summaryrefslogtreecommitdiffstats
path: root/update_verifier (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-10-13Update caremap to by py3 compatibleKelvin Zhang1-2/+2
Py3 doesn't mix bytes/str, so be explicit about which one Test: th Change-Id: Ia091b8378da93f19c3eb7c944199163aa9c63de7
2021-06-03Add caremap proto target for release toolsKelvin Zhang1-0/+19
Test: th Change-Id: I389a210e723ee179caf5f02f2bcb257c524fb076
2021-02-25Switch care_map_generator.py to Python 3.Krzysztof KosiƄski2-7/+7
This is the last remaining use of the python-symbol library from Python 2. Test: Ran 2to3 on the script, no changes reported. Change-Id: I9c8bf4840eaf1832cabc4b6af831f5c2de554d4f
2021-02-14[LSC] Add LOCAL_LICENSE_KINDS to bootable/recoveryBob Badour1-0/+9
Added SPDX-license-identifier-Apache-2.0 to: applypatch/Android.bp bootloader_message/Android.bp edify/Android.bp fuse_sideload/Android.bp install/Android.bp minadbd/Android.bp minui/Android.bp otautil/Android.bp recovery_ui/Android.bp recovery_utils/Android.bp tests/Android.bp tools/image_generator/Android.bp tools/recovery_l10n/Android.bp uncrypt/Android.bp update_verifier/Android.bp updater/Android.bp updater/Android.mk updater_sample/Android.bp updater_sample/tests/Android.bp Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-MIT SPDX-license-identifier-OFL to: Android.bp Android.mk Bug: 68860345 Bug: 151177513 Bug: 151953481 Test: m all Exempt-From-Owner-Approval: janitorial work Change-Id: I3da761b525452838977297f773974000d4de7bd6
2019-11-15Clear the warm_reset flag after boot is successfulTianjie Xu1-0/+4
The property is set to inform kernel to do a warm_reset on the next reboot. This is useful to persist the logs to debug device boot failures. After the slot has been marked as boot successful, we can drop the warm_reset flag to avoid the performance overhead on the next reboot. Bug: 143489994 Test: check the property is set to 0 by update_verifier Change-Id: I722fb1906e6efa56dfc4ad7beccd5e2ba7e0ef7c
2019-04-02Append -verity when looking for verity device-mapper names.David Anderson1-0/+9
Bug: 123666267 Test: recovery_component_test passes Change-Id: I9b608b3fbfa14cc45ad0b4de6cb5cecdef983acb
2019-03-13update_verifier: Add some missing #include's.Tao Bao1-1/+4
<stdint.h> for uint8_t; <stdlib.h> for free(3); <thread> for std::thread. Test: mmma -j bootable/recovery Test: Run unit tests on crosshatch. Change-Id: Id99b29b3d514f4e453983599c8b1aa6b0fab4ef8
2019-03-13Update_verifier: Remove the support for legacy text format CareMapxunchang2-47/+3
We have already switched to the protobuf format for new builds, and the downgrade packages will require a data wipe. So it should be safe to drop the support for text format. This also helps to save the issue when users sideload a package with a pending OTA, because the new CareMap contains the fingerprint of the intended build. Bug: 128536706 Test: unit tests pass, run update_verifier with legacy CareMap Change-Id: I1c4d0e54ec591f16cc0a65dac76767725ff9e7c4 (cherry picked from commit aaa6103ae72985d061432745e668df9ca29d6ac2)
2019-03-13Update_verifier: Remove the support for legacy text format CareMapxunchang2-47/+3
We have already switched to the protobuf format for new builds, and the downgrade packages will require a data wipe. So it should be safe to drop the support for text format. This also helps to save the issue when users sideload a package with a pending OTA, because the new CareMap contains the fingerprint of the intended build. Bug: 128536706 Test: unit tests pass, run update_verifier with legacy CareMap Change-Id: I1c4d0e54ec591f16cc0a65dac76767725ff9e7c4
2019-02-07Defer marking boot successful when checkpointingDaniel Rosenberg2-6/+31
This moves actually marking the slot as successful to a later point so that on devices with checkpointing enabled we can still roll back to the previous version if we fail to boot to the point that the checkpoint is marked as successful. Test: When taking an update on a checkpoint enabled device, it defers marking the slot as successful instead of directly marking it. Visible in logs. Bug: 123260515 Change-Id: I7ed3595c1b0904ddbfe20d1cad4f69ecbf1ea351
2018-10-05Compare the fingerprint before reading the partitionTianjie Xu2-14/+53
The update_verifier now compares the fingerprint of a partition before performing the blocks read. If the fingerprint of the current system property mismatches the one embedded in the care_map, verification of this partition will be skipped. This is useful for the possible system only updates in the future. Bug: 114778109 Test: unit tests pass Change-Id: Iea309148a05109b5810dfb533d94260d77ab8540
2018-09-27Enable fingerprint in care_mapTianjie Xu1-10/+29
Enable the encoding and parsing of the property_id & partition fingerprint by default; and add a flag "--no_fingerprint" to disable the fingerprint generation/parsing to convert the legacy care_map.txt Bug: 114778109 Test: run unittests in add_img_to_target_files Change-Id: Id4216d5954e78c3a2d8e8bf19342109daf66a528
2018-09-21Refactor update_verifier into a classTianjie Xu4-72/+135
The refactor separates out the parsing of care_map and the actual verification of the partitions. Moreover, it skips the verification in case of a format error in the care map. Also, the parsing of care_map now uses the suffix of the file to tell if it has the protobuf format or the plain text format. Bug: 115740187 Test: unit test pass Change-Id: I7aa32004db02af1deb7bfdc6f5bd7921eb7883e5
2018-08-17Add a python binary to generate the protobuf for care_mapTianjie Xu2-1/+140
This binary parses the legacy care_map text in the input file and writes the generated protobuf message into the output file. For test purpose, it also has a "--parse_proto" option to reverse the process and convert a protobuf message file into plain text. The build script will then call the binary to generate the care_map.txt in the new format. Bug: 77867897 Test: Run the binary to convert a care_map.txt, run update_verifier Change-Id: I3ca65e19027404806132aa8d51e9bff766630c99
2018-07-25Add proto3 support for care_mapTianjie Xu4-25/+95
Switching to the protobuf format helps to make the care_map more extensible. As we have such plans in the future, add the support to parse the protobuf message in the update_verifier. Bug: 77867897 Test: unit tests pass, update_verifier successfully verifies a care_map.pb Change-Id: I9fe83cb4dd3cc8d6fd0260f2a47338fe142d3938
2018-04-20update_verifier: Move to Soong.Tao Bao2-69/+83
Test: mmma -j bootable/recovery Change-Id: I3a3574c89318304231c01f7633d32ece31df098c
2018-04-20Make update_verifier generic across verified boot versions.Tao Bao2-35/+18
This allows the update_verifier in a general system image to work across devices that have different verified boot versions (i.e. not supported / verified boot 1.0 / verified boot 2.0 / disabled). Bug: 78283982 Test: Run recovery_component_test on both of marlin and walleye. Test: Generate an OTA that has this CL. Install this OTA and check the update_verifier log during the post-reboot verification, on both of marlin (VB 1.0) and walleye (VB 2.0). Test: Build and flash walleye image with verified boot disabled. Check that update_verifier marks the slot as successfully booted. Change-Id: I828d87d59f911786531f774ffcf9b2ad7c2ca007
2018-03-23update_verifier: Support verifying product partition.Tao Bao1-12/+10
We have added the support for building /product partition in build system (the CL in [1]), where /product is an optional partition that contains system files. This CL adds the matching support if /product needs to be verified during A/B OTA (i.e. listed in care_map file). [1]: commit b7735d81054002961b681f4bdf296d4de2701135, https://android-review.googlesource.com/c/platform/build/+/598454 Bug: 63974895 Test: Run update_verifier test on walleye. Change-Id: Ia1c35e9583b8e66c98a4495b1f81a5ea7e65036f (cherry picked from commit ec2e8c6c1ef3cbafa129ade95abca3203e062b5f)
2018-03-23update_verifier: Support verifying product partition.Tao Bao1-12/+10
We have added the support for building /product partition in build system (the CL in [1]), where /product is an optional partition that contains system files. This CL adds the matching support if /product needs to be verified during A/B OTA (i.e. listed in care_map file). [1]: commit b7735d81054002961b681f4bdf296d4de2701135, https://android-review.googlesource.com/c/platform/build/+/598454 Bug: 63974895 Test: Run update_verifier test on walleye. Change-Id: Ia1c35e9583b8e66c98a4495b1f81a5ea7e65036f
2017-12-14Let update_verifier work on non-AB update devicesIsaac Chen1-0/+9
Make update_verifier check if it runs on A/B update devices at the beginning, and quit immediately if it doesn't, instead of re-boot. Bug: 70541023 Test: On aosp/master: $ lunch aosp_x86_64-userdebug; m -j # boot to home screen # On goog/master: $ lunch aosp_walleye-userdebug; m -j # boot to home screen Change-Id: Ib71a3a3b272cfa5dd0b479eaa067eedaec8fde7d
2017-11-09Load-balancing update_verifier worker threads.Tao Bao2-27/+26
Prior to this CL, the block verification works were assigned based on the pattern of the ranges, which could lead to unbalanced workloads. This CL adds RangeSet::Split() and moves update_verifier over. a) For the following care_map.txt on walleye: system 20,0,347,348,540,556,32770,33084,98306,98620,163842,164156,229378,229692,294914,295228,524289,524291,524292,524348,529059 vendor 8,0,120,135,32770,32831,94564,98304,98306 Measured the time costs prior to and with this CL with the following script. $ cat test_update_verifier.sh #!/bin/sh adb shell stop adb shell "cp /data/local/tmp/care_map.txt /data/ota_package/" for i in $(seq 1 50) do echo "Iteration: $i" adb shell "bootctl set-active-boot-slot 0" adb shell "echo 3 > /proc/sys/vm/drop_caches" adb shell "time /data/local/tmp/update_verifier" sleep 3 done Without this CL, the average time cost is 5.66s, while with the CL it's reduced to 3.2s. b) For the following care_map.txt, measured the performance on marlin: system 18,0,271,286,457,8350,32770,33022,98306,98558,163842,164094,196609,204800,229378,229630,294914,295166,501547 vendor 10,0,42,44,85,2408,32770,32806,32807,36902,74242 It takes 12.9s and 5.6s without and with the CL respectively. Fixes: 68553827 Test: recovery_unit_test Test: Flash new build and trigger update_verifier. Check the balanced block verification. Change-Id: I5fa4bf09a84e6b9b0975ee5f522724464181333f
2017-10-30update_verifier: Fix the wrong computation with group_range_count.Tao Bao1-3/+5
'group_range_count' doesn't properly consider the pair-wise range structure. It may split the ranges into wrong pairs if it evaluates to an odd number. For example, for an input range string of "6,0,2,10,12,20,22" with 4 threads, group_range_count becomes 1. It would then try to verify (0,2), (2,10), (10,12) and (12,20). Note that (2,10) and (12,20) are not valid ranges to be verified, and with (20,22) uncovered. Bug: 68343761 Test: Trigger update_verifier verification. Check the number of verified blocks against the one in care_map.txt. Change-Id: I7c5769325d9866be06c45e7dbcc0c8ea266de714 (cherry picked from commit 62caeb5f48c9d7b1a8ed97c4a021195b8499b804)
2017-10-29update_verifier: Fix the wrong computation with group_range_count.Tao Bao1-3/+5
'group_range_count' doesn't properly consider the pair-wise range structure. It may split the ranges into wrong pairs if it evaluates to an odd number. For example, for an input range string of "6,0,2,10,12,20,22" with 4 threads, group_range_count becomes 1. It would then try to verify (0,2), (2,10), (10,12) and (12,20). Note that (2,10) and (12,20) are not valid ranges to be verified, and with (20,22) uncovered. Bug: 68343761 Test: Trigger update_verifier verification. Check the number of verified blocks against the one in care_map.txt. Change-Id: I7c5769325d9866be06c45e7dbcc0c8ea266de714
2017-08-15update_verifier now logs to kmesgTianjie Xu1-0/+6
Set up update_verifier logging to be written to kmsg; because we may not have Logd during boot time. Bug: 64713327 Test: logs show up in `adb shell dmesg` Change-Id: If02f460bda121cd3e9062bc0e08107c6da66492c
2017-08-10update_verifier: verify blocks in parallelWei Wang1-31/+51
This CL is to change update_verifier to verify blocks in parallel to maximize storage bandwidth, it also preallocate the buffer to avoid vector allocation within reading loop. Test: care_map.txt: system 16,0,517,556,32770,33084,98306,98620,163842,164156,229378,229692,294914,295228,483544,524288,524296 vendor 8,0,119,135,32770,32831,96150,98304,98306 With CL: init: Service 'update_verifier_nonencrypted' (pid 711) exited with status 0 waiting took 2.978424 seconds Without CL: init: Service 'update_verifier_nonencrypted' (pid 695) exited with status 0 waiting took 4.466320 seconds Bug: 63686531 Test: reboot with manual insert care_map.txt Change-Id: Idf791865f15f6ff6cad89bf7ff230ee46c6adccc (cherry picked from commit bd9664b5a01c8941949212973ca12be4df1b5d54)
2017-08-09update_verifier: verify blocks in parallelWei Wang1-31/+51
This CL is to change update_verifier to verify blocks in parallel to maximize storage bandwidth, it also preallocate the buffer to avoid vector allocation within reading loop. Test: care_map.txt: system 16,0,517,556,32770,33084,98306,98620,163842,164156,229378,229692,294914,295228,483544,524288,524296 vendor 8,0,119,135,32770,32831,96150,98304,98306 With CL: init: Service 'update_verifier_nonencrypted' (pid 711) exited with status 0 waiting took 2.978424 seconds Without CL: init: Service 'update_verifier_nonencrypted' (pid 695) exited with status 0 waiting took 4.466320 seconds Bug: 63686531 Test: reboot with manual insert care_map.txt Change-Id: Idf791865f15f6ff6cad89bf7ff230ee46c6adccc
2017-08-09update_verifier: Support androidboot.veritymode being empty or 'disabled'.David Zeuthen1-4/+17
Bootloaders using libavb will set androidboot.veritymode=disabled if the "disable dm-verity" flag has been set. Additionally if the "disable verification" flag is set androidboot.veritymode will not be set at all. Handle both cases. Without this fix we'll end up in a bootloop. Test: Manually tested on a device using AVB. (cherry-picked from commit 1a0929cc8aac532dba00b3c98cea22715719a421) Bug: 64404283 Change-Id: I3adf93f8dfd528fe9b869a63afa775f5730a3f69
2017-08-08update_verifier: Support androidboot.veritymode being empty or 'disabled'.David Zeuthen1-4/+17
Bootloaders using libavb will set androidboot.veritymode=disabled if the "disable dm-verity" flag has been set. Additionally if the "disable verification" flag is set androidboot.veritymode will not be set at all. Handle both cases. Without this fix we'll end up in a bootloop. Test: Manually tested on a device using AVB. Bug: 64315394 Change-Id: I8310849e347248f4a96158838310f688ecef4211
2017-07-24update_verifier: Handle legacy care_map.txt gracefully.Tao Bao1-29/+42
update_verifier should be backward compatible to not reject legacy care_map.txt from old releases, which could otherwise fail to boot into the new release. For example, we've changed the care_map format between N and O. An O update_verifier would fail to work with an N care_map.txt - a) we have switched update_verifier to read from device mapper in O; b) the last few blocks that contain metadata can't be read via device mapper. This could be a result of sideloading an O OTA while the device having a pending N update. Bug: 63544345 Test: As follows on sailfish: 1. Flash the device with this CL; 2. Put a copy of N care_map.txt at /data/ota_package/. Restore the permissions properly ('cache' group); 3. `adb reboot bootloader`; 4. `fastboot set_active <current_slot>` 5. Device boots up into home screen, with a warning in logcat that says it has skipped legacy care_map.txt. Change-Id: I6acc88c9e655a9245e6531f176fef7953953935f (cherry picked from commit 5a1dee01df3af346729b5791606b72d59b8e9815)
2017-07-22update_verifier: Handle legacy care_map.txt gracefully.Tao Bao1-29/+42
update_verifier should be backward compatible to not reject legacy care_map.txt from old releases, which could otherwise fail to boot into the new release. For example, we've changed the care_map format between N and O. An O update_verifier would fail to work with an N care_map.txt - a) we have switched update_verifier to read from device mapper in O; b) the last few blocks that contain metadata can't be read via device mapper. This could be a result of sideloading an O OTA while the device having a pending N update. Bug: 63544345 Test: As follows on sailfish: 1. Flash the device with this CL; 2. Put a copy of N care_map.txt at /data/ota_package/. Restore the permissions properly ('cache' group); 3. `adb reboot bootloader`; 4. `fastboot set_active <current_slot>` 5. Device boots up into home screen, with a warning in logcat that says it has skipped legacy care_map.txt. Change-Id: I6acc88c9e655a9245e6531f176fef7953953935f
2017-06-23update_verifier: Support AVB.David Zeuthen2-6/+19
When using AVB, PRODUCT_SUPPORTS_VERITY is not set so check for BOARD_ENABLE_AVB as well. Also AVB sets up the root filesystem as 'vroot' so map that to 'system' since this is what is expected. Managed to test at least that the code is at least compiled in: $ fastboot --set-active=_a Setting current slot to 'a'... OKAY [ 0.023s] finished. total time: 0.023s $ fastboot reboot rebooting... finished. total time: 0.050s $ adb wait-for-device $ adb logcat |grep update_verifier 03-04 05:28:56.773 630 630 I /system/bin/update_verifier: Started with arg 1: nonencrypted 03-04 05:28:56.776 630 630 I /system/bin/update_verifier: Booting slot 0: isSlotMarkedSuccessful=0 03-04 05:28:56.776 630 630 W /system/bin/update_verifier: Failed to open /data/ota_package/care_map.txt: No such file or directory 03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Marked slot 0 as booted successfully. 03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Leaving update_verifier. Bug: 62464819 Test: Manually tested on device using AVB bootloader. Merged-In: I13c0fe1cc5d0f397e36f5e62fcc05c8dfee5fd85 Change-Id: I2834b17688053411e7b904e31df9c83bf904cd56
2017-05-24update_verifier: Support AVB.David Zeuthen2-6/+19
When using AVB, PRODUCT_SUPPORTS_VERITY is not set so check for BOARD_ENABLE_AVB as well. Also AVB sets up the root filesystem as 'vroot' so map that to 'system' since this is what is expected. Managed to test at least that the code is at least compiled in: $ fastboot --set-active=_a Setting current slot to 'a'... OKAY [ 0.023s] finished. total time: 0.023s $ fastboot reboot rebooting... finished. total time: 0.050s $ adb wait-for-device $ adb logcat |grep update_verifier 03-04 05:28:56.773 630 630 I /system/bin/update_verifier: Started with arg 1: nonencrypted 03-04 05:28:56.776 630 630 I /system/bin/update_verifier: Booting slot 0: isSlotMarkedSuccessful=0 03-04 05:28:56.776 630 630 W /system/bin/update_verifier: Failed to open /data/ota_package/care_map.txt: No such file or directory 03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Marked slot 0 as booted successfully. 03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Leaving update_verifier. Bug: None Test: Manually tested on device using AVB bootloader. Change-Id: I13c0fe1cc5d0f397e36f5e62fcc05c8dfee5fd85
2017-04-27Fix potential OOM in update_verifierTianjie Xu1-6/+11
Limit the size of each read to 1024 * BLOCKSIZE. (Same as the I/O limit of each transfer command for block based OTA). Bug: 37729708 Test: U_V sets slot successfully on sailfish, and it takes about ~20s (no noticeable time increase) Change-Id: I7a6cdc744fe4c0760e09e0afed75b89c16d8eac3
2017-04-27Separate libupdate_verifier module and add testcases.Tao Bao4-16/+90
Enable -Wall and expose verify_image() for testing purpose. Test: mmma bootable/recovery Test: recovery_component_test Change-Id: I1ee1db2a775bafdc1112e25a1bc7194d8d6aee4f
2017-04-19Add 'system' to update_verifier's gidTianjie Xu1-2/+2
This addresses the denial to /dev/cpuset/tasks: update_verifier: type=1400 audit(0.0:377): avc: denied { dac_override } for capability=1 scontext=u:r:update_verifier:s0 tcontext=u:r:update_verifier:s0 tclass=capability permissive=1 update_verifier: type=1400 audit(0.0:378): avc: granted { write } for name="tasks" dev="cgroup" ino=5 scontext=u:r:update_verifier:s0 tcontext=u:object_r:cgroup:s0 tclass=file Bug: 37358323 Test: denial message gone after adding system group Change-Id: I66b4925295a13fbc1c6f26a1bb9bd2f9cebcec3d (cherry-picked from 0ad2de5eab12dbf63ad43bd0c3e5ef729984cf81)
2017-04-18Add 'system' to update_verifier's gidTianjie Xu1-2/+2
This addresses the denial to /dev/cpuset/tasks: update_verifier: type=1400 audit(0.0:377): avc: denied { dac_override } for capability=1 scontext=u:r:update_verifier:s0 tcontext=u:r:update_verifier:s0 tclass=capability permissive=1 update_verifier: type=1400 audit(0.0:378): avc: granted { write } for name="tasks" dev="cgroup" ino=5 scontext=u:r:update_verifier:s0 tcontext=u:object_r:cgroup:s0 tclass=file Bug: 37358323 Test: denial message gone after adding system group Change-Id: I66b4925295a13fbc1c6f26a1bb9bd2f9cebcec3d
2017-04-04update_verifier: correct group in rc fileTom Cherry2-3/+3
update_verifier should be in the cache group, not 'class'. Also use PLOG instead of LOG if care_map.txt cannot be opened. Bug: 36818743 Test: boot sailfish Test: fake OTA on sailfish and verify update_verifier reads care_package (cherry picked from commit 3a8002f8c0382894b65ea3cece784287a75c7881) Change-Id: I7e4cccd457ee84054164077c81d04ad7cb394c7a
2017-04-04update_verifier: tweak priority of update_verifier for quick bootWei Wang1-2/+2
Highest ioprio is 0 for CFQ and we should run update_verifier with that. Tested on device and showing boottime decreased. Bug: 36511808 Bug: 36102163 Test: Boot marlin Change-Id: Iddd925951d976e21014b61e5590bcdae3cea8470 (cherry picked from commit a015cd1d7a3af5d9c06622e00be47fee52ba4b02)
2017-04-04update_verifier: correct group in rc fileTom Cherry2-3/+3
update_verifier should be in the cache group, not 'class'. Also use PLOG instead of LOG if care_map.txt cannot be opened. Bug: 36818743 Test: boot sailfish Test: fake OTA on sailfish and verify update_verifier reads care_package Change-Id: I0ec844cac5ef5c63b18ebee90160854fd84ee829
2017-04-03update_verifier: tweak priority of update_verifier for quick bootWei Wang1-2/+2
Highest ioprio is 0 for CFQ and we should run update_verifier with that. Tested on device and showing boottime decreased. Bug: 36511808 Bug: 36102163 Test: Boot marlin Change-Id: Iddd925951d976e21014b61e5590bcdae3cea8470
2017-04-02Merge "Use regular check for partition name instead of CHECK()" am: 76cb4eeda6 am: cd66e52573Tianjie Xu1-3/+4
am: 705a4d72c8 Change-Id: Ie1f8e1c6ab9fddf1b355287f0c4e5fc0b2631441 (cherry picked from commit 2e797d9905df9ca3a6068a23f6ad6669b823657d)
2017-04-02Merge "Update_verifier should read blocks in EIO mode" am: 21d481c81e am: 89559e3cfeTianjie Xu1-26/+33
am: 81f5b04df2 Change-Id: I20f459c3403ec0e120769bd805b9508dbe11b989 (cherry picked from commit e3ea825181d073eb240cdedaf4aa412647b495fd)
2017-04-01Use regular check for partition name instead of CHECK()Tianjie Xu1-3/+4
Bug: 36260064 Test: Device reboots for invalid care_map. Change-Id: Id614f0d118fc2b9d9abf24918aa4b4324f4c94e1
2017-03-31Update_verifier should read blocks in EIO modeTianjie Xu1-26/+33
Update_verifier will reboot the device if it fails to read some blocks on the care_map when veritymode=eio. Also make some partition name changes to match the care_map.txt. Test: Update_verifier reboots the device after read failures in eio mode. Change-Id: Icf68e6151dee72f626a9ab72946100cf482a4e6c
2017-03-29update_verifier: raise priority and ioprio and start with exec_startTom Cherry2-0/+13
Raise the priority and ioprio of update_verifier and launch with exec_start. This saves ~100ms of time before `class_start main` is executed. Bug: 36511808 Bug: 36102163 Test: Boot bullhead Test: Verify boottime decrease on sailfish Change-Id: I944a6c0d4368ead5b99171f49142da2523ed1bdd (cherry picked from commit 545317f4fb99efd4d2c32187328e617ad6f69980)
2017-03-29update_verifier: raise priority and ioprio and start with exec_startTom Cherry2-0/+13
Raise the priority and ioprio of update_verifier and launch with exec_start. This saves ~100ms of time before `class_start main` is executed. Bug: 36511808 Bug: 36102163 Test: Boot bullhead Test: Verify boottime decrease on sailfish Change-Id: I944a6c0d4368ead5b99171f49142da2523ed1bdd
2017-03-11update_verifier: Set the success flag if dm-verity is not enabled.Tao Bao2-0/+9
For devices that are not using dm-verity, update_verifier can't verify anything, but to mark the successfully booted flag unconditionally. Test: Successfully-booted flag is set on devices w/o dm-verity. Test: Successfully-booted flag is set after verification on devices w/ dm-verity. Change-Id: I79ab2caec2d4284aad0d66dd161adabebde175b6
2017-01-26update_verifier should read dm wrapped partitionTianjie Xu1-6/+64
update_verifier used to read from system_block_device, which bypasses dm-verity check completely. Switch update_verifier to read the corresponding '/dev/block/dm-X' instead. U_v gets the verity block device number by comparing the contents in '/sys/block/dm-X/dm/name'. Bug: 34391662 Test: update_verifier detects the corrupped blocks and dm-verity trigger the reboot on Sailfish. Change-Id: Ie5c50c23410bd29fcc6e733ba29cf892e9a07460
2017-01-21bootctrl HAL uses "default" service nameChris Phoenix1-1/+1
The getService() and registerAsService() methods of interface objects now have default parameters of "default" for the service name. HALs will not have to use any service name unless they want to register more than one service. Test: builds; verify HAL still works Bug: 33844934 Change-Id: I86c44aaaaf663e774c631a469ebf2b81619f89c4
2017-01-20bootctrl HAL uses "default" service nameChris Phoenix1-1/+1
The getService() and registerAsService() methods of interface objects now have default parameters of "default" for the service name. HALs will not have to use any service name unless they want to register more than one service. Test: builds; verify HAL still works In support of b/33844934 Change-Id: I5ce988128b0471384e1472298a0ae383df2b7c3e Merged-In: I86c44aaaaf663e774c631a469ebf2b81619f89c4
2017-01-20update_verifier: Move property_get() to android::base::GetProperty().Tao Bao1-48/+46
Also make minor changes to android::base::ParseUint(), which accepts std::string now. Test: Flash an A/B device and make sure update_verifier works (by marking the active slot as successfully booted). Change-Id: Id6e578671cb3c87160c2b6ca717ee618ecf2342a
2016-11-21Switch update verifier to HIDL HALConnor O'Brien2-15/+21
Test: UV logs show success in both binderized and passthrough modes. Bug: 31864052 Change-Id: Ied67a52c458dba7fe600e0fe7eca84db1a9f2587 Signed-off-by: Connor O'Brien <connoro@google.com>
2016-11-19update_verifier: Sync Android.mk with aosp-master.Tao Bao1-2/+6
It's out of sync due to the cherry-pick in commit d007cf2da29f05eee002dd33e6c04262f709b274. Test: mmma bootable/recovery Change-Id: I286fe89c4c7d09de3a06d09f9a2b0cdecef326f5
2016-11-18Revert "Convert update_verifier to boot HIDL HAL"Connor O'Brien2-25/+15
This reverts commit 86199a47e18942c49423b04eb1f3deacd6072849. Bug: 32973182 Change-Id: If3eab18cc2e810446da447fadfd0fb44c02b771b
2016-11-18Revert "Convert update_verifier to boot HIDL HAL"Connor O'Brien2-21/+15
This reverts commit f50593c447faf8415615b5dea2666d7f0f24a0fb. Bug: 32973182 Change-Id: I5b14a812671ea02575cb452242ff1a6f05edb9c1
2016-11-18Revert "Convert update_verifier to boot HIDL HAL"Connor O'Brien2-25/+15
This reverts commit 13716c29c9e222045eab1edcc944eb23c8198e6a. Change-Id: Ib8d23e3e7ab0e3870d1b007fa8abd91a3980c287
2016-11-17Convert update_verifier to boot HIDL HALConnor O'Brien2-15/+25
Test: Flashed device and confirmed update_verifier runs successfully Change-Id: I5bce4ece1e3ba98f57299c9cf469a5e2a5226ff2 Signed-off-by: Connor O'Brien <connoro@google.com>
2016-11-16Convert update_verifier to boot HIDL HALConnor O'Brien2-15/+25
Test: Flashed device and confirmed update_verifier runs successfully Change-Id: I5bce4ece1e3ba98f57299c9cf469a5e2a5226ff2 Signed-off-by: Connor O'Brien <connoro@google.com>
2016-11-16Convert update_verifier to boot HIDL HALConnor O'Brien2-15/+21
Test: Flashed device and confirmed update_verifier runs successfully Change-Id: I5bce4ece1e3ba98f57299c9cf469a5e2a5226ff2 Merged-In: I5bce4ece1e3ba98f57299c9cf469a5e2a5226ff2 Signed-off-by: Connor O'Brien <connoro@google.com>
2016-11-09Touch blocks in care_map in update_verifierTianjie Xu2-12/+128
Read all blocks in system and vendor partition during boot time so that dm-verity could verify this partition is properly flashed. Bug: 27175949 Change-Id: I38ff7b18ee4f2733e639b89633d36f5ed551c989 Test: mma (cherry picked from commit 03ca853a1c8b974152b7c56cb887ac2f36cfd833) (cherry picked from commit 4bbe0c93c80789891d54a74424731caffda0d0db) (Fix a typo when comparing the verity mode) (cherry picked from commit da654af606d700c0a467c27025fb7f6ef745936d) (Skip update verification if care_map is not found)
2016-09-30Turn on -Werror for recoveryTianjie Xu1-0/+1
Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab (cherry picked from commit 7aa88748f6ec4e53333d1a15747bc44826ccc410)
2016-09-30Turn on -Werror for recoveryTianjie Xu1-0/+1
Also remove the 0xff comparison when validating the bootloader message fields. As the fields won't be erased to 0xff after we remove the MTD support. Bug: 28202046 Test: The recovery folder compiles for aosp_x86-eng Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
2016-09-01Switch recovery to libbase loggingTianjie Xu1-23/+22
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 (cherry picked from commit 747781433fb01f745529c7e9dd97c5599070ad0d)
2016-09-01Switch recovery to libbase loggingTianjie Xu2-10/+8
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
2016-09-01Switch recovery to libbase loggingTianjie Xu1-23/+22
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
2016-07-16Skip update verification if care_map is not foundTianjie Xu1-2/+5
Recently flashed devices may not have care_map.txt in /data/ota_package. This leads to a failure of update-verifier and prevents boot success flag from being set. So, we need to skip verification in case the file is not found. Error message: ... I update_verifier: Started with arg 1: nonencrypted ... I update_verifier: Booting slot 1: isSlotMarkedSuccessful=0 ... E update_verifier: Care map /data/ota_package/care_map.txt not found. ... E update_verifier: Failed to verify all blocks in care map file Bug: 30156449 Change-Id: Ia15f5f3e7ca2ea6981d49678e799b9f70d134faa
2016-07-15Fix a typo when comparing the verity modeTianjie Xu1-2/+2
The veritymode string used by the bootloader should be lowercase 'eio' instead of 'EIO'. Fix the typo and change to strcasecmp. Bug: 27175949 Change-Id: I376dacc70eef7364e2b9931a7c940adedcdb1929
2016-07-14Touch blocks in care_map in update_verifierTianjie Xu2-14/+122
Read all blocks in system and vendor partition during boot time so that dm-verity could verify this partition is properly flashed. Bug: 27175949 Change-Id: I38ff7b18ee4f2733e639b89633d36f5ed551c989
2015-12-09update_verifier: Track the API change for isSlotBootable().Tao Bao1-5/+6
[1] added a new API isSlotMarkedSuccessful() to actually query if a given slot has been marked as successful. [1]: commit 72c88c915d957bf2eba73950e7f0407b220d1ef4 Change-Id: I9155c9b9233882a295a9a6e607a844d9125e4c56
2015-12-08update_verifier: Log to logd instead of kernel log.Tao Bao2-12/+8
logd already gets started before we call update_verifier. Bug: 26039641 Change-Id: If00669a77bf9a6e5534e33f4e50b42eabba2667a (cherry picked from commit 45eac58ef188679f6df2d80efc0391c6d7904cd8)
2015-12-08Add update_verifier for A/B OTA update.Tao Bao2-0/+108
update_verifier checks the integrity of the updated system and vendor partitions on the first boot post an A/B OTA update. It marks the current slot as having booted successfully if it passes the verification. This CL doesn't perform any actual verification work which will be addressed in follow-up CLs. Bug: 26039641 Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42 (cherry picked from commit 1171d3a12b13ca3f1d4301985cf068076e55ae26)
2015-12-08update_verifier: Log to logd instead of kernel log.Tao Bao2-12/+8
logd already gets started before we call update_verifier. Bug: 26039641 Change-Id: If00669a77bf9a6e5534e33f4e50b42eabba2667a
2015-12-07Add update_verifier for A/B OTA update.Tao Bao2-0/+108
update_verifier checks the integrity of the updated system and vendor partitions on the first boot post an A/B OTA update. It marks the current slot as having booted successfully if it passes the verification. This CL doesn't perform any actual verification work which will be addressed in follow-up CLs. Bug: 26039641 Change-Id: Ia5504ed25b799b48b5886c2fc68073a360127f42