| commit | 17aa5aaa5f9c97a3de16b4af7dc758555e4687cf | [log] [tgz] |
|---|---|---|
| author | Nikolay Elenkov <nikolayelenkov@google.com> | Sun Jun 30 06:23:00 2024 +0000 |
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | Wed Jul 10 22:16:51 2024 +0000 |
| tree | 196f54da1483646e9a2a30db60bb1fd627756881 | |
| parent | 32ba2ef377de9df91f37575ee9dab8c88cd0f9a4 [diff] |
RESTRICT AUTOMERGE Delete keystore keys from RecoveryService.rebootRecoveryWithCommand() Adds deleteSecrets() to RecoverySystemService. This method is called from rebootRecoveryWithCommand () before the --wipe_data command is passed to recovery and the device is force-rebooted. deleteSecerts() calls IKeystoreMaintenance.deleteAllKeys() in order to quickly destroy the keys protecting the synthetic password blobs used to derive FBE encryption keys. The intent is to make FBE-encrypted data unrecoverable even if the full data wipe in recovery is interrupted or skipped. Bug: 324321147 Test: Manual - System -> Reset options -> Erase all data. Test: Hold VolDown key to interrupt reboot and stop at bootloader screen. Test: fastboot oem bcd wipe command && fastboot oem bcd wipe recovery Test: fastboot reboot Test: Device reboots into recovery and prompts to factory reset: Test: 'Cannot load Android system. Your data may be corrupt. ...' (cherry picked from https://android-review.googlesource.com/q/commit:0d00031851e9f5d8ef93947205a7e8b5257f0d8d) Ignore-AOSP-First: Security fix backport (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dfbaa7295390de97ae2e8b154cc9be5512108ac4) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d020a38e4148a642e2f06363e27cce60097efa5d) Merged-In: I5eb8e97f3ae1a18d5e7e7c2c7eca048ebff3440a Change-Id: I5eb8e97f3ae1a18d5e7e7c2c7eca048ebff3440a