summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* cryptfs_hw: Properly define log taglineage-15.1dianlujitao2018-05-121-2/+2
| | | | | | | | | | | | * LOG_TAG should be defined before including log.h vendor/qcom/opensource/cryptfs_hw/cryptfs_hw.c:45:9: warning: 'LOG_TAG' macro redefined [-Wmacro-redefined] ^ system/core/liblog/include/log/log.h:51:9: note: previous definition is here Change-Id: Id6fdf6f1582360514de9140bd42feaa698527557
* cryptfs_hw: add missing logging tagsteadfasterX2018-04-301-0/+2
| | | | Change-Id: Iba69c6feb976cab2e466d30241f899540eff4b51
* Revert "cryptfs_hw: Move to /vendor"TheScarastic2018-02-131-1/+0
| | | | | | This reverts commit 3054ec0a85887d6a4aa3630b502183e9875ce9c9. Change-Id: Ia8f40158e08675f2a0229ea78d13df066b2668b5
* cryptfs_hw: Move to /vendorstaging/lineage-15.1Michael Bestas2017-12-271-0/+1
| | | | Change-Id: I9f0934d22d9e2001e61e3906af958d7300a8c0e4
* cryptfs_hw: Featureize support for waiting on QSEE to startMichael Bestas2017-12-272-0/+11
| | | | | | * Match keymaster change to support older blobs Change-Id: I2d45fe60e0f4bf076d064d6c432740af0b3c840c
* cryptfs_hw: Add compatibility for pre-O hw cryptoMichael Bestas2017-12-272-2/+109
| | | | | | | | | | | | | | | | | * Restore compatibility for pre-O way of hw crypto interaction with qsee as the new way is not compatible with old blobs. * Old blobs and current OSS keymaster still use the old property to check if qseecomd is loaded. * This conditionally reverts: cryptfs_hw: Add new APIs for key management 84ac4882d6feeceb24e983a4eaba1d148c2ba3e6 cryptfs_hw: Use HW keymaster for FDE keys a5d3a02eb13362490222ac2a7eefde6543546e31 cryptfs_hw: Wait for qseecom daemon to start FDE operation b01c6ec9373bee3e9d71d2300ebce7c287c3d687 Change-Id: I9a5db406c16c3610237a1b85fbfab5c0d63e4960
* cryptfs_hw: Wait for qseecom daemon to start FDE operationNeeraj Soni2017-12-201-4/+6
| | | | | | | | | FDE operation requires listener services. Qseecom daemon should be up and running to ensure all listeners are registered and running. Change-Id: I45637fe25a4ccc9a9ae4939449d310b9a7313e10 Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
* cryptfs_hw: Use HW keymaster for FDE keysAnilKumar Chimata2017-12-201-9/+2
| | | | | | | Use hardware keymsater for hardware FDE keys to increase the key complexity to avoid attacks. Change-Id: If4c1b84796b2f01331a3ef3f93c3a7af8af00f29
* cryptfs_hw: Fix compilation errorAnilKumar Chimata2017-12-201-0/+2
| | | | | | | Fix compilation error for qseecom.h which encountered while creating the clean build. Change-Id: I1271866d453f0f3d60bfc23ac12819b1cd0cabea
* cryptfs_hw: Add new APIs for key managementAnilKumar Chimata2017-12-202-91/+201
| | | | | | | Add new APIs for create, wipe and update keys, which is required for HW based Full Disk Encryption. Change-Id: I483ce1a734db7b7cbfb2a06fe74baf559cfb51fb
* cryptfs_hw: Remove android reboot during password checkBrahmaji K2017-12-201-14/+1
| | | | | | | | | | | After reaching the maximum number of retires with wrong password, userdata is erased based on the info written on /cache partition. As per the latest changes of A/B, cache partition is not present which leads to failure of userdata wipe before reboot. This patch removes reboot from cryptfs_hw layer if max entries reached, as frameworks take care of userdata wipe. Change-Id: If97f2f7452beb004f44d7d41d1d76def23fe2720
* cryptfs_hw: Add liblog for logginglineage-15.0AnilKumar Chimata2017-10-082-2/+4
| | | | | | | Add liblog to cryptfs_hw to compile the adb log message related functions to enable logging. Change-Id: Ibc6b8617431cae687d964d1ab56ac25e1b1b96f2
* cryptfs_hw: Fix stack out of bound issueBrahmaji K2017-06-011-1/+1
| | | | | | | Add strnlen() instead of strlen() to fix the buffer overflow while processing the password. Change-Id: I5996bb62980741b7463c8829a43524e79abc4f19
* cryptfs_hw: Add support for is_hw_fde_enabled routineAnilKumar Chimata2017-02-253-0/+62
| | | | | | | Add support for is_hw_fde_enabled routine to get the fde status based on the chipset. Change-Id: I7e0e078da6668e347a78de487da44ddc331bd478
* cryptfs_hw: Remove keymaster partition checkAnilKumar Chimata2017-02-121-7/+0
| | | | | | | | As the partition names are changing from branch to branch, device FDE key is not wrapped with Hw keymaster which is less secure. So removing the partition name related checks to avoid failures. Change-Id: If181b093122479ca57ff6846b10d6aa2fb3eaa0c
* Cleanup temporarily stored passwordsDinesh K Garg2017-02-121-1/+11
| | | | | | | | | While verifying or updating passwords, those are copied into temp variables which are freed after use. These variables should be cleaned up before freeing so that passwords are not left in memory if someone dumps the memory. Change-Id: I94f76f679bac18a682c796fe98236549e8f5e1aa
* cryptfs_hw: update the listener property with keymaster propertyBrahmaji K2017-02-121-1/+1
| | | | | | | | | Replace the sys.listener.registered with sys.keymaster.loaded because the keymaster loading is the final operation done by the qseecomd and key operations should wait till the qseecomd initialization completes. Change-Id: I78a2a6941058f8ec6197ef88b324f6178f7ae2fb
* Wait for QSEECom listeners before calling KMS APIsDinesh K Garg2017-02-121-0/+22
| | | | | | | | | | | Sometime it is possible that KMS APIs are invoked and QSEECom listeners are not up. This would cause failure from secure side and KMS API will fail eventually. This change waits for QSEECom listeners to be up before calling KMS APIs. If QSEECom listeners are not up even after wait period, API would fail without going to secure side. Change-Id: I211248645f92fc0fcfe6f250cb1f26661f5fb06c
* cryptfs_hw: Tie HW FDE keys with keymasterDinesh K Garg2017-02-123-1/+42
| | | | | | | | | HW FDE keys would be tied to keymaster so that if someone changes Root of Trust (ROT), encrypted data can't be used. Cryptfs_hw module is exposing a new API so that caller can determine whether to create dependency between HW FDE keys and keymaster. Change-Id: I85c85ffd9086f6c060032e4ae701b10363d88529
* cryptfs_hw: Update module as per vold projectDinesh K Garg2017-02-122-6/+3
| | | | | | | Update cryptfs_hw API signatures as per the vold project requests to avoid compilation errors. Change-Id: I1c2133f3cee395892e7fa160afc6314059ba0bcb
* cryptfs_hw: add string.hChiou-Hao Hsu2017-02-121-0/+1
| | | | Change-Id: I7f64400bfa33dcb87d2c6260b8a055d0262f7511
* cryptfs_hw: Update APIs to take old passwordAnilKumar Chimata2017-02-122-15/+13
| | | | | | | Update cryptfs_hw APIs to take old password along with the new passowrd. Change-Id: Ieca5c4bac36ba4bb2371d2f3bbe0cadf79e256d7
* cryptfs_hw: Add support for wipe_key routineAnilKumar Chimata2017-02-122-2/+23
| | | | | | Add support for wipe_key routine to clean key. Change-Id: I9e258e1506d0634c4fc5b5142475005f6eb51c4e
* Adding support for eMMC based ICEDinesh K Garg2017-02-121-33/+29
| | | | | | | | | ICE (Inline Crypto Engine) encrypts/decrypts storage IO requests to minimize degradation in storage IO throughput. ICE has been added to eMMC based storage hardware as well. Adding required support for eMMC based ICE. Change-Id: I7986d95ccabca9d6d029653c804608e7d78ad9ef
* Adding support of Inline Crypto Engine (ICE)Dinesh K Garg2017-02-123-12/+63
| | | | | | | | ICE requires keys to be set in key LUT. Changing APIs so that it return the key index in key LUT. It also needs to take care if ICE is available on the chip. Change-Id: I22be18738ba33e5b5c61639c24b320484d0ad7f2
* qcom/common: Added O_NOFOLLOW to avoid follow the symlinkSri Krishna Chaitanya Madireddy2017-02-121-1/+1
| | | | | | open system call is added with NOFOLLOW flag Change-Id: I402643635e3ee11b3ac5df63c3b71a9fd6f0d2db
* Port cryptfs_hw library to 64bit platformDinesh K Garg2017-02-122-3/+7
| | | | | | | 64 bit platform generates library at a different path compared to 32 bit platform.Added macros to take care of both kind of platforms. Change-Id: Ie32b8edaeb9f8f34095c7f18c4add83fe957d82a
* Wrong function pointer usageDinesh K Garg2017-02-122-14/+15
| | | | | | | | qseecom_create_key which is a function pointer is used after dereferencing it. Also fixed the issue where userdata may not be wiped after certain number of attemps. Change-Id: I4d14366e33c09da64f89000a16b7eef7d981cfda
* Place library in vendor folder on deviceDinesh K Garg2017-02-121-1/+2
| | | | | | | All vendors developed libraries must be in vendor folder on device. Using appropriate directive to accomplish the objective. Change-Id: I4ed413b799c0b66a86321f799713068776fa538a
* vold: HW based device encryptionDinesh K Garg2017-02-123-0/+234
SW based device encryption uses SW crypto engine. This module provides the support for VOLD to utilize HW crypto engine. HW based crypto engine is more efficient both in terms of power and throughput. Change-Id: I34107a0ce50d9fc5c80c15ace0678a0bba7adee5
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 06:31:43 +0000