db845c: Enable metadata encryption

This fully enables metadata encryption on db845c by following
the instructions here:
  https://source.android.com/security/encryption/metadata?hl=en

Mostly just adding --early/--late mountall arguments in the
init.rc and the "latemount" and
"keydirectory=/metadata/vold/metadata_encryption" options to the
userdata fstab line.

Note: You will likely need to flash new userdata (and possibly
reflash metadata as well) after applying this. Use the flashall
script if you are having any trouble.

Reported-by: Lucas Henneman <henneman@google.com>
Test: atest vts_kernel_encryption_test
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I3f4237267238dbf43a9c540f815ce2f00f8ae793

1 files changed, 1 insertions, 1 deletions

diff --git a/fstab.common b/fstab.common
index 4ee2af2..f1bd034 100644
--- a/fstab.common
+++ b/fstab.common
@@ -1,5 +1,5 @@
 system		/system		ext4	noatime,ro,errors=panic		wait,logical,first_stage_mount,slotselect
-/dev/block/platform/soc@0/1d84000.ufshc/by-name/userdata /data		ext4	discard,noatime,noauto_da_alloc,data=ordered,user_xattr,barrier=1,inlinecrypt	wait,formattable,fileencryption=aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized,quota
+/dev/block/platform/soc@0/1d84000.ufshc/by-name/userdata /data		ext4	discard,noatime,noauto_da_alloc,data=ordered,user_xattr,barrier=1,inlinecrypt	latemount,wait,formattable,fileencryption=aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized,keydirectory=/metadata/vold/metadata_encryption,quota
 /dev/block/platform/soc@0/1d84000.ufshc/by-name/metadata	/metadata	ext4	noatime,nosuid,nodev,discard					wait,formattable,first_stage_mount,check
 /dev/block/platform/soc@0/1d84000.ufshc/by-name/misc /misc emmc defaults defaults
 /devices/platform/soc@0/8804000.sdhci/mmc_host/mmc*	auto	auto	defaults	voldmanaged=sdcard1:auto