vold: Enable legacy support for wrapped key
Legacy wrapped key support was dropped while merging changes
to support multiple versions of dm-default key driver in kernel.
Fix this by calling legacy API to check wrapped key support for
metadata encryption.
CRs-Fixed: 2678344
Change-Id: I7d9efec09ddf7169cf0b1114b4e16b9fe38cad4b
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
system: vold: Use wrapped key for metadata encryption
Wrapped key feature is needed for better security of encryption keys and
to
ensure data integrity when crypto key cache is cleared during reset
operation
of storage/crypto hardware.
Original patch:
https://source.codeaurora.org/quic/la/platform/system/vold/commit/?h=LA.QSSI.11.0.r1-05600-qssi.0&id=c480f913e6abc2757c0d79afba5a3df1c4adc731
[Pig]: Clean up all deprecated codes that were removed during latter
merge.
CRs-Fixed: 2367150
Change-Id: I83d14861bf81e102151fa3417d84008c214a9ac0
vold: Bring in more wrapped key changes
Change-Id: I44e81afaec78c567a0bf2eed30a79eb737e2a867
This patchset introduces support decryption for Android 11.
In this update we deprecate ext4crypt. To specify the
policy version to use, use TW_USE_FSCRYPT_POLICY := 1 or
TW_USE_FSCRYPT_POLICY := 2. By default policy version will
be set to 2 if this variable is omitted.
Change-Id: I62a29c1bef36c259ec4b11259f71be613d20a112
fscrypt aosp doc: https://source.android.com/security/encryption/file-based
kernel fscrypt doc: https://www.kernel.org/doc/html/v4.18/filesystems/fscrypt.html
This commit implements the ability for TWRP to use fscrypt to decrypt
files on the fscrypt implementation. It has been implemented mostly
in a new successor library to e4crypt called libtwrpfscrypt. Most of the
code was ported from AOSP vold.
Notable updates include:
- updated policy storage by libtar
- lookup of fbe policies by libtwrpfscrypt
- threaded keystore operations
Big thanks to Dees_Troy for the initial trailblazing
of encryption in TWRP.
Change-Id: I69cd2eba3693a9914e00213d4943229635d0cdae
