On newer devices, use dm-default-key to encrypt SD cards The dm-crypt solution requires a kernel patch that won't be present in the GKI kernel, while the new metadata encryption system in the GKI kernel solves this problem in a much cleaner way. Test: create private volume on Cuttlefish, setting property both ways. Bug: 147814592 Change-Id: Ie02bd647c38d8101af2bbc47637f65845d312cea

commit: 886e572009bd09c3f2cc59d7b0e1683d76ef303c [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Fri Feb 07 12:51:56 2020 -0800
committer: Paul Crowley <paulcrowley@google.com> Tue Feb 18 13:01:00 2020 -0800
tree: 41df071739359e1fa20c173b52dbc125682a1aa9
parent: 312b7df62158254a89df6cbf7d1ee3b146477511 [diff] [blame]
diff --git a/MetadataCrypt.h b/MetadataCrypt.h
index a1ce7d8..dc68e7c 100644
--- a/MetadataCrypt.h
+++ b/MetadataCrypt.h

@@ -19,12 +19,21 @@
 
 #include <string>
 
+#include "KeyBuffer.h"
+#include "KeyUtil.h"
+
 namespace android {
 namespace vold {
 
 bool fscrypt_mount_metadata_encrypted(const std::string& block_device,
                                       const std::string& mount_point, bool needs_encrypt);
 
+bool defaultkey_volume_keygen(KeyGeneration* gen);
+
+bool defaultkey_setup_ext_volume(const std::string& label, const std::string& blk_device,
+                                 const android::vold::KeyBuffer& key,
+                                 std::string* out_crypto_blkdev);
+
 }  // namespace vold
 }  // namespace android
 #endif
commit	886e572009bd09c3f2cc59d7b0e1683d76ef303c	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Fri Feb 07 12:51:56 2020 -0800
committer	Paul Crowley <paulcrowley@google.com>	Tue Feb 18 13:01:00 2020 -0800
tree	41df071739359e1fa20c173b52dbc125682a1aa9
parent	312b7df62158254a89df6cbf7d1ee3b146477511 [diff] [blame]