Use SW-based FBE

Should jump to use HW encryption Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> Change-Id: I1e9f5f26d7ba368adf20aa9bd0b1345a932a2d27
2022-06-30 08:27:37 -07:00 · 2022-06-30 08:27:37 -07:00 · 776a3b6586
commit 776a3b6586
parent c301a51973
2 changed files with 12 additions and 3 deletions
--- a/conf/Android.bp
+++ b/conf/Android.bp
@ -34,13 +34,21 @@ package {
 }

 genrule {
-    name: "gen_fstab.zuma",
+    name: "gen_fstab.zuma-hw-encrypt",
    srcs: ["fstab.zuma.in"],
    out: ["fstab.zuma"],
    cmd: "sed -e s/@fileencryption@/::inlinecrypt_optimized+wrappedkey_v0/" +
        " -e s/@metadata_encryption@/:wrappedkey_v0/ $(in) > $(out)",
 }

+genrule {
+    name: "gen_fstab.zuma-sw-encrypt",
+    srcs: ["fstab.zuma.in"],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@/aes-256-xts/" +
+        " -e s/@metadata_encryption@// $(in) > $(out)",
+}
+
 genrule {
    name: "gen_fstab.zuma-fips",
    srcs: ["fstab.zuma.in"],
@ -49,9 +57,10 @@ genrule {
        " -e s/@metadata_encryption@/aes-256-xts/ $(in) > $(out)",
 }

+// TODO: change below to gen_fstab.zuma-hw-encrypt once GSA is ready
 prebuilt_etc {
    name: "fstab.zuma",
-    src: ":gen_fstab.zuma",
+    src: ":gen_fstab.zuma-sw-encrypt",
    vendor: true,
    vendor_ramdisk_available: true,
 }
--- a/conf/fstab.zuma.in
+++ b/conf/fstab.zuma.in
@ -20,6 +20,6 @@ vendor_dlkm                                              /vendor_dlkm
 /dev/block/platform/13200000.ufs/by-name/misc            /misc                       emmc    defaults                 wait
 /dev/block/platform/13200000.ufs/by-name/metadata        /metadata                   f2fs    noatime,nosuid,nodev,sync  wait,check,formattable,first_stage_mount
 #/dev/block/platform/13200000.ufs/by-name/pvmfw           /pvmfw                      emmc    defaults                 wait,slotselect,avb=pvmfw,first_stage_mount
-/dev/block/platform/13200000.ufs/by-name/userdata        /data                       f2fs    noatime,nosuid,nodev,discard,reserve_root=32768,resgid=1065,fsync_mode=nobarrier,compress_extension=apk,compress_extension=apex,compress_extension=so,compress_extension=vdex,compress_extension=odex,atgc,checkpoint_merge,compress_cache    latemount,wait,check,quota,formattable,sysfs_path=/dev/sys/block/bootdevice,checkpoint=fs,reservedsize=128M,fscompress,readahead_size_kb=128
+/dev/block/platform/13200000.ufs/by-name/userdata        /data                       f2fs    noatime,nosuid,nodev,discard,reserve_root=32768,resgid=1065,fsync_mode=nobarrier,compress_extension=apk,compress_extension=apex,compress_extension=so,compress_extension=vdex,compress_extension=odex,atgc,checkpoint_merge,compress_cache    latemount,wait,check,quota,formattable,sysfs_path=/dev/sys/block/bootdevice,checkpoint=fs,reservedsize=128M,fscompress,readahead_size_kb=128,fileencryption=@fileencryption@,metadata_encryption=@metadata_encryption@,keydirectory=/metadata/vold/metadata_encryption
 /dev/block/platform/13200000.ufs/by-name/vbmeta          /vbmeta                     emmc    defaults                 slotselect,first_stage_mount
 /devices/platform/11210000.usb*                          auto                        vfat    defaults                 voldmanaged=usb:auto