Move setting crypto state and type to functions and call those
functions rather than arbitrarily setting those props in every
case. This cleans up all the log spam from trying to set
read-only props, since they will now only get set if
they aren't already.
Change-Id: I392bee060d71c6ee50d0d92bf1b118d9049be41a
Since we don't re-create data/media on FBE devices,
don't create an MTP storage device for it.
This fixes the bug when, after formatting data on
and FBE device, an empty Internal Storage appears
on the PC.
This also prevents an empty storage device from
being created if recovery is rebooted after formatting
data before booting to Android. A warning will appear
in the console that MTP is disabled in that case.
Currently the path is hardcoded to data/media; this
should probably be adjusted for cases where adoptable
storage is being used.
Change-Id: Iaafc5e3cde54c3ef6ffaf33f76d14c626b6e590d
Use TW_LOAD_VENDOR_MODULES := "module1.ko module2.ko modulen.ko"
in BoardConfig to have TWRP attempt to load kernel modules during
startup. For fastboot ramdisks, TWRP will attempt to load from
the ramdisk from /vendor/lib/modules. You can have the build
system copy the modules to
$(TARGET_RECOVERY_ROOT_OUT)/vendor/lib/modules/1.1
Otherwise in recovery in boot mode, TWRP will attempt the following:
check /lib/modules (ramdisk vendor_boot)
check /lib/modules/N.N (ramdisk vendor_boot)
check /lib/modules/N.N-gki (ramdisk vendor_boot)
check /vendor/lib/modules (ramdisk)
check /vendor/lib/modules/1.1 (ramdisk prebuilt modules)
check /vendor/lib/modules/N.N (vendor mounted)
check /vendor/lib/modules/N.N-gki (vendor mounted)
Change-Id: I2dccf199e37d47cb7a7e79b0e11026d67b4e3186
Now in android-11 we can now process legacy and newer wrappedkey
support in our libfscrypt library. TWRP doesn't need to set a
property to check for wrapped key. libfscrypt will just process
wrappedkey fs_mgr flag for legacy wrapped key or wrappedkey_v0
for the newer wrapped key supported in android-11.
Change-Id: Ia94c7ebe34a05c9b25bbb7a5b2e899902c93d203
To support all partitions that are on the super partition
we now parse for the logical flag in fstab to denote super
status.
- Remove guards for the first character being '/'.
- Skip commented lines in fstab
- Build Backup_Display_Name from partitions in super.
The first four lines that are in fstab will be
displayed.
Change-Id: I3f8980187bd4a136257dd6eeaeddd7ea71706cd3
Change-Id: I1ee7c02f91aafb646beaf401a43bcb22fa8c8c7a
Fixes issue where devices where encryption failed wouldn't
have partition information until after an action was run
Change-Id: I1c50ceaa56d67bfbc330bfa77300512a6e3034c0
Bootctrl is being unreliable during repacking. This overrides the slot
while repacking recovery in boot.
Change-Id: I0a04357af4e5f24591792bcfb27ccbd10b0a813b
- During OTA upgrades if security state or ROT changes then Keymaster
keys requires upgrade. So for such usescases, if the FBE ephemeral
key export fails, check whether KM key requires upgrade and try for
exporting ephemeral key again.
CRs-Fixed: 2632902
Change-Id: I3ee2fcd97a56b628dc4304867c8f2b8da875f883
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
- Commit 77df7f2 / http://aosp/1217657 ("Refactor to use
EncryptionPolicy everywhere we used to use raw_ref") unintentionally
made fscrypt_initialize_systemwide_keys() start specifying keepOld=true
(via default parameter value) when retrieving the system DE key, and
likewise for read_or_create_volkey() and volume keys.
As a result, if the associated Keymaster key needs to be upgraded, the
upgraded key blob gets written to "keymaster_key_blob_upgraded", but it
doesn't replace the original "keymaster_key_blob", nor is the original
key deleted from Keymaster. This happens at every boot, eventually
resulting in the RPMB partition in Keymaster becoming full.
Only the metadata encryption key ever needs keepOld=true, since it's the
only key that isn't stored in /data, and the purpose of keepOld=true is
to allow a key that isn't stored in /data to be committed or rolled back
when a userdata checkpoint is committed or rolled back.
So, fix this bug by removing the default value of keepOld, and
specifying false everywhere except the metadata encryption key.
Note that when an affected device gets this fix, it will finally upgrade
its system DE key correctly. However, this fix doesn't free up space in
Keymaster that was consumed by this bug.
Test: On bramble:
- Flashed rvc-d1-dev build, with wiping userdata
- Flashed a newer build, without wiping userdata
- Log expectedly shows key upgrades:
$ adb logcat | grep 'Upgrading key'
D vold : Upgrading key:
/metadata/vold/metadata_encryption/key
D vold : Upgrading key: /data/unencrypted/key
D vold : Upgrading key: /data/misc/vold/user_keys/de/0
D vold : Upgrading key:
/data/misc/vold/user_keys/ce/0/current
- Rebooted
- Log unexpectedly shows the system DE key being upgraded again:
$ adb logcat | grep 'Upgrading key'
D vold : Upgrading key: /data/unencrypted/key
- "keymaster_key_blob_upgraded" unexpectedly still exists:
$ adb shell find /data /metadata -name
keymaster_key_blob_upgraded
/data/unencrypted/key/keymaster_key_blob_upgraded
- Applied this fix and flashed, without wiping userdata
- Log shows system DE key being upgraded (expected because due to the
bug, the upgraded key didn't replace the original one before)
$ adb logcat | grep 'Upgrading key'
D vold : Upgrading key: /data/unencrypted/key
- "keymaster_key_blob_upgraded" expectedly no longer exists
$ adb shell find /data /metadata -name
keymaster_key_blob_upgraded
- Rebooted
- Log expectedly doesn't show any more key upgrades
$ adb logcat | grep 'Upgrading key'
Bug: 171944521
Bug: 172019387
(cherry picked from commit c493903732d0c17b33091cf722cbcc3262292801)
Merged-In: I42d3f5fbe32cb2ec229f4b614cfb271412a3ed29
Change-Id: I42d3f5fbe32cb2ec229f4b614cfb271412a3ed29
Change-Id: I0449b812e91c13020a8b653f2149c33e46027b97
Since recent kernels seem to limit the number of loopback
devices to 7, we now just mount the required apex files in TWRP.
To mount additional apex files specify TW_ADDITIONAL_APEX_FILES
in your BoardConfig, for example:
TW_ADDITIONAL_APEX_FILES := "apex1 apex2"
To disable Apex in your builds use:
TW_EXLUCDE_APEX := true
Change-Id: Ib55529a4dc17ce2b737b01b86100dca3dc75e6c9
Change-Id: I3b4dfbb164838ffb126016b0d862f67d3f170bf3
This patchset introduces support decryption for Android 11.
In this update we deprecate ext4crypt. To specify the
policy version to use, use TW_USE_FSCRYPT_POLICY := 1 or
TW_USE_FSCRYPT_POLICY := 2. By default policy version will
be set to 2 if this variable is omitted.
Change-Id: I62a29c1bef36c259ec4b11259f71be613d20a112
Simplifies code for retrieving this list rather than using
every possible specified super partition group
Change-Id: I1a3bd8e4b73ce18a176c74a52eb91d25709080f4
Between Android versions, there may be different partitions
that make up super. Just because a partition that in fstab
is not in super doesn't necessarily mean there's a problem.
Change this message to information only so the end user
doesn't think there's a problem when there isn't one
Change-Id: I9cb99aabe20e20059e66cf0cf13cff5ed056f529
(cherry picked from commit e432fb0214b49549e99396db512be98d53e1ed8b)
Only run Update_System_Details on boot after decryption is
complete, if device is unencrypted, or if decryption prompt
is cancelled.
This significantly decreases the delay in reaching the
decryption prompt on devices with large used storage
capacity
Use refreshsizes action to update system details when
Cancel button is pressed at decryption prompt
Change-Id: I9e436b1c57664a5269f42dc1cda4f6097f7e3062
In this patchset we will store and reset the android system
root context after a wipe and restore to prevent issues
with no context labels in the file_contexts being applied.
This will prevent no boot issues in android with selinux
denials on the system root partition.
Change-Id: I87fd3a6060fbaa3e7bdfd7a4b1d09feeb4fa3f27
(cherry picked from commit 35d2bfda3c89ebd212a9bd2328bffd7464f95d47)
* On some devices, the external mmc driver will only load the card after
a certain delay. The original code will break and fail to mount any
adopted storage in this case.
* Add a special fstab flag to allow the partitionmanager to retry after
a delay.
Change-Id: I219978850ff3ba7ad9dc7ca96fc30634c9574164
This library will need to mirror AOSP for any changes to installing
packages. The library has been separated out in order to make importing
updates from AOSP into the TWRP project.
twinstall.cpp has been removed from the recovery binary and added to
this library. It has been refactored for libziparchive.
Sideload has been reworked to use the newer methods from AOSP on
flashing packages through adb sideload.
We are also removing old libraries for adb and verifier.
Lastly before flashing a zip or image, we want to unlock block devices
for writing so that when an OTA is flashed to the inactive slot,
the flash will succeed.
Change-Id: I6d8702fc9031ffaf9f666b4ba375dc7d9362e473
BUG: Some devices having issues with mounted apex while flashing some packages.
TEST: Added a device specific script in the device tree, which deloaded the apex, which are not needed and its fine.
Example script: https://gist.github.com/AndroiableDroid/cf5a04f80b6326c759a59be5d828434e
Change-Id: I5c89dcd92871fec63c6a875c1a47eb8145ba71fa
Signed-off-by: Mohd Faraz <androiabledroid@gmail.com>
In order to make sure the crypto state and type is set
properly if the device is encrypted, move this check to
a function and call it in cases where the default password
is being used and in cases where it isn't. This will ensure that
an unencrypted device isn't set as encrypted by mistake.
Change-Id: I736f9cbee0e95d7390a09c8235b9914feddaceaf
BUG: prebuilt vendor blobs are being overriden by vendor partition, which causes failed to decrypt the device
TEST: after this patch vendor is no more overriding and decryption working as expected.
* Devices using the stock or the rom based libs then it needed to add the TW_USES_VENDOR_LIBS := true in the BoardConfig
Change-Id: I3cbc7fe6df2289081e9198941cfb65a1a7e0e6a3
Signed-off-by: Mohd Faraz <androiabledroid@gmail.com>
* Add CLI support using the command "twrp decrypt <PASSWORD> [USER ID]"
* Add GUI support using the menu Advanced --> Decrypt User
multiuser: Parse users only when Decrypt_DE runs successfully
multiuser: Warn when not all users are decrypted
Change-Id: Ia5e943b13c2d5ec5c34ae97661133c19ff471e6d
For the back-up menu, we can detail what the super partition includes by
aggregating one of BOARD_GOOGLE_DYNAMIC_PARTITIONS_PARTITION_LIST or
BOARD_QTI_DYNAMIC_PARTITIONS_PARTITION_LIST.
We comma-separate the list and capitalise the first letter of each
dynamic partition.
Change-Id: I663eaf4f28b4591293aae21c2dd11f615f625746
fastbootd is a userspace daemon that runs in the recovery
ramdisk. It allows writing single partitions to the super
partition via fastboot CLI. When TWRP sees the fastboot option
in the misc partition during startup, it will start with
the fastbootd page and fastbootd running. Otherwise it will
run recovery normally.
Change-Id: Id7b12d29ef21dbd5950dc884dd1cd788f25357f0
* Since some devices are unable to decrypt after processing of the fstab,
because of the partition details updation, and after intro of dynamic partitioning
here decryption process was going on after complete processing of the dynamic volumes.
* This patch fix these issue, it process the logical volumes at their time not after all processing fstabs.
This fixes the decryption issue.
Translate more partitions i.e., ODM, Product.
Added more partitions in unmount partitions.
Change-Id: I977c0cf0c40e5311f54a78c98f1fd89f71c6ac57
Signed-off-by: Mohd Faraz <androiabledroid@gmail.com>
for android-10
This will support updating the ramdisk to a different
compression format and co-exist with magisk.
We are also cleaning up and removing non android-10
api makefile actions.
We are also moving twrp repacking to its own class. We
check the new ramdisk format and if it's different
we have magisk compress using the new ramdisk format.
Change-Id: I770030aae7797e75817178b2f0fccd9f39dc23af
This patchset is now exlcuding /data/cache from backup, and removing it
from the wipe exclusion list to prevent errors on restore and wiping
/data.
This patchset changes the directory from /data/cache to /data/recovery for TWRP
to store logs and other file information. This will help with AB
devices that don't want recovery to mess with /data/cache.
This patchset will make ORS use /data/cache for AB devices.
Remove policy code because we don't need to set a policy for the
recovery directory.
Change-Id: I1d140276314fd34804a72297d6e25a52e58210a0
fscrypt aosp doc: https://source.android.com/security/encryption/file-based
kernel fscrypt doc: https://www.kernel.org/doc/html/v4.18/filesystems/fscrypt.html
This commit implements the ability for TWRP to use fscrypt to decrypt
files on the fscrypt implementation. It has been implemented mostly
in a new successor library to e4crypt called libtwrpfscrypt. Most of the
code was ported from AOSP vold.
Notable updates include:
- updated policy storage by libtar
- lookup of fbe policies by libtwrpfscrypt
- threaded keystore operations
Big thanks to Dees_Troy for the initial trailblazing
of encryption in TWRP.
Change-Id: I69cd2eba3693a9914e00213d4943229635d0cdae
Some of the partitions will not be unmount automatically. They shouldn't
be mounted by default.
Bugs:
DM_DEV_REMOVE failed for [product]: Device or resource busy
Cannot unmap product before removing group qti_dynamic_partitions.
script aborted: assert failed: update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list"))
assert failed: update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list"))error: 25
Updater process ended with ERROR: 7
Change-Id: I7cbd5c29456ca2731b94a69bbf9ad77058cef09c
This patch uses the loop device to mount files under
/sbin/ from /system/apex in order for the device to
use libraries or other files store inside these files.
Each apex file is mounted over a loop device into a
directory correpsonding to the apex filename under
/sbin/.
Once apex mounting is completed, TWRP will set a
property twrp.apex.loaded to true so that init
can use them as a LD_LIBARY_PATH source.
Change-Id: I69f14a969123ac9cf1afc85b6cf76836cb092fb2
Change-Id: Ica6a7d8e479bcaec8bec4483b5e8d2b45ee105fb
We are now requiring fstab v2 for android-10+ trees. You can
specify twrp flags using /etc/twrp.flags to label and
annotate partitions.
This patchset uses fs_mgr to load the super partition and build
device mapper blocks off vendor and system depending on the slot
in use. These are mapped to partitions in TWRP and allowed to
be mounted read-only. The super partition is also mapped into a
TWRP partition in order to backup the entire partition. You cannot
backup individual device mapper blocks due to the device can only
be read-only. Therefore you cannot write back to the device mapper.
Change-Id: Icc1d895dcf96ad5ba03989c9bf759419d83673a3
This reverts commit 0b25b1d79b.
Reason for revert: Changes need to be made to libtwrpfscrypt to include this patchset. Will cherry-pick this patch later and make necessary modifications.
Change-Id: I7601d7b820129709b05d9b4368573b6f1048de02
* Add CLI support using the command "twrp decrypt <PASSWORD> [USER ID]"
* Add GUI support using the menu Advanced --> Decrypt User
Change-Id: Id2681bc2b1012a0571417f7a6e0b980b1b25c61c
(cherry picked from commit 5a79f67a1b1bd1bcadeca0a4896a871646652534)
This commit is used to directly use the wrapped key
decryption when the "wrappedkey" flag is set in the
fstab.
Change-Id: I74310c3bbec378ee684a8f6d0395a9776dd22abf
(cherry picked from commit 1db943295de9728e364bf0e75bfe9f1a98d413a1)
