Enable file encryption on /data partition For now, the default implementation will be used. In the future, microdroid-specific keymint HAL will be implemented. Bug: 185767624 Test: atest MicrodroidHostTestCases Test: mount userdata.img and see files encrypted Change-Id: I593e659b60d6b33b153f8d614395755e83e597de

commit: de6b6894f69f0acfe3aad08cc96bdc804f6b16fc [log] [tgz]
author: Inseob Kim <inseob@google.com> Wed May 26 12:06:59 2021 +0900
committer: Inseob Kim <inseob@google.com> Wed Jun 02 20:40:48 2021 +0900
tree: af82f4941f99c52b3ac459951c632eb219869691
parent: 8f095c900c86fa9590bbf3eac3b634099a209f00 [diff] [blame]
diff --git a/microdroid/fstab.microdroid b/microdroid/fstab.microdroid
index 6e17c3e..fd8d395 100644
--- a/microdroid/fstab.microdroid
+++ b/microdroid/fstab.microdroid

@@ -1,5 +1,4 @@
 system /system ext4 noatime,ro,errors=panic wait,first_stage_mount,logical
 vendor /vendor ext4 noatime,ro,errors=panic wait,first_stage_mount,logical
 
-# TODO(b/185767624): turn on encryption
-/dev/block/by-name/userdata /data ext4 noatime,nosuid,nodev,errors=panic latemount,wait,check,formattable
+/dev/block/by-name/userdata /data ext4 noatime,nosuid,nodev,errors=panic latemount,wait,check,formattable,fileencryption=aes-256-xts
commit	de6b6894f69f0acfe3aad08cc96bdc804f6b16fc	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Wed May 26 12:06:59 2021 +0900
committer	Inseob Kim <inseob@google.com>	Wed Jun 02 20:40:48 2021 +0900
tree	af82f4941f99c52b3ac459951c632eb219869691
parent	8f095c900c86fa9590bbf3eac3b634099a209f00 [diff] [blame]