author | Xindong Xu <xindong.xu@amlogic.com> | 2020-04-24 02:42:39 (GMT) |
---|---|---|
committer | Shen Liu <shen.liu@amlogic.com> | 2020-04-26 11:57:37 (GMT) |
commit | 32ad13d2c202277a206da318bce585d91a5419cc (patch) | |
tree | 1c52676fea5be881569ef16bfdd5d51295e8c272 | |
parent | 558396ee7b88abf08e825f04cfe280f86ac5a21d (diff) | |
download | common-32ad13d2c202277a206da318bce585d91a5419cc.zip common-32ad13d2c202277a206da318bce585d91a5419cc.tar.gz common-32ad13d2c202277a206da318bce585d91a5419cc.tar.bz2 |
md: High security vulnerability in dm-anroid-verity [1/1]
PD#SWPL-24864
Problem:
High security vulnerability in dm-anroid-verity
Solution:
we add this code for test.
It was improperly released, revert it.
Android avb code is ok after revert it.
Revert "md: use dm-anroid-verity [3/4]"
This reverts commit 84edbc7284d824c43d14293d56e17d5d201cfd66.
Verify:
franklin
Change-Id: I8daa068475ee6d29b3ee8a5e8475b7594d71ce7d
Signed-off-by: Xindong Xu <xindong.xu@amlogic.com>
-rw-r--r-- | arch/arm64/configs/meson64_defconfig | 4 | ||||
-rw-r--r-- | drivers/md/Kconfig | 2 | ||||
-rw-r--r-- | drivers/md/dm-android-verity.c | 37 |
3 files changed, 3 insertions, 40 deletions
diff --git a/arch/arm64/configs/meson64_defconfig b/arch/arm64/configs/meson64_defconfig index 275f21b..5be73ab 100644 --- a/arch/arm64/configs/meson64_defconfig +++ b/arch/arm64/configs/meson64_defconfig @@ -391,15 +391,11 @@ CONFIG_SCSI=y CONFIG_BLK_DEV_SD=y CONFIG_BLK_DEV_SR=y CONFIG_MD=y -CONFIG_BLK_DEV_MD=y -CONFIG_MD_LINEAR=y CONFIG_BLK_DEV_DM=y CONFIG_DM_CRYPT=y CONFIG_DM_VERITY=y -CONFIG_DM_VERITY_HASH_PREFETCH_MIN_SIZE=1 CONFIG_DM_VERITY_FEC=y CONFIG_DM_VERITY_AVB=y -CONFIG_DM_ANDROID_VERITY=y CONFIG_NETDEVICES=y CONFIG_TUN=y CONFIG_8139CP=y diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig index b425a87..b76de4d 100644 --- a/drivers/md/Kconfig +++ b/drivers/md/Kconfig @@ -531,6 +531,8 @@ config DM_ANDROID_VERITY bool "Android verity target support" depends on DM_VERITY=y depends on X509_CERTIFICATE_PARSER + depends on SYSTEM_TRUSTED_KEYRING + depends on PUBLIC_KEY_ALGO_RSA depends on KEYS depends on ASYMMETRIC_KEY_TYPE depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE diff --git a/drivers/md/dm-android-verity.c b/drivers/md/dm-android-verity.c index f225538..eb4bdf6 100644 --- a/drivers/md/dm-android-verity.c +++ b/drivers/md/dm-android-verity.c @@ -33,9 +33,6 @@ #include <asm/setup.h> #include <crypto/hash.h> -#ifdef CONFIG_AMLOGIC_MODIFY -#include <crypto/hash_info.h> -#endif #include <crypto/public_key.h> #include <crypto/sha.h> #include <keys/asymmetric-type.h> @@ -99,12 +96,11 @@ static int __init verity_buildvariant(char *line) __setup("buildvariant=", verity_buildvariant); -#ifndef CONFIG_AMLOGIC_MODIFY static inline bool default_verity_key_id(void) { return veritykeyid[0] != '\0'; } -#endif + static inline bool is_eng(void) { static const char typeeng[] = "eng"; @@ -126,7 +122,6 @@ static inline bool is_unlocked(void) return !strncmp(verifiedbootstate, unlocked, sizeof(unlocked)); } -#ifndef CONFIG_AMLOGIC_MODIFY static int table_extract_mpi_array(struct public_key_signature *pks, const void *data, size_t len) { @@ -195,7 +190,6 @@ error: crypto_free_shash(tfm); return ERR_PTR(ret); } -#endif static int read_block_dev(struct bio_read *payload, struct block_device *bdev, sector_t offset, int length) @@ -236,11 +230,7 @@ static int read_block_dev(struct bio_read *payload, struct block_device *bdev, } } -#ifdef CONFIG_AMLOGIC_MODIFY - if (!submit_bio_wait(bio)) -#else if (!submit_bio_wait(READ, bio)) -#endif /* success */ goto free_bio; DMERR("bio read failed"); @@ -577,7 +567,6 @@ static int verity_mode(void) return DM_VERITY_MODE_EIO; } -#ifndef CONFIG_AMLOGIC_MODIFY static int verify_verity_signature(char *key_id, struct android_metadata *metadata) { @@ -622,7 +611,6 @@ error: return retval; } -#endif static void handle_error(void) { @@ -706,13 +694,8 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv) dev_t uninitialized_var(dev); struct android_metadata *metadata = NULL; int err = 0, i, mode; -#ifdef CONFIG_AMLOGIC_MODIFY - char *table_ptr, dummy, *target_device, - *verity_table_args[VERITY_TABLE_ARGS + 2 + VERITY_TABLE_OPT_FEC_ARGS]; -#else char *key_id, *table_ptr, dummy, *target_device, *verity_table_args[VERITY_TABLE_ARGS + 2 + VERITY_TABLE_OPT_FEC_ARGS]; -#endif /* One for specifying number of opt args and one for mode */ sector_t data_sectors; u32 data_block_size; @@ -722,14 +705,6 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv) char buf[FEC_ARG_LENGTH], *buf_ptr; unsigned long long tmpll; -#ifdef CONFIG_AMLOGIC_MODIFY - DMERR("come to android_verity_ctr in dm-android-verity.c"); - if (argc < 10) { - DMERR("Incorrect number of arguments"); - handle_error(); - return -EINVAL; - } -#else if (argc == 1) { /* Use the default keyid */ if (default_verity_key_id()) @@ -746,16 +721,10 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv) handle_error(); return -EINVAL; } -#endif -#ifdef CONFIG_AMLOGIC_MODIFY - target_device = argv[1]; - dev = dm_get_dev_t(argv[1]); -#else target_device = argv[0]; dev = name_to_dev_t(target_device); -#endif if (!dev) { DMERR("no dev found for %s", target_device); handle_error(); @@ -765,11 +734,9 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv) if (is_eng()) return create_linear_device(ti, dev, target_device); -#ifndef CONFIG_AMLOGIC_MODIFY strreplace(key_id, '#', ' '); DMINFO("key:%s dev:%s", key_id, target_device); -#endif if (extract_fec_header(dev, &fec, &ecc)) { DMERR("Error while extracting fec header"); @@ -790,7 +757,6 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv) goto free_metadata; } -#ifndef CONFIG_AMLOGIC_MODIFY if (verity_enabled) { err = verify_verity_signature(key_id, metadata); @@ -801,7 +767,6 @@ static int android_verity_ctr(struct dm_target *ti, unsigned argc, char **argv) } else DMINFO("Signature verification success"); } -#endif table_ptr = metadata->verity_table; |