This patch is to refactor twrpDigest using polymorphism
and inheritance to use the same call patterns for creating and
reading a digest. Now a library.
Use SHA2 from libcrypto. SHA2 is default if device has libcrypto.
Change string MD5 everywhere to use digest or Digest instead. Updated
string tags to digest. Translation will be required.
Switch out digest code into a driver class from partitionmanager.
SHA2 is better for digest creation due to decreased collision space
compared to MD5 and SHA1.
See https://en.wikipedia.org/wiki/SHA-2
Change-Id: I74b5546789990b12aa4ce2e389d25f80a3fe213f
Some older update binaries can't read the binary file_contexts, so include
the text version of the file to prevent errors. This removes the symlink
to the binary version of the file and uses the concatenated file_contexts
from the OUT build folder.
Change-Id: Ia57c9b47c95945721d3dfa1ec8e18c4bb199adff
If TWRP crypto fails to decrypt partition, mount the system
partition and use system's own vold to attempt decryption.
This provides a fallback for proprietary OEM encryption as well as
encryption methods which TWRP hasn't been updated for.
Requirements in device tree:
* fstab.{ro.hardware} in device/recovery/root
The fstab does not need to be complete, but it does need the
data partition and the encryption entries.
* 'TW_CRYPTO_USE_SYSTEM_VOLD := true' in BoardConfig
or
* 'TW_CRYPTO_USE_SYSTEM_VOLD := <list of services>'
Notes:
* Setting the flag to 'true' will just use system's vdc+vold
or
* Setting the flag with additional services, will also start them
prior to attempting vdc+vold decryption, eg: for qualcomm based
devices you usually need 'TW_CRYPTO_USE_SYSTEM_VOLD := qseecomd'
* For each service listed an additional import will be automatically
added to the vold_decrypt.rc file in the form of
init.recovery.vold_decrypt.{service}.rc
You will need to add any not already existing .rc files in
your device/recovery/root folder.
* The service names specified in the vold_decrypt.{service}.rc files
have to be named 'sys_{service}'
eg: 'service sys_qseecomd /system/bin/qseecomd'
* Any service already existing in TWRP as {service} or sbin{service} will
be stopped and restarted as needed.
* You can override the default init.recovery.vold_decrypt.rc file(s)
by placing same named ones in your device/recovery/root folder.
If you do, you'll need to manually add the needed imports.
* If /vendor and /firmware folders are temporarily moved and symlinked
to the folders and files in the system partition, the properties
'vold_decrypt.symlinked_vendor' and 'vold_decrypt.symlinked_firmware'
will be set to 1.
This allows for additional control in the .rc files for any extra
actions (symlinks, cp files, etc) that may be needed for decryption
by using: on property:vold_decrypt.symlinked_vendor=1 and/or
on property:vold_decrypt.symlinked_firmware=1 triggers.
Debug mode: 'TW_CRYPTO_SYSTEM_VOLD_DEBUG := true' in BoardConfig
* Specifying this flag, will enable strace on init and vdc, which will
create separate log files in /tmp for every process created, allowing
for detailed analysis of which services and files are being accessed.
* Note that enabling strace will expose the password in the logs!!
* You need to manually add strace to your build.
Thanks to @Captain_Throwback for co-authoring and testing.
Tested successfully on HTC devices:
M8 (KK through MM), M9 (MM and N), A9 (N), 10 (N), Bolt (N),
Desire 626s (MM), U Ultra (N)
HTC One X9 (MTK device)
And by Nikolay Jeliazkov on: Xiaomi Mi Max
Change-Id: I4d22ab55baf6a2a50adde2e4c1c510c142714227
The presence of /file_contexts is still important to TWRP:
- files written while in adb shell only pick up contexts if
/file_contexts is present
- fixContexts looks for /file_contexts
- if !USE_EXT4 (is this possible), then make_ext4fs looks for
/file_contexts when wiping
In the event than file_contexts.bin also becomes more important in the
future, leave it in place and create a symlink to it.
Change-Id: Ic87852248d42d5ea6bf936df160efa41294b6520
Globally define BOARD_RECOVERY_BLDRMSG_OFFSET with a decimal integer
to offset the read/write location in misc where the bootloader message
should appear. Example:
BOARD_GLOBAL_CFLAGS := -DBOARD_RECOVERY_BLDRMSG_OFFSET=2048
Edify commands get_stage and set_stage need to be aware of the
custom bootloader msg offset because they write the stage directly
to the BCB.
Change-Id: Ifdb5ffe3e893a651be59ae63e3a0ebadd828c9f2
* The TWRP_SH_TARGET variable is only used if TW_USE_TOOLBOX == false,
so it doesn't really need to be defined.
* Move the busybox sh symlink creation nearer to the toolbox/busybox
build rules and take advantage of LOCAL_POST_INSTALL_CMD which has
been around since Android 4.3.
Change-Id: I7850f9c3e113d43ad519dd5c9a7d25e36ec1c426
* Unify the building of pigz and its symlinks under the same module.
LOCAL_POST_INSTALL_CMD has been around since Android 4.3, use it.
Change-Id: I6a1f74216b6f5a5283fc17839b9b6f19571f3be5
For building through jenkins. Export a variable to the shell
so that we don't monkey patch variables.h and keep the git tag
clean in the version string.
Jenkins will export the variable TW_DEVICE_VERSION=n where n > 0.
The makefile will use this variable to show the device string
in twrp startup. For mass production builds, omit the
environment variable to default to 0.
Change-Id: I0d6eb764255d7069c0fb4a378522a009cfe4054f
These changes are needed by any ROM where devices are configured to
use TOOLBOX/TOYBOX instead of BUSYBOX (i.e., TW_USE_TOOLBOX := true).
Change-Id: I68b88cc9fb857f32864556c4b6c9c8e6ee744051
Rename twrpDU.* to exclude.*
Remove global variable for du and replace with partition specific
variables.
Use separate exclusion lists for backups and wiping.
Clean up some includes
Fix some parenthesis in twrp.cpp that I messed up.
Note: twrpTarMain command line utility compiles but probably does
not work correctly yet due to not properly setting part_settings
Change-Id: Idec9c3e6a8782ba53f3420fa79ba33394f4f85fb
android-6.0 branch of ntfs-3g matches the cm-13.0 version now,
check platform version instead of CM_SDK version.
Change-Id: Ic4aed613084d530c814611678f70d75260b9adc4
Functionality for client side to backup
tar and image streams over adbd to the client under backup.ab.
Using adb backup on the client side you can backup the partitions
TWRP knows about.
On the client side you can do the following:
adb backup -f <filename> --twrp <options> where options are
--compress: compress data
system: backup system
cache: backup cache
data: backup data
boot: backup boot
etc for each partition.
You can string multiple options,
i.e. adb backup -f <filename> --twrp --compress cache system data
adb backup in TWRP will take any option corresponding
to TWRP fstab partitions, e.g. efs boot as well.
If you do not specify the filename with the -f option,
adb will backup your data to a filename backup.ab on the client.
You can then rename the file and encrypt it with desktop tools.
If you don't want to use command line arguments:
adb backup --twrp
will bring up the gui and allow you to choose partitions
from the backup page.
To restore the backup use the following convention:
adb restore <filename>
Structures are used to store metadata in binary inside
of the file itself. If the metadata structure is modified,
update the adb version so that it will invalidate older
backups and not cause issues on restore. When restoring,
we currently do not support picking specific partitions.
It's all or nothing.
Change-Id: Idb92c37fc9801dc8d89ed2a4570e9d12e76facf8
bootloader_messages merges bootloader_message_writer
and bootloader.cpp, so we can use the same library to
manage bootloader_message in normal boot and recovery mode.
Bug: 29582118
Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Cherry-pick of 452df6d99c, with
merge conflict resolution, extra logging in verifier.cpp, and
an increase in the hash chunk size from 4KiB to 1MiB.
Bug: http://b/28135231
Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
(cherry-pick from commit a4f701af93)
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
The progress bar will now be updated during image backups, restores
and during image flashing (except for sparse images which will require
significant changes to libsparse, and except for mtd nand using
flash_utils).
The progress bar will now be updated mid-file for file systems (tar) so
the user will see changes even during large file backup / restore.
Add a new progress tracking class to simplify handling of progress bar
updates. The class will only update the progress bar 5 times a second to
reduce the CPU load from updating the GUI frequently which does affect
backup times.
Change-Id: Iff382faef3df1f86604af336c1a8ce8993cd12c5
The SwipeDetector class is used almost unchanged in all locations.
This patch moves it into the recovery module, from which devices can
reference it if required.
The class is now renamed to WearSwipeDetector.
Bug: 27407422
Change-Id: Ifd3c7069a287548b89b14ab5d6d2b90a298e0145
bionic process initialization calls personality
(specifically personality-8)
personality wants to load a kernel module
loading a kernel module calls /sbin/modprobe
loading /sbin/modprobe is a bionic process initialization
bionic process initialization calls personality
personality wants to load a kernel module
loading a kernel module calls /sbin/modprobe . . .
Before you know it, it takes 0.5 seconds to do anything.
Note: modprobe is still technically available, but the symlink
has been removed, so you can still call it directly by running
busybox modprobe if you like.
From what I can tell, this issue only affects 32 bit devices
with CONFIG_MODULES=y in the defconfig. The problem can be also
patched out of the kernel by commenting or otherwise removing
the block of code in kernel/exec_domain.c inside the CONFIG_MODULES
ifdef block
It is also possible to patch the problem in bionic libc by commenting
out or otherwise removing the __initialize_personality in bionic/libc/
bionic/libc_init_common.cpp file.
Change-Id: Iebac314616080ac18320d73b087980ac1b98b951
logd, the init.recovery.logd.rc, and other related files were
included by default if your device configs specified
TARGET_USES_LOGD := true which would be the case for any device
that has a full ROM tree instead of a minimal TWRP tree.
Change-Id: Ia1e55703631f0f22beab2f4d4479599b88539e1a
Developers and device maintainers may find it useful to have access
to logcat in recovery. This patch set adds the following build flags:
TARGET_USES_LOGD - This is an Android build flag that enables logd
support. Devices that don't have built in kernel logging to dev/log/*
will need this flag for logcat. We'll also use this to include the
necessary support files for logd in TWRP.
TWRP_INCLUDE_LOGCAT - This enables logcat support in recovery.
I pulled the init entries from my HTC One M8 GPE boot.img,
so I'm not certain whether these will work for all devices
or if they're all necessary.
Feedback is welcome.
PS2: Use "TARGET_USES_LOGD" instead as this flag already exists, and
previous flag was named incorrectly (logd isn't kernel logging)
PS3: Start logd service on load_persist_props action, needed for 6.0+
PS4: More info on "TARGET_USES_LOGD" flag as related to liblog
compilation can be found at the below links:
https://android.googlesource.com/platform/system/core/+/android-6.0.1_r10/liblog/Android.mk#27https://android.googlesource.com/platform/system/core/+/android-6.0.1_r10/liblog/Android.mk#50
Whether or not this flag is needed for logcat in TWRP is dependent
on whether liblog was compiled with this flag.
PS5: Update commit message to better describe "TARGET_USES_LOGD" flag
PS6: Another commit message update
Change-Id: Iaac6c6c822dc93fbe4b6eadcf24eef6995dd6b50
if the image has the right magic bytes to be a sparse image,
use simg2img to flash the image
create a rule to make a fully dynamic simg2img which results in a
much smaller increase in gzip ramdisk size (2KB vs 40KB)
Change-Id: I1b0f6bc127da46103888b1154a9bddd8ac02c01d
Fix permissions rarely fixed anything on more recent versions of
Android and usually made things worse. Instead we will replace it
with a more dumbed down option that should fix contexts on
/data/media with a few improvements to ensure that contexts get
fixed for multiple users and on adopted storage.
Change-Id: If5523781936a0b04196e2ad871cae767ebae2583
-Detects, decrypts, and mounts an adopted SD card if a
secondary block device is defined (usually mmcblk1)
-Handles unified storage
-Displays the adopted storage in MTP along with internal
-Factory Reset - wiped just like a data media device, we
retain the keys folder and the storage.xml during a
factory reset
-Backup / Restore
-Disable mass storage when adopted storage is present
-Read storage nickname from storage.xml and apply it to
display names in the GUI
-Read storage.xml and determine what storage location is in
use for /sdcard and remap accordingly
libgpt_twrp is source code mostly kanged from an efimanager
project. It is GPL v2 or higher, so we will opt for GPL v3.
Change-Id: Ieda0030bec5155ba8d2b9167dc0016cebbf39d55
-Improve code for partitioning sdcards
-Allow user to select a device for partitioning (must be removable)
-Use sgdisk to partition sdcards
-Set default sizes for ext and swap to 0
-Change increments for ext to 256MB and swap to 64MB
Note: sgdisk is included in 6.0. I have included a static prebuilt
sgdisk for trees that do not have sgdisk, however the prebuilt
sgdisk is a decent bit larger than the old parted binary. The old
parted binary is quite old at this point and we only have it for
armv7a. sgdisk should be maintained by AOSP and can be built from
source so it should work across architectures.
Change-Id: Ib80882d9b5776e5e9358b11340fba392e6f1ae09
