On newer devices, use dm-default-key to encrypt SD cards The dm-crypt solution requires a kernel patch that won't be present in the GKI kernel, while the new metadata encryption system in the GKI kernel solves this problem in a much cleaner way. Test: create private volume on Cuttlefish, setting property both ways. Bug: 147814592 Change-Id: Ie02bd647c38d8101af2bbc47637f65845d312cea

commit: 886e572009bd09c3f2cc59d7b0e1683d76ef303c [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Fri Feb 07 12:51:56 2020 -0800
committer: Paul Crowley <paulcrowley@google.com> Tue Feb 18 13:01:00 2020 -0800
tree: 41df071739359e1fa20c173b52dbc125682a1aa9
parent: 312b7df62158254a89df6cbf7d1ee3b146477511 [diff] [blame]
diff --git a/model/PrivateVolume.cpp b/model/PrivateVolume.cpp
index 4a0b250..fd3daea 100644
--- a/model/PrivateVolume.cpp
+++ b/model/PrivateVolume.cpp

@@ -17,8 +17,8 @@
 #include "PrivateVolume.h"
 #include "EmulatedVolume.h"
 #include "Utils.h"
+#include "VolumeEncryption.h"
 #include "VolumeManager.h"
-#include "cryptfs.h"
 #include "fs/Ext4.h"
 #include "fs/F2fs.h"
 
@@ -75,9 +75,8 @@
 
     // TODO: figure out better SELinux labels for private volumes
 
-    int res = cryptfs_setup_ext_volume(getId().c_str(), mRawDevPath.c_str(), mKeyRaw, &mDmDevPath);
-    if (res != 0) {
-        PLOG(ERROR) << getId() << " failed to setup cryptfs";
+    if (!setup_ext_volume(getId(), mRawDevPath, mKeyRaw, &mDmDevPath)) {
+        LOG(ERROR) << getId() << " failed to setup metadata encryption";
         return -EIO;
     }
commit	886e572009bd09c3f2cc59d7b0e1683d76ef303c	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Fri Feb 07 12:51:56 2020 -0800
committer	Paul Crowley <paulcrowley@google.com>	Tue Feb 18 13:01:00 2020 -0800
tree	41df071739359e1fa20c173b52dbc125682a1aa9
parent	312b7df62158254a89df6cbf7d1ee3b146477511 [diff] [blame]