Calculate vbmetadigest of inactive slot We want to improve the security of the keystore encryption key for resume on reboot. One AI is to create the key with the vbmeta digest of the next slot to boot into. After reboot, the decryption will fail if ro.boot.vbmeta.digest of the new slot doesn't match the calculated value before reboot. Since update_engine manages the slot switch, let it calculate the digest as well. Bug: 177625570 Test: do a update, check that the sysprop is set. Change-Id: I74b20fca72f6946d980b93d76990f1c8b8f246a9

commit: 838793dc39746fd0eba99daaa0f62f8a402777e5 [log] [tgz]
author: Tianjie <xunchang@google.com> Thu Jan 14 22:05:13 2021 -0800
committer: Tianjie Xu <xunchang@google.com> Thu Jan 28 18:26:59 2021 +0000
tree: 1173db93bffda2cf3bdbdeedc759548c003d1163
parent: 8e2dce0ccc2699a0df9d8473fa586811f4b1b69c [diff] [blame]
diff --git a/common/hardware_interface.h b/common/hardware_interface.h
index cad32fc..7460097 100644
--- a/common/hardware_interface.h
+++ b/common/hardware_interface.h

@@ -137,6 +137,10 @@
   // needed on the next reboot. Otherwise, clears the flag.
   virtual void SetWarmReset(bool warm_reset) = 0;
 
+  // If not reset, sets the vbmeta digest of the inactive slot as a sysprop.
+  // Otherwise, clears the sysprop.
+  virtual void SetVbmetaDigestForInactiveSlot(bool reset) = 0;
+
   // Return the version/timestamp for partition `partition_name`.
   // Don't make any assumption about the formatting of returned string.
   // Only used for logging/debugging purposes.
commit	838793dc39746fd0eba99daaa0f62f8a402777e5	[log] [tgz]
author	Tianjie <xunchang@google.com>	Thu Jan 14 22:05:13 2021 -0800
committer	Tianjie Xu <xunchang@google.com>	Thu Jan 28 18:26:59 2021 +0000
tree	1173db93bffda2cf3bdbdeedc759548c003d1163
parent	8e2dce0ccc2699a0df9d8473fa586811f4b1b69c [diff] [blame]