diff options
author | David Zeuthen <zeuthen@google.com> | 2017-08-08 21:05:04 +0200 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-08-08 21:05:04 +0200 |
commit | bb8d04cd3c464e58dc6648bba87d9fe25ed1318e (patch) | |
tree | 204fa920ac01428afbef23e2da70ce514145e43c /update_verifier | |
parent | Merge "ui: Check for bootreason=recovery_ui." (diff) | |
parent | Merge "update_verifier: Support androidboot.veritymode being empty or 'disabled'." (diff) | |
download | android_bootable_recovery-bb8d04cd3c464e58dc6648bba87d9fe25ed1318e.tar android_bootable_recovery-bb8d04cd3c464e58dc6648bba87d9fe25ed1318e.tar.gz android_bootable_recovery-bb8d04cd3c464e58dc6648bba87d9fe25ed1318e.tar.bz2 android_bootable_recovery-bb8d04cd3c464e58dc6648bba87d9fe25ed1318e.tar.lz android_bootable_recovery-bb8d04cd3c464e58dc6648bba87d9fe25ed1318e.tar.xz android_bootable_recovery-bb8d04cd3c464e58dc6648bba87d9fe25ed1318e.tar.zst android_bootable_recovery-bb8d04cd3c464e58dc6648bba87d9fe25ed1318e.zip |
Diffstat (limited to 'update_verifier')
-rw-r--r-- | update_verifier/update_verifier.cpp | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/update_verifier/update_verifier.cpp b/update_verifier/update_verifier.cpp index b49011a12..4c3cc46cf 100644 --- a/update_verifier/update_verifier.cpp +++ b/update_verifier/update_verifier.cpp @@ -252,23 +252,36 @@ int update_verifier(int argc, char** argv) { // The current slot has not booted successfully. #if defined(PRODUCT_SUPPORTS_VERITY) || defined(BOARD_AVB_ENABLE) + bool skip_verification = false; std::string verity_mode = android::base::GetProperty("ro.boot.veritymode", ""); if (verity_mode.empty()) { + // With AVB it's possible to disable verification entirely and + // in this case ro.boot.veritymode is empty. +#if defined(BOARD_AVB_ENABLE) + LOG(WARNING) << "verification has been disabled; marking without verification."; + skip_verification = true; +#else LOG(ERROR) << "Failed to get dm-verity mode."; return reboot_device(); +#endif } else if (android::base::EqualsIgnoreCase(verity_mode, "eio")) { // We shouldn't see verity in EIO mode if the current slot hasn't booted successfully before. // Continue the verification until we fail to read some blocks. LOG(WARNING) << "Found dm-verity in EIO mode."; + } else if (android::base::EqualsIgnoreCase(verity_mode, "disabled")) { + LOG(WARNING) << "dm-verity in disabled mode; marking without verification."; + skip_verification = true; } else if (verity_mode != "enforcing") { LOG(ERROR) << "Unexpected dm-verity mode : " << verity_mode << ", expecting enforcing."; return reboot_device(); } - static constexpr auto CARE_MAP_FILE = "/data/ota_package/care_map.txt"; - if (!verify_image(CARE_MAP_FILE)) { - LOG(ERROR) << "Failed to verify all blocks in care map file."; - return reboot_device(); + if (!skip_verification) { + static constexpr auto CARE_MAP_FILE = "/data/ota_package/care_map.txt"; + if (!verify_image(CARE_MAP_FILE)) { + LOG(ERROR) << "Failed to verify all blocks in care map file."; + return reboot_device(); + } } #else LOG(WARNING) << "dm-verity not enabled; marking without verification."; |