Expose system property for dm-verity check_at_most_once Allow us to check if check_at_most_once is set for any partitions. This property should be false for any device with a reasonable amount of RAM and a modern CPU. Enabling check_at_most_once violates AVB best practices, it should only be allowed on performance limited devices. Bug: 253033920 Test: Ensure that avbHashtreeNotUsingSha1 CTS test still passes and that partition.system.verified.check_at_most_once is set. Change-Id: I8174adf81111cc0df547ea01f81b0dfaca32631f Signed-off-by: Nathan Huckleberry <nhuck@google.com>

commit: 997d738dda66df669837cb27b39e09ed12316e47 [log] [tgz]
author: Nathan Huckleberry <nhuck@google.com> Fri Oct 21 20:55:49 2022 +0000
committer: Nathan Huckleberry <nhuck@google.com> Tue Oct 25 21:12:52 2022 +0000
tree: 4ad3b2315a99d70913012ef53604a21d69ef2c13
parent: 8f6fcd19afd08cdf3a29184846592da209ae0fc9 [diff] [blame]
diff --git a/init/builtins.cpp b/init/builtins.cpp
index c8cb253..7cb8b11 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp

@@ -879,6 +879,8 @@
             SetProperty("partition." + partition + ".verified.hash_alg", hashtree_info->algorithm);
             SetProperty("partition." + partition + ".verified.root_digest",
                         hashtree_info->root_digest);
+            SetProperty("partition." + partition + ".verified.check_at_most_once",
+                        hashtree_info->check_at_most_once ? "1" : "0");
         }
     }
commit	997d738dda66df669837cb27b39e09ed12316e47	[log] [tgz]
author	Nathan Huckleberry <nhuck@google.com>	Fri Oct 21 20:55:49 2022 +0000
committer	Nathan Huckleberry <nhuck@google.com>	Tue Oct 25 21:12:52 2022 +0000
tree	4ad3b2315a99d70913012ef53604a21d69ef2c13
parent	8f6fcd19afd08cdf3a29184846592da209ae0fc9 [diff] [blame]