Commit Graph

23 Commits

Author SHA1 Message Date
AnilKumar Chimata 3850820e69 cryptfs_hw: Fix compilation error
Fix compilation error for qseecom.h which encountered while
creating the clean build.

Change-Id: I1271866d453f0f3d60bfc23ac12819b1cd0cabea
2017-07-03 18:33:00 +05:30
AnilKumar Chimata 432a4e9890 cryptfs_hw: Add new APIs for key management
Add new APIs for create, wipe and update keys, which is
required for HW based Full Disk Encryption.

Change-Id: I483ce1a734db7b7cbfb2a06fe74baf559cfb51fb
2017-06-23 00:40:13 +05:30
AnilKumar Chimata d34ac3e93d cryptfs_hw: Remove keymaster partition check
As the partition names are changing from branch to branch, device
FDE key is not wrapped with Hw keymaster which is less secure.
So removing the partition name related checks to avoid failures.

Change-Id: If181b093122479ca57ff6846b10d6aa2fb3eaa0c
2017-06-23 00:20:52 +05:30
Brahmaji K 10866e6dc1 cryptfs_hw: Remove android reboot during password check
After reaching the maximum number of retires with wrong password,
userdata is erased based on the info written on /cache partition.
As per the latest changes of A/B, cache partition is not present
which leads to failure of userdata wipe before reboot. This patch
removes reboot from cryptfs_hw layer if max entries reached, as
frameworks take care of userdata wipe.

Change-Id: If97f2f7452beb004f44d7d41d1d76def23fe2720
2017-06-23 00:20:51 +05:30
AnilKumar Chimata 1581fe2438 cryptfs_hw: Add liblog for logging
Add liblog to cryptfs_hw to compile the adb log message related
functions to enable logging.

Change-Id: Ibc6b8617431cae687d964d1ab56ac25e1b1b96f2
2017-06-23 00:20:45 +05:30
Brahmaji K d774959480 cryptfs_hw: Fix stack out of bound issue
Add strnlen() instead of strlen() to fix the buffer overflow
while processing the password.

Change-Id: I5996bb62980741b7463c8829a43524e79abc4f19
2017-06-01 15:38:42 -07:00
Dinesh K Garg 8896c0e415 Cleanup temporarily stored passwords
While verifying or updating passwords, those are copied into temp
variables which are freed after use. These variables should be
cleaned up before freeing so that passwords are not left in memory
if someone dumps the memory.

Change-Id: I94f76f679bac18a682c796fe98236549e8f5e1aa
2016-06-05 00:58:40 -07:00
Brahmaji K a96f3f54d1 cryptfs_hw: update the listener property with keymaster property
Replace the sys.listener.registered with sys.keymaster.loaded
because the keymaster loading is the final operation done by
the qseecomd and key operations should wait till the qseecomd
initialization completes.

Change-Id: I78a2a6941058f8ec6197ef88b324f6178f7ae2fb
2016-06-05 00:54:00 -07:00
Dinesh K Garg 6fb15f14e2 Wait for QSEECom listeners before calling KMS APIs
Sometime it is possible that KMS APIs are invoked and QSEECom
listeners are not up. This would cause failure from secure side
and KMS API will fail eventually. This change waits for QSEECom
listeners to be up before calling KMS APIs. If QSEECom listeners
are not up even after wait period, API would fail without going
to secure side.

Change-Id: I211248645f92fc0fcfe6f250cb1f26661f5fb06c
2015-10-29 11:11:36 -07:00
Dinesh K Garg 8ec7a6597d cryptfs_hw: Tie HW FDE keys with keymaster
HW FDE keys would be tied to keymaster so that if someone changes
Root of Trust (ROT), encrypted data can't be used. Cryptfs_hw module
is exposing a new API so that caller can determine whether to create
dependency between HW FDE keys and keymaster.

Change-Id: I85c85ffd9086f6c060032e4ae701b10363d88529
2015-09-02 13:45:15 -07:00
Dinesh K Garg 33e4dcc1d4 cryptfs_hw: Update module as per vold project
Update cryptfs_hw API signatures as per the vold project
requests to avoid compilation errors.

Change-Id: I1c2133f3cee395892e7fa160afc6314059ba0bcb
2015-08-20 17:18:48 -07:00
Chiou-Hao Hsu 64e54d0eab Merge tag 'AU_LINUX_ANDROID_LA.HB.1.1.1.05.01.01.063.356' into HEAD
* commit '6dfa44b044c858c2b5de0f0c3ca9eef28131a0c1': (27 commits)
  Add tcp buffer sizes for LTE_CA
  init.qcom.post_boot.sh: Update scheduler tunables for 8996
  tz app seemp_healthd removed
  init.qcom.post_boot: Enable low power modes for 8952
  init.qcom.usb: Add composition to support DPL with DUN over char bridge
  init.qcom.rc: FST Manager runs as user "wifi"
  init.qcom.post_boot.sh: Enable all the LPMs by default
  qcom: Add default configuration for DCC block on MSM8976
  BTLogKit: Added BTLogKit to Product Packages
  init.qcom.usb: Set default USB request buffer size as 128 KB for MTP
  Adding and starting IOP service for 8996
  base.mk: add FST Manager to the build
  init.qcom.rc: add FST manager service
  Bluetooth: Drop Wcnss_filter to bluetooth only access
  init.qcom.post_boot: Set mincpubw devfreq governor to cpufreq for 8996
  audio_policy: disable software DRC flag
  init.qcom.rc: Seemp health Deamon
  Disable sched_boost on msm8996 at post-boot.
  Mms: Change default config options
  qcom: Add default configuration for DCC block.
  ...

Conflicts:
	rootdir/etc/init.qcom.rc

Change-Id: Ifedca1c92c67b2006f11eaa54d4fb8134fe5952c
2015-08-03 11:28:17 -07:00
Chiou-Hao Hsu 9b7ae911d0 cryptfs_hw: add string.h
Change-Id: I7f64400bfa33dcb87d2c6260b8a055d0262f7511
2015-07-13 14:58:14 -07:00
AnilKumar Chimata b97d849e05 cryptfs_hw: Update APIs to take old password
Update cryptfs_hw APIs to take old password along with the new
passowrd.

Change-Id: Ieca5c4bac36ba4bb2371d2f3bbe0cadf79e256d7
2015-06-23 13:00:52 -07:00
Linux Build Service Account c39735caff Merge "cryptfs_hw: Add support for wipe_key routine" 2015-05-28 03:27:56 -07:00
AnilKumar Chimata 60677ed2db cryptfs_hw: Add support for wipe_key routine
Add support for wipe_key routine to clean key.

Change-Id: I9e258e1506d0634c4fc5b5142475005f6eb51c4e
2015-05-20 09:51:00 -07:00
Dinesh K Garg 7d3263d327 Adding support for eMMC based ICE
ICE (Inline Crypto Engine) encrypts/decrypts storage IO requests to
minimize degradation in storage IO throughput. ICE has been added to
eMMC based storage hardware as well. Adding required support for eMMC
based ICE.

Change-Id: I7986d95ccabca9d6d029653c804608e7d78ad9ef
2015-05-12 15:43:03 -07:00
Dinesh K Garg 7cadaea9bd Adding support of Inline Crypto Engine (ICE)
ICE requires keys to be set in key LUT. Changing APIs so that it
return the key index in key LUT. It also needs to take care if
ICE is available on the chip.

Change-Id:  I22be18738ba33e5b5c61639c24b320484d0ad7f2
2014-12-08 18:42:36 -08:00
Sri Krishna Chaitanya Madireddy 7d8b35351d qcom/common: Added O_NOFOLLOW to avoid follow the symlink
open system call is added with NOFOLLOW flag

Change-Id: I402643635e3ee11b3ac5df63c3b71a9fd6f0d2db
2014-10-13 01:57:38 -07:00
Dinesh K Garg 73e60cdc59 Port cryptfs_hw library to 64bit platform
64 bit platform generates library at a different path compared to
32 bit platform.Added macros to take care of both kind of platforms.

Change-Id: Ie32b8edaeb9f8f34095c7f18c4add83fe957d82a
2014-09-11 10:55:02 -07:00
Dinesh K Garg ab7bdaee6b Wrong function pointer usage
qseecom_create_key which is a function pointer is used after
dereferencing it. Also fixed the issue where userdata may not be
wiped after certain number of attemps.

Change-Id: I4d14366e33c09da64f89000a16b7eef7d981cfda
2014-03-04 12:09:51 -08:00
Dinesh K Garg 60bf422f43 Place library in vendor folder on device
All vendors developed libraries must be in vendor folder on
device. Using appropriate directive to accomplish the objective.

Change-Id: I4ed413b799c0b66a86321f799713068776fa538a
2014-02-03 14:03:33 -08:00
Dinesh K Garg 6b63d39ad7 vold: HW based device encryption
SW based device encryption uses SW crypto engine. This module
provides the support for VOLD to utilize HW crypto engine. HW
based crypto engine is more efficient both in terms of power
and throughput.

Change-Id: I34107a0ce50d9fc5c80c15ace0678a0bba7adee5
2014-01-21 16:13:17 -08:00