From 95188ca30c6c77b0b9db73e70f4cea83bb862924 Mon Sep 17 00:00:00 2001 From: John Stultz Date: Wed, 21 Jul 2021 23:21:22 +0000 Subject: db845c: Enable metadata encryption This fully enables metadata encryption on db845c by following the instructions here: https://source.android.com/security/encryption/metadata?hl=en Mostly just adding --early/--late mountall arguments in the init.rc and the "latemount" and "keydirectory=/metadata/vold/metadata_encryption" options to the userdata fstab line. Note: You will likely need to flash new userdata (and possibly reflash metadata as well) after applying this. Use the flashall script if you are having any trouble. Reported-by: Lucas Henneman Test: atest vts_kernel_encryption_test Signed-off-by: John Stultz Change-Id: I3f4237267238dbf43a9c540f815ce2f00f8ae793 --- fstab.common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fstab.common') diff --git a/fstab.common b/fstab.common index 4ee2af2..f1bd034 100644 --- a/fstab.common +++ b/fstab.common @@ -1,5 +1,5 @@ system /system ext4 noatime,ro,errors=panic wait,logical,first_stage_mount,slotselect -/dev/block/platform/soc@0/1d84000.ufshc/by-name/userdata /data ext4 discard,noatime,noauto_da_alloc,data=ordered,user_xattr,barrier=1,inlinecrypt wait,formattable,fileencryption=aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized,quota +/dev/block/platform/soc@0/1d84000.ufshc/by-name/userdata /data ext4 discard,noatime,noauto_da_alloc,data=ordered,user_xattr,barrier=1,inlinecrypt latemount,wait,formattable,fileencryption=aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized,keydirectory=/metadata/vold/metadata_encryption,quota /dev/block/platform/soc@0/1d84000.ufshc/by-name/metadata /metadata ext4 noatime,nosuid,nodev,discard wait,formattable,first_stage_mount,check /dev/block/platform/soc@0/1d84000.ufshc/by-name/misc /misc emmc defaults defaults /devices/platform/soc@0/8804000.sdhci/mmc_host/mmc* auto auto defaults voldmanaged=sdcard1:auto -- cgit v1.2.3