StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Zero out blocks that may be touched by dm-verity.

Browse Source 
dm-verity may touch some blocks that are not in the care_map due to
block device read-ahead. It will fail if such blocks contain
non-zeroes. As a workaround, we mark them as extended blocks and
zero out explicitly to avoid dm-verity failures.

Bug: 20881595
Change-Id: I54e24e70ad822c0d6d7af43301f74d24505f4461
This commit is contained in:
Tao Bao
2015-07-09 17:37:49 -07:00
parent 2a3a2dc33c
commit 2fd2c9bfd6
4 changed files with 73 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
tools/releasetools/common.py
View File

@@ -1253,7 +1253,23 @@ class BlockDifference(object):
script.AppendExtra('if range_sha1("%s", "%s") == "%s" then' % (
self.device, ranges_str,
self.tgt.TotalSha1(include_clobbered_blocks=True)))
script.Print('Verified the updated %s image.' % (partition,))
# Bug: 20881595
# Verify that extended blocks are really zeroed out.
if self.tgt.extended:
ranges_str = self.tgt.extended.to_string_raw()
script.AppendExtra('if range_sha1("%s", "%s") == "%s" then' % (
self.device, ranges_str,
self._HashZeroBlocks(self.tgt.extended.size())))
script.Print('Verified the updated %s image.' % (partition,))
script.AppendExtra(
'else\n'
' abort("%s partition has unexpected non-zero contents after OTA '
'update");\n'
'endif;' % (partition,))
else:
script.Print('Verified the updated %s image.' % (partition,))
script.AppendExtra(
'else\n'
' abort("%s partition has unexpected contents after OTA update");\n'
@@ -1286,6 +1302,15 @@ class BlockDifference(object):
return ctx.hexdigest()
def _HashZeroBlocks(self, num_blocks): # pylint: disable=no-self-use
"""Return the hash value for all zero blocks."""
zero_block = '\x00' * 4096
ctx = sha1()
for _ in range(num_blocks):
ctx.update(zero_block)
return ctx.hexdigest()
# TODO(tbao): Due to http://b/20939131, block 0 may be changed without
# remounting R/W. Will change the checking to a finer-grained way to
# mask off those bits.