From eeecbaf3ccdb809552ec3c05bbcb0074d6afe1a2 Mon Sep 17 00:00:00 2001 From: Thurston Dang Date: Wed, 8 Jun 2022 00:38:01 +0000 Subject: [PATCH] Clear secure deletion keys upon factory reset This ports the gs101 configuration - which clears the secure deletion keys upon factory reset - to (REDACTED DEVICE), as suggested by David Drysdale in b/223934835#comment53. In the absence of this change, the key slots may eventually get filled up (e.g., by failing tests) and never be released. Bug: 223934835 Test: Check logcat that keys are cleared after factory reset Change-Id: I56efb76cb6bb0cdfe2eb9b0ac3ca89e49bfc57f0 (cherry picked from commit 4da7fdc1a7c4b38348673935876f5199fe613ff0) --- device.mk | 3 +++ 1 file changed, 3 insertions(+) diff --git a/device.mk b/device.mk index 8ef0f782..ab7cb7cd 100644 --- a/device.mk +++ b/device.mk @@ -1118,3 +1118,6 @@ DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE := device/google/gs201/device_framework PRODUCT_COPY_FILES += \ frameworks/native/data/etc/android.software.device_id_attestation.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.software.device_id_attestation.xml \ frameworks/native/data/etc/android.hardware.device_unique_attestation.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.device_unique_attestation.xml + +# Call deleteAllKeys if vold detects a factory reset +PRODUCT_VENDOR_PROPERTIES += ro.crypto.metadata_init_delete_all_keys.enabled=true