After reaching the maximum number of retires with wrong password,
userdata is erased based on the info written on /cache partition.
As per the latest changes of A/B, cache partition is not present
which leads to failure of userdata wipe before reboot. This patch
removes reboot from cryptfs_hw layer if max entries reached, as
frameworks take care of userdata wipe.
Change-Id: If97f2f7452beb004f44d7d41d1d76def23fe2720
As the partition names are changing from branch to branch, device
FDE key is not wrapped with Hw keymaster which is less secure.
So removing the partition name related checks to avoid failures.
Change-Id: If181b093122479ca57ff6846b10d6aa2fb3eaa0c
Replace the sys.listener.registered with sys.keymaster.loaded
because the keymaster loading is the final operation done by
the qseecomd and key operations should wait till the qseecomd
initialization completes.
Change-Id: I78a2a6941058f8ec6197ef88b324f6178f7ae2fb
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
Sometime it is possible that KMS APIs are invoked and QSEECom
listeners are not up. This would cause failure from secure side
and KMS API will fail eventually. This change waits for QSEECom
listeners to be up before calling KMS APIs. If QSEECom listeners
are not up even after wait period, API would fail without going
to secure side.
Change-Id: I211248645f92fc0fcfe6f250cb1f26661f5fb06c
While verifying or updating passwords, those are copied into temp
variables which are freed after use. These variables should be
cleaned up before freeing so that passwords are not left in memory
if someone dumps the memory.
Change-Id: I94f76f679bac18a682c796fe98236549e8f5e1aa
HW FDE keys would be tied to keymaster so that if someone changes
Root of Trust (ROT), encrypted data can't be used. Cryptfs_hw module
is exposing a new API so that caller can determine whether to create
dependency between HW FDE keys and keymaster.
Change-Id: I85c85ffd9086f6c060032e4ae701b10363d88529
ICE (Inline Crypto Engine) encrypts/decrypts storage IO requests to
minimize degradation in storage IO throughput. ICE has been added to
eMMC based storage hardware as well. Adding required support for eMMC
based ICE.
Change-Id: I7986d95ccabca9d6d029653c804608e7d78ad9ef
ICE requires keys to be set in key LUT. Changing APIs so that it
return the key index in key LUT. It also needs to take care if
ICE is available on the chip.
Change-Id: I22be18738ba33e5b5c61639c24b320484d0ad7f2
64 bit platform generates library at a different path compared to
32 bit platform.Added macros to take care of both kind of platforms.
Change-Id: Ie32b8edaeb9f8f34095c7f18c4add83fe957d82a
qseecom_create_key which is a function pointer is used after
dereferencing it. Also fixed the issue where userdata may not be
wiped after certain number of attemps.
Change-Id: I4d14366e33c09da64f89000a16b7eef7d981cfda
All vendors developed libraries must be in vendor folder on
device. Using appropriate directive to accomplish the objective.
Change-Id: I4ed413b799c0b66a86321f799713068776fa538a
SW based device encryption uses SW crypto engine. This module
provides the support for VOLD to utilize HW crypto engine. HW
based crypto engine is more efficient both in terms of power
and throughput.
Change-Id: I34107a0ce50d9fc5c80c15ace0678a0bba7adee5
ICE requires keys to be set in key LUT. Changing APIs so that it
return the key index in key LUT. It also needs to take care if
ICE is available on the chip.
Change-Id: I22be18738ba33e5b5c61639c24b320484d0ad7f2
qseecom_create_key which is a function pointer is used after
dereferencing it. Also fixed the issue where userdata may not be
wiped after certain number of attemps.
Change-Id: I4d14366e33c09da64f89000a16b7eef7d981cfda
All vendors developed libraries must be in vendor folder on
device. Using appropriate directive to accomplish the objective.
Change-Id: I4ed413b799c0b66a86321f799713068776fa538a
SW based device encryption uses SW crypto engine. This module
provides the support for VOLD to utilize HW crypto engine. HW
based crypto engine is more efficient both in terms of power
and throughput.
Change-Id: I34107a0ce50d9fc5c80c15ace0678a0bba7adee5
Brahmaji K
AnilKumar Chimata
Dinesh K Garg
Chiou-Hao Hsu
Sri Krishna Chaitanya Madireddy
Jake Weinstein