Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_vold / 1e6a5f51065173224700d551693867bd33c7e5b9
commit1e6a5f51065173224700d551693867bd33c7e5b9[log] [tgz]
authorPaul Crowley <paulcrowley@google.com>Fri Aug 06 15:16:10 2021 -0700
committerPaul Crowley <paulcrowley@google.com>Wed Aug 11 10:29:59 2021 -0700
tree362e38f825c38ecbaba31000ea0060f6a854b308
parent85705f6c86e3598a1b1f3e09f6b0a2d8f4247751 [diff]
Detect factory reset and deleteAllKeys

Where metadata encryption is enabled, if there is no metadata encryption
key present and we are generating one anew, then there has been a
factory reset, and this is the first key to be generated. We then call
deleteAllKeys to ensure data from before the factory reset is securely
deleted.

This shouldn't really be necessary; the factory reset call itself
should be doing this. However there are currently three factory reset
paths (settings, recovery, fastboot -w) and it is not clear that all
three are doing this correctly on all devices. Obviously an attacker
can prevent this code from being run by running a version of the OS
that does not include this change; however, if the bootloader is
locked, then keys will be version bound such that they will only work
on locked devices with a sufficiently recent version of the OS. If
every sufficiently recent signed version of the OS includes this change
the attack is defeated.

Bug: 187105270
Test: booted Cuttlefish twice, checked logs
Change-Id: I9c5c547140e8b1bbffb9c1d215f75251f0f1354e
3 files changed
tree: 362e38f825c38ecbaba31000ea0060f6a854b308
  1. bench/
  2. binder/
  3. fs/
  4. model/
  5. tests/
  6. .clang-format ⇨ ../../build/soong/scripts/system-clang-format
  7. Android.bp
  8. AppFuseUtil.cpp
  9. AppFuseUtil.h
  10. Benchmark.cpp
  11. Benchmark.h
  12. BenchmarkGen.h
  13. Checkpoint.cpp
  14. Checkpoint.h
  15. CleanSpec.mk
  16. cryptfs.cpp
  17. cryptfs.h
  18. CryptoType.cpp
  19. CryptoType.h
  20. Devmapper.cpp
  21. Devmapper.h
  22. EncryptInplace.cpp
  23. EncryptInplace.h
  24. FileDeviceUtils.cpp
  25. FileDeviceUtils.h
  26. FsCrypt.cpp
  27. FsCrypt.h
  28. IdleMaint.cpp
  29. IdleMaint.h
  30. KeyBuffer.cpp
  31. KeyBuffer.h
  32. KeyStorage.cpp
  33. KeyStorage.h
  34. Keystore.cpp
  35. Keystore.h
  36. KeyUtil.cpp
  37. KeyUtil.h
  38. Loop.cpp
  39. Loop.h
  40. main.cpp
  41. MetadataCrypt.cpp
  42. MetadataCrypt.h
  43. MoveStorage.cpp
  44. MoveStorage.h
  45. NetlinkHandler.cpp
  46. NetlinkHandler.h
  47. NetlinkManager.cpp
  48. NetlinkManager.h
  49. OWNERS
  50. PREUPLOAD.cfg
  51. Process.cpp
  52. Process.h
  53. ScryptParameters.cpp
  54. ScryptParameters.h
  55. secdiscard.cpp
  56. sehandle.h
  57. TEST_MAPPING
  58. Utils.cpp
  59. Utils.h
  60. vdc.cpp
  61. vdc.rc
  62. vold.rc
  63. vold_prepare_subdirs.cpp
  64. VoldNativeService.cpp
  65. VoldNativeService.h
  66. VoldNativeServiceValidation.cpp
  67. VoldNativeServiceValidation.h
  68. VoldUtil.cpp
  69. VoldUtil.h
  70. VolumeManager.cpp
  71. VolumeManager.h