projects / firefly-linux-kernel-4.4.55.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 758b605) | patch
ANDROID: AVB error handler to invalidate vbmeta partition.
authorDavid Zeuthen <zeuthen@google.com>
Tue, 24 Jan 2017 18:17:01 +0000 (13:17 -0500)
committerAmit Pundir <amit.pundir@linaro.org>
Mon, 1 May 2017 09:57:58 +0000 (15:27 +0530)
commitd26b727c10ee67e9b4a6ffc864f954e95e52d873
tree47191cf41ae1b155fb423c977f1fd3c11f0e5222tree | snapshot
parent758b6055e2c1ddf0557f84dd2eb07c6bb4c63752commit | diff
ANDROID: AVB error handler to invalidate vbmeta partition.

If androidboot.vbmeta.device is set and points to a device with vbmeta
magic, this header will be overwritten upon an irrecoverable dm-verity
error. The side-effect of this is that the slot will fail to verify on
next reboot, effectively triggering the boot loader to fallback to
another slot. This work both if the vbmeta struct is at the start of a
partition or if there's an AVB footer at the end.

This code is based on drivers/md/dm-verity-chromeos.c from ChromiumOS.

Example:

 [    0.000000] Kernel command line: rootfstype=ext4 init=/init console=ttyS0,115200 androidboot.console=ttyS0 androidboot.hardware=uefi_x86_64 enforcing=0 androidboot.selinux=permissive androidboot.debuggable=1 buildvariant=eng dm="1 vroot none ro 1,0 2080496 verity 1 PARTUUID=6779df46-78f6-4c69-bf53-59bb1fbf126b PARTUUID=6779df46-78f6-4c69-bf53-59bb1fbf126b 4096 4096 260062 260062 sha1 4f76354c86e430e27426d584a726f2fbffecae32 7e4085342d634065269631ac9a199e1a43f4632c 1 ignore_zero_blocks" root=0xfd00 androidboot.vbmeta.device=PARTUUID=b865935d-38fb-4c4e-b8b4-70dc67321552 androidboot.slot_suffix=_a androidboot.vbmeta.device_state=unlocked androidboot.vbmeta.hash_alg=sha256 androidboot.vbmeta.size=3200 androidboot.vbmeta.digest=14fe41c2b3696c31b7ad5eae7877d7d188995e1ab122c604aaaf4785850b91f7 skip_initramfs
 [...]
 [    0.612802] device-mapper: verity-avb: AVB error handler initialized with vbmeta device: PARTUUID=b865935d-38fb-4c4e-b8b4-70dc67321552
 [...]
 [    1.213804] device-mapper: init: attempting early device configuration.
 [    1.214752] device-mapper: init: adding target '0 2080496 verity 1 PARTUUID=6779df46-78f6-4c69-bf53-59bb1fbf126b PARTUUID=6779df46-78f6-4c69-bf53-59bb1fbf126b 4096 4096 260062 260062 sha1 4f76354c86e430e27426d584a726f2fbffecae32 7e4085342d634065269631ac9a199e1a43f4632c 1 ignore_zero_blocks'
 [    1.217643] device-mapper: init: dm-0 is ready
 [    1.226694] device-mapper: verity: 8:6: data block 0 is corrupted
 [    1.227666] device-mapper: verity-avb: AVB error handler called for PARTUUID=b865935d-38fb-4c4e-b8b4-70dc67321552
 [    1.234308] device-mapper: verity-avb: invalidate_vbmeta: found vbmeta partition
 [    1.235848] device-mapper: verity-avb: invalidate_vbmeta: completed.
 [...]

Bug: 31622239
Test: Manually tested (other arch).
Change-Id: Idf6be32d6a3d28e15de9302aa26ad6a516d663aa
Signed-off-by: David Zeuthen <zeuthen@google.com>
drivers/md/Kconfig diff | blob | history
drivers/md/Makefile diff | blob | history
drivers/md/dm-verity-avb.c [new file with mode: 0644] blob
drivers/md/dm-verity-target.c diff | blob | history
drivers/md/dm-verity.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.