Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_vold / 3dfb094cb26cf37e14b3bbf81e31248b913b3e41
commit3dfb094cb26cf37e14b3bbf81e31248b913b3e41[log] [tgz]
authorBarani Muthukumaran <quic_bmuthuku@quicinc.com>Mon Feb 03 13:06:45 2020 -0800
committerPaul Crowley <paulcrowley@google.com>Wed Feb 12 14:26:26 2020 -0800
tree60c22742e4653106e93c886e2aa003c3ae0cb0c2
parent68b9fb10ae1bf1491c8dc6d854be900e62ebc090 [diff]
vold: Support Storage keys for FBE

To prevent keys from being compromised if an attacker
acquires read access to kernel memory, some inline
encryption hardware supports protecting the keys in
hardware without software having access to or the
ability to set the plaintext keys.  Instead, software
only sees "wrapped keys", which may differ on every boot.

'wrappedkey_v0' fileencryption flag is used to denote
that the device supports inline encryption hardware that
supports this feature. On such devices keymaster is used
to generate keys with STORAGE_KEY tag and export a
per-boot ephemerally wrapped storage key to install it in
the kernel.

The wrapped key framework in the linux kernel ensures the
wrapped key is provided to the inline encryption hardware
where it is unwrapped and the file contents key is derived
to encrypt contents without revealing the plaintext key in
the clear.

Test: FBE validation with Fscrypt v2 + inline crypt + wrapped
key changes kernel.

Bug: 147733587

Change-Id: I1f0de61b56534ec1df9baef075acb74bacd00758
9 files changed
tree: 60c22742e4653106e93c886e2aa003c3ae0cb0c2
  1. bench/
  2. binder/
  3. fs/
  4. model/
  5. tests/
  6. .clang-format ⇨ ../../build/soong/scripts/system-clang-format
  7. Android.bp
  8. AppFuseUtil.cpp
  9. AppFuseUtil.h
  10. Benchmark.cpp
  11. Benchmark.h
  12. BenchmarkGen.h
  13. CheckEncryption.cpp
  14. CheckEncryption.h
  15. Checkpoint.cpp
  16. Checkpoint.h
  17. CleanSpec.mk
  18. cryptfs.cpp
  19. cryptfs.h
  20. Devmapper.cpp
  21. Devmapper.h
  22. EncryptInplace.cpp
  23. EncryptInplace.h
  24. FileDeviceUtils.cpp
  25. FileDeviceUtils.h
  26. FsCrypt.cpp
  27. FsCrypt.h
  28. fscrypt_uapi.h
  29. IdleMaint.cpp
  30. IdleMaint.h
  31. KeyBuffer.cpp
  32. KeyBuffer.h
  33. Keymaster.cpp
  34. Keymaster.h
  35. KeyStorage.cpp
  36. KeyStorage.h
  37. KeyUtil.cpp
  38. KeyUtil.h
  39. Loop.cpp
  40. Loop.h
  41. main.cpp
  42. MetadataCrypt.cpp
  43. MetadataCrypt.h
  44. MoveStorage.cpp
  45. MoveStorage.h
  46. NetlinkHandler.cpp
  47. NetlinkHandler.h
  48. NetlinkManager.cpp
  49. NetlinkManager.h
  50. OWNERS
  51. PREUPLOAD.cfg
  52. Process.cpp
  53. Process.h
  54. ScryptParameters.cpp
  55. ScryptParameters.h
  56. secdiscard.cpp
  57. sehandle.h
  58. Utils.cpp
  59. Utils.h
  60. vdc.cpp
  61. vdc.rc
  62. vold.rc
  63. vold_prepare_subdirs.cpp
  64. VoldNativeService.cpp
  65. VoldNativeService.h
  66. VoldUtil.cpp
  67. VoldUtil.h
  68. VolumeManager.cpp
  69. VolumeManager.h
  70. wait_for_keymaster.cpp
  71. wait_for_keymaster.rc