6197ef88b324f6178f7ae2fb
|
|
|
|
|
|
|
|
|
|
|
| |
Sometime it is possible that KMS APIs are invoked and QSEECom
listeners are not up. This would cause failure from secure side
and KMS API will fail eventually. This change waits for QSEECom
listeners to be up before calling KMS APIs. If QSEECom listeners
are not up even after wait period, API would fail without going
to secure side.
Change-Id: I211248645f92fc0fcfe6f250cb1f26661f5fb06c
|
|
|
|
|
|
|
|
|
| |
HW FDE keys would be tied to keymaster so that if someone changes
Root of Trust (ROT), encrypted data can't be used. Cryptfs_hw module
is exposing a new API so that caller can determine whether to create
dependency between HW FDE keys and keymaster.
Change-Id: I85c85ffd9086f6c060032e4ae701b10363d88529
|
|
|
|
|
|
|
| |
Update cryptfs_hw API signatures as per the vold project
requests to avoid compilation errors.
Change-Id: I1c2133f3cee395892e7fa160afc6314059ba0bcb
|
|
|
|
| |
Change-Id: I7f64400bfa33dcb87d2c6260b8a055d0262f7511
|
|
|
|
|
|
|
| |
Update cryptfs_hw APIs to take old password along with the new
passowrd.
Change-Id: Ieca5c4bac36ba4bb2371d2f3bbe0cadf79e256d7
|
|
|
|
|
|
| |
Add support for wipe_key routine to clean key.
Change-Id: I9e258e1506d0634c4fc5b5142475005f6eb51c4e
|
|
|
|
|
|
|
|
|
| |
ICE (Inline Crypto Engine) encrypts/decrypts storage IO requests to
minimize degradation in storage IO throughput. ICE has been added to
eMMC based storage hardware as well. Adding required support for eMMC
based ICE.
Change-Id: I7986d95ccabca9d6d029653c804608e7d78ad9ef
|
|
|
|
|
|
|
|
| |
ICE requires keys to be set in key LUT. Changing APIs so that it
return the key index in key LUT. It also needs to take care if
ICE is available on the chip.
Change-Id: I22be18738ba33e5b5c61639c24b320484d0ad7f2
|
|
|
|
|
|
| |
open system call is added with NOFOLLOW flag
Change-Id: I402643635e3ee11b3ac5df63c3b71a9fd6f0d2db
|
|
|
|
|
|
|
| |
64 bit platform generates library at a different path compared to
32 bit platform.Added macros to take care of both kind of platforms.
Change-Id: Ie32b8edaeb9f8f34095c7f18c4add83fe957d82a
|
|
|
|
|
|
|
|
| |
qseecom_create_key which is a function pointer is used after
dereferencing it. Also fixed the issue where userdata may not be
wiped after certain number of attemps.
Change-Id: I4d14366e33c09da64f89000a16b7eef7d981cfda
|
|
|
|
|
|
|
| |
All vendors developed libraries must be in vendor folder on
device. Using appropriate directive to accomplish the objective.
Change-Id: I4ed413b799c0b66a86321f799713068776fa538a
|
|
SW based device encryption uses SW crypto engine. This module
provides the support for VOLD to utilize HW crypto engine. HW
based crypto engine is more efficient both in terms of power
and throughput.
Change-Id: I34107a0ce50d9fc5c80c15ace0678a0bba7adee5
|