Use TW_LOAD_VENDOR_MODULES := "module1.ko module2.ko modulen.ko"
in BoardConfig to have TWRP attempt to load kernel modules during
startup. For fastboot ramdisks, TWRP will attempt to load from
the ramdisk from /vendor/lib/modules. You can have the build
system copy the modules to
$(TARGET_RECOVERY_ROOT_OUT)/vendor/lib/modules/1.1
Otherwise in recovery in boot mode, TWRP will attempt the following:
check /lib/modules (ramdisk vendor_boot)
check /lib/modules/N.N (ramdisk vendor_boot)
check /lib/modules/N.N-gki (ramdisk vendor_boot)
check /vendor/lib/modules (ramdisk)
check /vendor/lib/modules/1.1 (ramdisk prebuilt modules)
check /vendor/lib/modules/N.N (vendor mounted)
check /vendor/lib/modules/N.N-gki (vendor mounted)
Change-Id: I2dccf199e37d47cb7a7e79b0e11026d67b4e3186
vold: Enable legacy support for wrapped key
Legacy wrapped key support was dropped while merging changes
to support multiple versions of dm-default key driver in kernel.
Fix this by calling legacy API to check wrapped key support for
metadata encryption.
CRs-Fixed: 2678344
Change-Id: I7d9efec09ddf7169cf0b1114b4e16b9fe38cad4b
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
system: vold: Use wrapped key for metadata encryption
Wrapped key feature is needed for better security of encryption keys and
to
ensure data integrity when crypto key cache is cleared during reset
operation
of storage/crypto hardware.
Original patch:
https://source.codeaurora.org/quic/la/platform/system/vold/commit/?h=LA.QSSI.11.0.r1-05600-qssi.0&id=c480f913e6abc2757c0d79afba5a3df1c4adc731
[Pig]: Clean up all deprecated codes that were removed during latter
merge.
CRs-Fixed: 2367150
Change-Id: I83d14861bf81e102151fa3417d84008c214a9ac0
vold: Bring in more wrapped key changes
Change-Id: I44e81afaec78c567a0bf2eed30a79eb737e2a867
Only run Update_System_Details on boot after decryption is
complete, if device is unencrypted, or if decryption prompt
is cancelled.
This significantly decreases the delay in reaching the
decryption prompt on devices with large used storage
capacity
Use refreshsizes action to update system details when
Cancel button is pressed at decryption prompt
Change-Id: I9e436b1c57664a5269f42dc1cda4f6097f7e3062
* Add CLI support using the command "twrp decrypt <PASSWORD> [USER ID]"
* Add GUI support using the menu Advanced --> Decrypt User
multiuser: Parse users only when Decrypt_DE runs successfully
multiuser: Warn when not all users are decrypted
Change-Id: Ia5e943b13c2d5ec5c34ae97661133c19ff471e6d
fastbootd is a userspace daemon that runs in the recovery
ramdisk. It allows writing single partitions to the super
partition via fastboot CLI. When TWRP sees the fastboot option
in the misc partition during startup, it will start with
the fastbootd page and fastbootd running. Otherwise it will
run recovery normally.
Change-Id: Id7b12d29ef21dbd5950dc884dd1cd788f25357f0
* Since some devices are unable to decrypt after processing of the fstab,
because of the partition details updation, and after intro of dynamic partitioning
here decryption process was going on after complete processing of the dynamic volumes.
* This patch fix these issue, it process the logical volumes at their time not after all processing fstabs.
This fixes the decryption issue.
Translate more partitions i.e., ODM, Product.
Added more partitions in unmount partitions.
Change-Id: I977c0cf0c40e5311f54a78c98f1fd89f71c6ac57
Signed-off-by: Mohd Faraz <androiabledroid@gmail.com>
for android-10
This will support updating the ramdisk to a different
compression format and co-exist with magisk.
We are also cleaning up and removing non android-10
api makefile actions.
We are also moving twrp repacking to its own class. We
check the new ramdisk format and if it's different
we have magisk compress using the new ramdisk format.
Change-Id: I770030aae7797e75817178b2f0fccd9f39dc23af
partitions.
Too many problems have been reported for TWRP attempting to store
logs in the persist partition. Selinux denials have caused issues
booting Android, and filling up persist has caused IMEI issues.
This patchset will remove persist from the list of available log
directories by default in order to avoid these and other possible
issues.
Change-Id: I29889d69f76270a8fbb764a79be3523821d8579c
This patchset is now exlcuding /data/cache from backup, and removing it
from the wipe exclusion list to prevent errors on restore and wiping
/data.
This patchset changes the directory from /data/cache to /data/recovery for TWRP
to store logs and other file information. This will help with AB
devices that don't want recovery to mess with /data/cache.
This patchset will make ORS use /data/cache for AB devices.
Remove policy code because we don't need to set a policy for the
recovery directory.
Change-Id: I1d140276314fd34804a72297d6e25a52e58210a0
fscrypt aosp doc: https://source.android.com/security/encryption/file-based
kernel fscrypt doc: https://www.kernel.org/doc/html/v4.18/filesystems/fscrypt.html
This commit implements the ability for TWRP to use fscrypt to decrypt
files on the fscrypt implementation. It has been implemented mostly
in a new successor library to e4crypt called libtwrpfscrypt. Most of the
code was ported from AOSP vold.
Notable updates include:
- updated policy storage by libtar
- lookup of fbe policies by libtwrpfscrypt
- threaded keystore operations
Big thanks to Dees_Troy for the initial trailblazing
of encryption in TWRP.
Change-Id: I69cd2eba3693a9914e00213d4943229635d0cdae
This patch uses the loop device to mount files under
/sbin/ from /system/apex in order for the device to
use libraries or other files store inside these files.
Each apex file is mounted over a loop device into a
directory correpsonding to the apex filename under
/sbin/.
Once apex mounting is completed, TWRP will set a
property twrp.apex.loaded to true so that init
can use them as a LD_LIBARY_PATH source.
Change-Id: I69f14a969123ac9cf1afc85b6cf76836cb092fb2
Change-Id: Ica6a7d8e479bcaec8bec4483b5e8d2b45ee105fb
We are now requiring fstab v2 for android-10+ trees. You can
specify twrp flags using /etc/twrp.flags to label and
annotate partitions.
This patchset uses fs_mgr to load the super partition and build
device mapper blocks off vendor and system depending on the slot
in use. These are mapped to partitions in TWRP and allowed to
be mounted read-only. The super partition is also mapped into a
TWRP partition in order to backup the entire partition. You cannot
backup individual device mapper blocks due to the device can only
be read-only. Therefore you cannot write back to the device mapper.
Change-Id: Icc1d895dcf96ad5ba03989c9bf759419d83673a3
This reverts commit 0b25b1d79b.
Reason for revert: Changes need to be made to libtwrpfscrypt to include this patchset. Will cherry-pick this patch later and make necessary modifications.
Change-Id: I7601d7b820129709b05d9b4368573b6f1048de02
* Add CLI support using the command "twrp decrypt <PASSWORD> [USER ID]"
* Add GUI support using the menu Advanced --> Decrypt User
Change-Id: Id2681bc2b1012a0571417f7a6e0b980b1b25c61c
(cherry picked from commit 5a79f67a1b1bd1bcadeca0a4896a871646652534)
* On multiline string variable it adds spaces
Change-Id: I0f9140f3840b0238009af2271ac67b25754f76c9
Signed-off-by: Mohd Faraz <androiabledroid@gmail.com>
This adds the flag TW_OVERRIDE_SYSTEM_PROPS which can contain
a ";" separated list of properties that should be overriden.
A different source property can be defined by separating
target and source using "="
Example:
TW_OVERRIDE_SYSTEM_PROPS := "ro.build.product;ro.build.fingerprint=ro.system.build.fingerprint"
This will override ro.build.product with the value of ro.build.product from system/build.prop.
And also override ro.build.fingerprint with the value of ro.system.build.fingerprint.
with their corresponding values from the system partition.
Change-Id: Ibcd3e6ed51fa7f7195ad524e606a2b9542687e55
This will detect whether SAR is present in the currently installed
OS and set the property ro.twrp.sar accordingly.
After setting the property it will call the bootscript
/sbin/sarsetup.sh (if present) to give device maintainers the
option to do setup operations depending on SAR-status, such
as modifiyng the fstab.
If no system is detected and AB_OTA_UPDATER is defined or built with
Android 10 and upwards, it will fallback to using SAR, otherwise it
will use ro.build.system_root_image as basis for deciding whether SAR
is required or not.
The property ro.twrp.sar will also be used by
TWPartitionManager::Get_Android_Root_Path()
This allows maintaining a single TWRP-build for devices switching
to SAR for Android 10.
The default behavior (when no system is installed)
is determined by the build-flags AB_OTA_UPDATER and
BOARD_BUILD_SYSTEM_ROOT_IMAGE
Change-Id: I2a48c6c81a6ea6fad6e452c06bfbe4d9da0f1e5c
This allows flame to boot TWRP. Still will need to work on
super partition for vendor and system access.
The plan will be to cherry-pick any updates to android-9.0
through gerrit.twrp.me to this branch as a WIP.
Edl mode is available only on qualcomm devices and it used to fully
restore the bricked devices. I made the button available only if
TW_HAS_EDL_MODE := true like the download button. I set the edl
button to the right of the download button, so devices can support
edl button and download button. I also added the translation for
all languages.
Change-Id: I69d1058b8c050b722395c7b3da6dce1ccfbe7a91
This patchset updates all the places we touch cache on AB devices
and non AB devices so that we can write to the appropriate
location. AB devices removed the cache partition and moved it to
/data/cache.
Change-Id: I485ec205a604f1f07ceb7700ae9c4e720fd55c3e
instead of hard-coded /system path
I updated most of the references I found,
but there might be more
For devices that have to mount system at /system_root,
this allows system to be bind mounted to /system
and detected properly by TWRP
Change-Id: I9f142fd8cec392f5b88e95476258dab9c21a9aac
Decrypting userdata is not needed when installing zips if we have
a map of blocks to read, so skip the decryption. This allows to
install zips with no user interaction and, more importantly, it
allows to install zips on devices where TWRP can't properly decrypt
userdata.
Remove also the unneeded Mount_All_Storage() call, Install_Command()
already mounts the needed partition.
Change-Id: I91c69f84ecc2fe41c9567c40649e501af1cfb64a
update_engine_sideload reads /etc/recovery.fstab during its install
process and the twrp.fstab format may not be appropriate for what
fs_mgr expects.
Change-Id: I059ef22c0e862e60a3bffe5259f70c714fe33ec6
Restore adb backup files that TWRP made to your PC.
Put files in your backup directory to see them.
e.g. /sdcard/TWRP/BACKUPS/<sn>
Change-Id: I2c57970d77b64c39a302159041456e761c185259
* As a precaution, (non-permanently) disable MTP if TWRP crashes.
* Remove a duplicate logging of 'Starting MTP'.
* Combine and improve readability of conditions before MTP starts.
* Remove unnecessary Disable_MTP() call if conditions unsatisfied.
Change-Id: I61ac772fc123da5b84c3061fbcf2116531bc4e2f
The property set of sys.usb.config was not part of the original 'Only
change USB mode to mtp when ready for MTP' commit. Further, it adds an
additional USB off/on toggle to the MTP startup routine, potentially
confusing the host computer. The default init.recovery.usb.rc already
sets the usb functions to 'adb' during 'on fs'.
It is possible that devices could run into issues with MTP startup due
to sys.usb.config not yet being set. This is actually due to a poor
design decision in Enable_MTP(), where sys.usb.config would not be
configured for mtp if sys.usb.config had never been set. It is not
necessary to check for a previous value, just set it.
Fix the USB PID for adb-only mode in Disable_MTP().
Change-Id: I21b5e64c9bdcd3104372a8b4eb8ea50cf4561892
* It is not necessary to Remove_MTP_Storage() for a partition if an
MTP_Storage_ID has not been assigned.
* The hack to force-set tw_mtp_enabled=1 should no longer be necessary
now that we're checking whether MTP really needs to be disabled for
a volume before running Disable_MTP().
Change-Id: I1b7233eedd9da7c6be0c67fc60243f3837105173
Commit 'Do not toggle USB ID during MTP startup if not needed' changed
the default USB mode to 'mtp,adb'. Depending on the device, this can
result in an unfortunate side effect of crashing an ORS sideload
midway through the process (it's not clear to me whether the kernel or
the connected computer is responsible). Only put USB into mtp mode
when MTP storage is starting-up.
The hack to change the USB mode to adb when a user compiles TWRP
without MTP support is no longer necessary now that 'adb' is the
startup mode.
Change-Id: I8ed13d6ab8e85621533997b8c37ef7ebec0fcf85
