流程"/>
AVB 部分流程
fs_mgr
仅有部分关键函数
函数入口点:system/core/init/main.cpp-->int main()-->BuiltinFunctionMap& function_map = GetBuiltinFunctionMap();
//function_map 中有所有库中的函数的映射后的命令,以do_mount_all ~~ mount_all 为例
vbmeta verity 相关
AvbHandle::Open()FsManagerAvbOps::AvbSlotVerify()AvbVerifier::Create(); //1AvbVerifier::VerifyVbmetaImages(const std::vector<VBMetaData>& vbmeta_images) //2VerifyVbmetaDigest<SHA256Hasher>(vbmeta_images, digest_); //针对不同的加密方式使用不同的vbmeta校验方式,还有hash512,并结合1/2
do_mount_all()MountAllResult fs_mgr_mount_all(Fstab* fstab, int mount_mode)AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry,bool wait_for_verity_dev)AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta(const FstabEntry& fstab_entry,const std::vector[std::string](std::string)& preload_avb_key_blobs) //返回一个avb_handleLoadAndVerifyVbmetaByPath()AvbHandle::SetUpAvbHashtree()LoadAvbHashtreeToEnableVerity()DeriveAvbPartitionName() //将fstab blk 中带后缀的名字重命名: system_a systemGetHashtreeDescriptor()HashtreeDmVeritySetup() //最后准备工作ConstructVerityTable()SetBlockDeviceReadOnly() //构建verity table ,设置分区读写属性等
上面提到LoadAndVerifyVbmetaByPath失败的原因有:
- waitforfile fail
- open fail
- VerifyVBMetaData: 这里校验的依据有:
-
- footer
- offset
- data_size等等
入口点:system/vold/vdc.cppint main(int argc, char** argv) VoldNativeService::mountFstabfscrypt_mount_metadata_encrypted()mount_via_fs_mgr(const char* mount_point, const char* blk_device, bool needs_encrypt)fs_mgr_do_mount()fs_mgr_do_mount_helper()SetUpStandaloneAvbHashtree()
有两个时机会运行fscrypt_mount_metadata_encrypted(),
- VoldNativeService::mountFstab //本处以此为例
- VoldNativeService::encryptFstab
挂载流程分析
分区挂载相关
main(int argc, char** argv)//agrv[1]==secondSecondStageMain(int argc, char** argv)//agrv[1]==firstFirstStageMain(int argc, char** argv)DoFirstStageMount(bool create_devices)IsRecoveryMode() // access("/system/bin/recovery", F_OK)FirstStageMount::Create();DoCreateDevices()FirstStageMount::DoFirstStageMount()IsDmLinearEnabled() && fstab_.empty() //相关属性检查FirstStageMount::MountPartitions()TrySwitchSystemAsRoot()MountPartition(system_partition, false /* erase_same_mounts */) //先挂载system分区,挂载失败,直接返回SwitchRoot("/system"); //system as rootSkipMountingPartitions() //一些跳过mount的分区,如GSI下几句跳过system-ext/productMountPartition(current, false /* erase_same_mounts */, &end))SetUpDmVerity(&(*begin))if(!fstab_entry->avb_keys.empty())if(avb-handle = disable/error) //return true 直接挂载镜像else AvbHandle::LoadAndVerifyVbmeta(*fstab_entry, preload_avb_key_blobs_[])LoadAndVerifyVbmetaByPath(stab_entry.blk_device, "" ,"" , allow_verification_error, rollback_protection,false , &public_key_data, &verification_disabled, &verify_result);WaitForFile((image_path, 1s))open(image_path.c_str(), O_RDONLY | O_CLOEXEC)VerifyVBMetaData()SetUpAvbHashtree(fstab_entry, false /* wait_for_verity_dev */);BlockDevInitializer::InitDmDevice(const std::string& device)else if (fstab_entry->fs_mgr_flags.avb)if (!InitAvbHandle()) return false;hashtree_result =avb_handle_->SetUpAvbHashtree() fs_mgr_mount_overlayfs_fstab_entry(entry); // fs-type = overlayGetRootEntry(&root_entry) //如fstab中没有/system或者/ ,就创建一个入口block_dev_init_.InitDmDevice(*iter) //Creates "/dev/block/dm-XX" for dm nodes by running coldboot on /sys/block/dm-XX.fs_mgr_overlayfs_mount_all(&fstab_)fs_mgr_mount_point(entry.mount_point);fs_mgr_overlayfs_already_mounted(mount_point)fs_mgr_overlayfs_mount(entry)
驱动部分
module_init(dm_verity_init)dm_register_target(&verity_target);static struct target_type verity_target = {.name = "verity",.features = DM_TARGET_IMMUTABLE,.version = {1, 5, 0},.module = THIS_MODULE,.ctr = verity_ctr,.dtr = verity_dtr,.map = verity_map,.status = verity_status,.prepare_ioctl = verity_prepare_ioctl,.iterate_devices = verity_iterate_devices,.io_hints = verity_io_hints,
};
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
verity_map(struct dm_target *ti, struct bio *bio)verity_end_io(struct bio *bio)INIT_WORK(&io->work, verity_work); //verity_work()verity_finish_io(io, errno_to_blk_status(verity_verify_io(io))) //errno_to_blk_status->blk-core.c 功能未知verity_verify_io(struct dm_verity_io *io)*bio = dm_bio_from_per_bio_data(io, v->ti->per_io_data_size);for(::) //对每一个n_blocksverity_hash_for_block(v, io, cur_block,verity_io_want_digest(v, io),&is_zero);verity_verify_level()verity_hash(v, verity_io_hash_req(v, io), data, 1 << v->hash_dev_block_bits, verity_io_real_digest(v, io))likely(memcmp(verity_io_real_digest(v, io), want_digest, v->digest_size) == 0)verity_fec_decode(v, io, DM_VERITY_BLOCK_TYPE_METADATA, hash_block, data, NULL)verity_handle_err(v, DM_VERITY_BLOCK_TYPE_METADATA, hash_block) //经过verity-hash/ 比较digest/ fec纠错后都失败,处理错误块verity_fec_init_io(io);verity_submit_prefetch(v, io);generic_make_request(bio);
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
更多推荐
AVB 部分流程
发布评论