Merge "Add some keystore boot levels."

This commit is contained in:
Martijn Coenen 2021-03-11 09:25:40 +00:00 committed by Gerrit Code Review
commit 43defd972f
1 changed files with 5 additions and 0 deletions

View File

@ -630,6 +630,9 @@ on late-fs
write /sys/kernel/tracing/instances/bootreceiver/events/error_report/error_report_end/enable 1
on post-fs-data
# Boot level 30 - at this point daemons like apexd and odsign run
setprop keystore.boot_level 30
mark_post_data
# Start checkpoint before we touch data
@ -908,6 +911,8 @@ on post-fs-data
# Lock the fs-verity keyring, so no more keys can be added
exec -- /system/bin/fsverity_init --lock
setprop keystore.boot_level 40
# Allow apexd to snapshot and restore device encrypted apex data in the case
# of a rollback. This should be done immediately after DE_user data keys
# are loaded. APEXes should not access this data until this has been