Merge "Revert "init.rc: stop calling 'fsverity_init --load-verified-keys'"" into main am: 428622bb7f am: 82161b0c05
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2676760
Change-Id: Ib9f977750fa6a478f241600857888d661d844c49
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/rootdir/Android.bp b/rootdir/Android.bp
index 65865a6..e98733a 100644
--- a/rootdir/Android.bp
+++ b/rootdir/Android.bp
@@ -20,7 +20,10 @@
name: "init.rc",
src: "init.rc",
sub_dir: "init/hw",
- required: ["platform-bootclasspath"],
+ required: [
+ "fsverity_init",
+ "platform-bootclasspath",
+ ],
}
prebuilt_etc {
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 6693b75..07bb4ed 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -649,6 +649,9 @@
# HALs required before storage encryption can get unlocked (FBE)
class_start early_hal
+ # Load trusted keys from dm-verity protected partitions
+ exec -- /system/bin/fsverity_init --load-verified-keys
+
# Only enable the bootreceiver tracing instance for kernels 5.10 and above.
on late-fs && property:ro.kernel.version=4.9
setprop bootreceiver.enable 0