Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / f2ac7c69e2522c4327c16c461b4670ee2d8fb24e
commitf2ac7c69e2522c4327c16c461b4670ee2d8fb24e[log] [tgz]
authorVictor Hsieh <victorhsieh@google.com>Thu Nov 17 16:58:10 2022 -0800
committerVictor Hsieh <victorhsieh@google.com>Fri Dec 16 10:24:45 2022 -0800
tree312f8838953a88a0afb18e98f11a568d2dbf07ed
parent7133b318eac657f7cc172e4aab0495688b7318dc [diff]
Stop using fs-verity signature in odsign

fs-verity digests are recorded in a signed file that contains the file
path -> digest mapping. We don't really need the extra signature check
in kernel. Persistent attack can still be detected after a reboot. If
the attacker can already damage the run time integrity, the kernel
keyring verification can't really help by itself.

Actually, the signature was originally added because we required
signature for fs-verity, but it has been relaxed since aosp/2281348.

Bug: 258061812
Test: atest odsign_e2e_tests_full
Change-Id: Id0f05055945999fe18d056d89a6f9059807bcee8
3 files changed
tree: 312f8838953a88a0afb18e98f11a568d2dbf07ed
  1. diced/
  2. fsverity/
  3. fsverity_init/
  4. identity/
  5. keystore/
  6. keystore-engine/
  7. keystore2/
  8. ondevice-signing/
  9. prng_seeder/
  10. provisioner/
  11. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  12. .clang-format
  13. .gitignore
  14. Android.bp
  15. METADATA
  16. MODULE_LICENSE_APACHE2
  17. NOTICE
  18. OWNERS
  19. PREUPLOAD.cfg