libfs_avb: verifying vbmeta digest early
We should check FLAGS_VERIFICATION_DISABLED is set or not
after verifying the vbmeta digest against `androidboot.vbmeta.digest`
from bootloader. This is to ensure the /vbmeta content is not
changed since the bootloader has verified it.
We still allow vbmeta digest verification error if the device is
unlocked. Note that this change will introduce a limitation that
the device will not boot if:
1. The image is signed with FLAGS_VERIFICATION_DISABLED is set
2. The device state is locked
However, it should not be a concern as we shouldn't boot a locked
device without verification.
Bug: 179452884
Test: build image with BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2,
boot the device, then `adb shell touch /metadata/gsi/dsu/avb_enforce`.
Reboot the device, checks the device does not boot because
`androidboot.vbmeta.digest` is empty but AVB is enforced.
Change-Id: Id15a25403d16b36d528dc3b8998910807e801ad2
1 file changed