Gitiles
Code Review Sign In
gerrit.twrp.me / android_bootable_recovery / 71c6c50d0da1f32dd18a749797e88de2358c5ba1
commit71c6c50d0da1f32dd18a749797e88de2358c5ba1[log] [tgz]
authornkk71 <nkk71x@gmail.com>Thu Jan 05 23:55:05 2017 +0200
committernkk71 <nkk71x@gmail.com>Mon Mar 06 18:50:52 2017 +0200
tree788c81abdeb80f028754935f825538284cce550e
parent09e8693b7a4f329ee929b0a3754ab07d49ceaebd [diff]
crypto: Use system's vold for decryption

  If TWRP crypto fails to decrypt partition, mount the system
  partition and use system's own vold to attempt decryption.
  This provides a fallback for proprietary OEM encryption as well as
  encryption methods which TWRP hasn't been updated for.

  Requirements in device tree:
  * fstab.{ro.hardware} in device/recovery/root
    The fstab does not need to be complete, but it does need the
    data partition and the encryption entries.

  * 'TW_CRYPTO_USE_SYSTEM_VOLD := true' in BoardConfig
  or
  * 'TW_CRYPTO_USE_SYSTEM_VOLD := <list of services>'

  Notes:
  * Setting the flag to 'true' will just use system's vdc+vold
    or
  * Setting the flag with additional services, will also start them
    prior to attempting vdc+vold decryption, eg: for qualcomm based
    devices you usually need 'TW_CRYPTO_USE_SYSTEM_VOLD := qseecomd'

  * For each service listed an additional import will be automatically
    added to the vold_decrypt.rc file in the form of
    init.recovery.vold_decrypt.{service}.rc
    You will need to add any not already existing .rc files in
    your device/recovery/root folder.

  * The service names specified in the vold_decrypt.{service}.rc files
    have to be named 'sys_{service}'
    eg: 'service sys_qseecomd /system/bin/qseecomd'

  * Any service already existing in TWRP as {service} or sbin{service} will
    be stopped and restarted as needed.

  * You can override the default init.recovery.vold_decrypt.rc file(s)
    by placing same named ones in your device/recovery/root folder.
    If you do, you'll need to manually add the needed imports.

  * If /vendor and /firmware folders are temporarily moved and symlinked
    to the folders and files in the system partition, the properties
    'vold_decrypt.symlinked_vendor' and 'vold_decrypt.symlinked_firmware'
    will be set to 1.
    This allows for additional control in the .rc files for any extra
    actions (symlinks, cp files, etc) that may be needed for decryption
    by using: on property:vold_decrypt.symlinked_vendor=1 and/or
    on property:vold_decrypt.symlinked_firmware=1 triggers.

  Debug mode: 'TW_CRYPTO_SYSTEM_VOLD_DEBUG := true' in BoardConfig
  * Specifying this flag, will enable strace on init and vdc, which will
    create separate log files in /tmp for every process created, allowing
    for detailed analysis of which services and files are being accessed.
  * Note that enabling strace will expose the password in the logs!!
  * You need to manually add strace to your build.

Thanks to @Captain_Throwback for co-authoring and testing.

Tested successfully on HTC devices:
M8 (KK through MM), M9 (MM and N), A9 (N), 10 (N), Bolt (N),
Desire 626s (MM), U Ultra (N)

HTC One X9 (MTK device)

And by Nikolay Jeliazkov on: Xiaomi Mi Max

Change-Id: I4d22ab55baf6a2a50adde2e4c1c510c142714227
8 files changed
tree: 788c81abdeb80f028754935f825538284cce550e
  1. adbbu/
  2. applypatch/
  3. attr/
  4. bmlutils/
  5. bootloader_message/
  6. crypto/
  7. digest/
  8. dosfstools/
  9. edify/
  10. etc/
  11. exfat/
  12. fb2png/
  13. flashutils/
  14. fonts/
  15. fuse/
  16. gpt/
  17. gui/
  18. htcdumlock/
  19. injecttwrp/
  20. libblkid/
  21. libcrecovery/
  22. libmincrypt/
  23. libpixelflinger/
  24. libtar/
  25. minadbd/
  26. minadbd.old/
  27. minui/
  28. minui.old/
  29. minuitwrp/
  30. minzip/
  31. mmcutils/
  32. mtdutils/
  33. mtp/
  34. openaes/
  35. orscmd/
  36. otafault/
  37. pigz/
  38. prebuilt/
  39. res/
  40. res-hdpi/
  41. res-mdpi/
  42. res-xhdpi/
  43. res-xxhdpi/
  44. res-xxxhdpi/
  45. scripts/
  46. sepolicy/
  47. simg2img/
  48. tests/
  49. toolbox/
  50. tools/
  51. toybox/
  52. twrpTarMain/
  53. uncrypt/
  54. update_verifier/
  55. updater/
  56. verifier24/
  57. res-560dpires-xxxhdpi
  58. .gitignore
  59. adb_install.cpp
  60. adb_install.h
  61. Android.mk
  62. asn1_decoder.cpp
  63. asn1_decoder.h
  64. bootloader.h
  65. CleanSpec.mk
  66. common.h
  67. data.cpp
  68. data.hpp
  69. default_device.cpp
  70. device.cpp
  71. device.h
  72. error_code.h
  73. exclude.cpp
  74. exclude.hpp
  75. find_file.cpp
  76. find_file.hpp
  77. fixContexts.cpp
  78. fixContexts.hpp
  79. fuse.h
  80. fuse_sdcard_provider.cpp
  81. fuse_sdcard_provider.h
  82. fuse_sideload.cpp
  83. fuse_sideload.h
  84. infomanager.cpp
  85. infomanager.hpp
  86. install.cpp
  87. install.h
  88. installcommand.cpp
  89. installcommand.h
  90. interlace-frames.py
  91. legacy_properties.h
  92. legacy_property_service.cpp
  93. legacy_property_service.h
  94. mounts.c
  95. mounts.h
  96. NOTICE
  97. openrecoveryscript.cpp
  98. openrecoveryscript.hpp
  99. partition.cpp
  100. partitionmanager.cpp
  101. partitions.hpp
  102. print_sha1.h
  103. progresstracking.cpp
  104. progresstracking.hpp
  105. README.md
  106. recovery-persist.cpp
  107. recovery-persist.rc
  108. recovery-refresh.cpp
  109. recovery-refresh.rc
  110. recovery.cpp
  111. recovery_ui.h
  112. roots.cpp
  113. roots.h
  114. screen_ui.cpp
  115. screen_ui.h
  116. set_metadata.cpp
  117. set_metadata.h
  118. tarWrite.c
  119. tarWrite.h
  120. tw_atomic.cpp
  121. tw_atomic.hpp
  122. twcommon.h
  123. twinstall.cpp
  124. twinstall.h
  125. twrp-functions.cpp
  126. twrp-functions.hpp
  127. twrp.cpp
  128. twrpDigest.cpp
  129. twrpDigest.hpp
  130. twrpTar.cpp
  131. twrpTar.h
  132. twrpTar.hpp
  133. ui.cpp
  134. ui.h
  135. unique_fd.h
  136. variables.h
  137. verifier.cpp
  138. verifier.h
  139. wear_touch.cpp
  140. wear_touch.h
  141. wear_ui.cpp
  142. wear_ui.h
README.md

Team Win Recovery Project (TWRP)

You can find a compiling guide here.