From c0aab4a5f123b00e094bde7f619c11695642731a Mon Sep 17 00:00:00 2001
From: Herbert Xue <herbertxue@google.com>
Date: Mon, 9 Sep 2024 13:51:29 +0800
Subject: [PATCH 1/4] Control GoogleDialer built from
 zumapro/proprietary/GoogleDialer

For PDK build, the "vendor/unbundled_google" path doesn't exist.
"GoogleDialer" will be built from vendor/google_devices/zumapro/proprietary/GoogleDialer.

Flag: EXEMPT bugfix
Bug: 364510147
Test: export USES_GOOGLE_DIALER_CARRIER_SETTINGS=true; m GoogleDialer
Change-Id: I5c6796036627a5ae208dfda3ea19ead550a55c9a
---
 device.mk | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/device.mk b/device.mk
index 229369a..7d7ac5a 100644
--- a/device.mk
+++ b/device.mk
@@ -298,6 +298,8 @@ USE_GOOGLE_DIALER := true
 USE_GOOGLE_CARRIER_SETTINGS := true
 PRODUCT_PROPERTY_OVERRIDES += \
 	ro.vendor.uses_google_dialer_carrier_settings=1
+# GoogleDialer in PDK build with "USES_GOOGLE_DIALER_CARRIER_SETTINGS=true"
+PRODUCT_SOONG_NAMESPACES += vendor/google_devices/zumapro/proprietary/GoogleDialer
 endif
 
 ifeq ($(USES_GOOGLE_PREBUILT_MODEM_SVC),true)

From a24d3877e1ecaf7eac4c6f2cf9ab624b99a678f4 Mon Sep 17 00:00:00 2001
From: Juan Yescas <jyescas@google.com>
Date: Tue, 10 Sep 2024 22:34:41 -0700
Subject: [PATCH 2/4] 16kb: Config fstab for targets that only boot 16kb
 kernels

The zumapro targets that only boot with 16kb kernels will
have this filesystem setup for data and metadata partitions:

- data partition:     f2fs
- metadata partition: ext4

Important: For the HW file encryption to work in the data partition in 16kb kernels the `dusize_4k` parameter has to be set:

```
fileencryption=:aes-256-hctr2:inlinecrypt_optimized+wrappedkey_v0+dusize_4k
```

Bug: 350101696
Test: built pgagnostic target and checked the fs for mounted
      partitions.
Flag: EXEMPT bugfix
Change-Id: I566618e6fa1db2ff4463e00e8d091e7226ba0399
---
 conf/fs-16kb/Android.bp            | 164 +++++++++++++++++++++++++++++
 conf/fs-16kb/fstab.rw.zumapro.16kb |   6 ++
 2 files changed, 170 insertions(+)
 create mode 100644 conf/fs-16kb/Android.bp
 create mode 100644 conf/fs-16kb/fstab.rw.zumapro.16kb

diff --git a/conf/fs-16kb/Android.bp b/conf/fs-16kb/Android.bp
new file mode 100644
index 0000000..b6f77a4
--- /dev/null
+++ b/conf/fs-16kb/Android.bp
@@ -0,0 +1,164 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// By default this device uses hardware-wrapped keys for storage encryption,
+// which is intended to offer increased security over the traditional method
+// (software keys).  However, hardware-wrapped keys aren't compatible with
+// FIPS-140 certification of the encryption hardware, and hence we have to
+// disable the use of them in FIPS mode.  This requires having two fstab files:
+// one for the default mode, and one for FIPS mode selectable via
+// androidboot.fstab_suffix on the kernel command line.  These fstabs should be
+// identical with the exception of the encryption settings, so to keep them in
+// sync the rules below generate them from a template file.
+
+soong_namespace {
+    imports: [
+        "device/google/zumapro",
+    ],
+}
+
+package {
+    // See: http://go/android-license-faq
+    // A large-scale-change added 'default_applicable_licenses' to import
+    // all of the 'license_kinds' from "device_google_zumapro_license"
+    // to get the below license kinds:
+    //   SPDX-license-identifier-Apache-2.0
+    default_applicable_licenses: ["device_google_zumapro_license"],
+}
+
+genrule {
+    name: "gen_fstab.zuma-hw-encrypt",
+    srcs: [
+        ":fstab.zumapro.common",
+        "fstab.rw.zumapro.16kb",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=:aes-256-hctr2:inlinecrypt_optimized+wrappedkey_v0/" +
+        " -e s/@inlinecrypt@/inlinecrypt/ " +
+        " -e s/@metadata_encryption@/metadata_encryption=:wrappedkey_v0/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zumapro-hw-encrypt",
+    srcs: [
+        ":fstab.zumapro.common",
+        "fstab.rw.zumapro.16kb",
+    ],
+    out: ["fstab.zumapro"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=:aes-256-hctr2:inlinecrypt_optimized+wrappedkey_v0+dusize_4k/" +
+        " -e s/@inlinecrypt@/inlinecrypt/ " +
+        " -e s/@metadata_encryption@/metadata_encryption=:wrappedkey_v0/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-sw-encrypt",
+    srcs: [
+        ":fstab.zumapro.common",
+        "fstab.rw.zumapro.16kb",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts:aes-256-hctr2/" +
+        " -e s/@inlinecrypt@// " +
+        " -e s/@metadata_encryption@/metadata_encryption=/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zumapro-sw-encrypt",
+    srcs: [
+        ":fstab.zumapro.common",
+        "fstab.rw.zumapro.16kb",
+    ],
+    out: ["fstab.zumapro"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts:aes-256-hctr2/" +
+        " -e s/@inlinecrypt@// " +
+        " -e s/@metadata_encryption@/metadata_encryption=/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-no-encrypt",
+    srcs: [
+        ":fstab.zumapro.common",
+        "fstab.rw.zumapro.16kb",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@//" +
+        " -e s/@inlinecrypt@// " +
+        " -e s/@metadata_encryption@// $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zumapro-no-encrypt",
+    srcs: [
+        ":fstab.zumapro.common",
+        "fstab.rw.zumapro.16kb",
+    ],
+    out: ["fstab.zumapro"],
+    cmd: "sed -e s/@fileencryption@//" +
+        " -e s/@inlinecrypt@// " +
+        " -e s/@metadata_encryption@// $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-fips",
+    srcs: [
+        ":fstab.zumapro.common",
+        "fstab.rw.zumapro.16kb",
+    ],
+    out: ["fstab.zuma-fips"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts/" +
+        " -e s/@inlinecrypt@/inlinecrypt/ " +
+        " -e s/@metadata_encryption@/metadata_encryption=aes-256-xts/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zumapro-fips",
+    srcs: [
+        ":fstab.zumapro.common",
+        "fstab.rw.zumapro.16kb",
+    ],
+    out: ["fstab.zumapro-fips"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts/" +
+        " -e s/@inlinecrypt@/inlinecrypt/ " +
+        " -e s/@metadata_encryption@/metadata_encryption=aes-256-xts/ $(in) > $(out)",
+}
+
+prebuilt_etc {
+    name: "fstab.zuma",
+    src: ":gen_fstab.zuma-hw-encrypt",
+    vendor: true,
+    vendor_ramdisk_available: true,
+}
+
+prebuilt_etc {
+    name: "fstab.zumapro",
+    src: ":gen_fstab.zumapro-hw-encrypt",
+    vendor: true,
+    vendor_ramdisk_available: true,
+}
+
+prebuilt_etc {
+    name: "fstab.zuma-fips",
+    src: ":gen_fstab.zuma-fips",
+    vendor: true,
+    vendor_ramdisk_available: true,
+}
+
+prebuilt_etc {
+    name: "fstab.zumapro-fips",
+    src: ":gen_fstab.zumapro-fips",
+    vendor: true,
+    vendor_ramdisk_available: true,
+}
diff --git a/conf/fs-16kb/fstab.rw.zumapro.16kb b/conf/fs-16kb/fstab.rw.zumapro.16kb
new file mode 100644
index 0000000..13fc45c
--- /dev/null
+++ b/conf/fs-16kb/fstab.rw.zumapro.16kb
@@ -0,0 +1,6 @@
+# Android fstab file for /data and /metadata partitions.
+#
+# This fstab is used for devices that only boot 16kb page size kernels.
+#<src>                                                   <mnt_point>                 <type>  <mnt_flags and options>  <fs_mgr_flags>
+/dev/block/platform/13200000.ufs/by-name/metadata        /metadata                   ext4    noatime,nosuid,nodev,sync  wait,check,formattable,first_stage_mount
+/dev/block/platform/13200000.ufs/by-name/userdata        /data                       f2fs    noatime,nosuid,nodev,discard,reserve_root=32768,resgid=1065,fsync_mode=nobarrier,compress_extension=apk,compress_extension=so,compress_extension=vdex,compress_extension=odex,@inlinecrypt@,atgc,checkpoint_merge,compress_cache    latemount,wait,check,quota,formattable,sysfs_path=/dev/sys/block/bootdevice,checkpoint=fs,reservedsize=128M,fscompress,readahead_size_kb=128,@fileencryption@,@metadata_encryption@,keydirectory=/metadata/vold/metadata_encryption,device=zoned:/dev/block/by-name/zoned_device

From a14c143c45bc95693a38484278bf9025c920c60e Mon Sep 17 00:00:00 2001
From: Juan Yescas <jyescas@google.com>
Date: Tue, 10 Sep 2024 22:43:37 -0700
Subject: [PATCH 3/4] 16kb: Set f2fs block size to 16384 for targets that only
 boot 16kb kernels

The f2fs block size has to be set up to 16384 for 16kb kernels.

Bug: 350101696
Test: Built zumapro device and checked mounted partitions
Flag: EXEMPT bugfix
Change-Id: Ie3bf17d78da62a20882b17363afeb3a3a8a984e0
---
 BoardConfig-16k-common.mk | 19 +++++++++++++++++++
 BoardConfig-common.mk     |  3 +++
 2 files changed, 22 insertions(+)
 create mode 100644 BoardConfig-16k-common.mk

diff --git a/BoardConfig-16k-common.mk b/BoardConfig-16k-common.mk
new file mode 100644
index 0000000..229248d
--- /dev/null
+++ b/BoardConfig-16k-common.mk
@@ -0,0 +1,19 @@
+#
+# Copyright (C) 2024 The Android Open-Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+ifeq ($(TARGET_BOOTS_16K),true)
+BOARD_F2FS_BLOCKSIZE := 16384
+endif
diff --git a/BoardConfig-common.mk b/BoardConfig-common.mk
index b21deda..91cdb4c 100644
--- a/BoardConfig-common.mk
+++ b/BoardConfig-common.mk
@@ -16,6 +16,9 @@
 include build/make/target/board/BoardConfigMainlineCommon.mk
 include build/make/target/board/BoardConfigPixelCommon.mk
 
+# Include settings for 16k page size kernel if enabled.
+include device/google/zumapro/BoardConfig-16k-common.mk
+
 # HACK : To fix up after bring up multimedia devices.
 TARGET_SOC := zumapro
 

From 7e4d66612d5f8fbeb810c090932edf6fa6001290 Mon Sep 17 00:00:00 2001
From: Juan Yescas <jyescas@google.com>
Date: Tue, 10 Sep 2024 22:45:13 -0700
Subject: [PATCH 4/4] 16kb: Select proper fstab for targets that only boot 16kb
 kernels

The 16kb kernels need to select the fstab that has this configurations:

- data partition:     fstab
- metadata partition: ext4

Bug: 350101696
Test: Built zumapro target and checked mounted partitions
Flag: EXEMPT bugfix
Change-Id: I2fc82946cdbadee7af0b3f6fc026b846fa79a146
---
 device.mk | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/device.mk b/device.mk
index a6c6588..43828af 100644
--- a/device.mk
+++ b/device.mk
@@ -457,7 +457,10 @@ PRODUCT_COPY_FILES += \
 	device/google/zumapro/conf/init.recovery.device.rc:$(TARGET_COPY_OUT_RECOVERY)/root/init.recovery.zuma.rc
 
 # Fstab files
-ifeq (ext4,$(TARGET_RW_FILE_SYSTEM_TYPE))
+ifeq (true,$(TARGET_BOOTS_16K))
+PRODUCT_SOONG_NAMESPACES += \
+        device/google/zumapro/conf/fs-16kb
+else ifeq (ext4,$(TARGET_RW_FILE_SYSTEM_TYPE))
 PRODUCT_SOONG_NAMESPACES += \
         device/google/zumapro/conf/ext4
 else