ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fs_mgr: always use "check_at_most_once"

Browse source 
dm-verity's overhead is non-negligible.

As we're optimizing for performance over security, always use
"check_at_most_once".

This feature is available on kernels v4.17 and onwards and is
equivalent to CONFIG_DM_ANDROID_VERITY_AT_MOST_ONCE_DEFAULT_ENABLED
on older kernels.

Change-Id: Ib8b13d8429ac62bb1553ae81a7175d33fdb2e471
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
This commit is contained in:
Juhyung Park 2024-05-21 20:39:48 +09:00 committed by DigiGoon
parent 10c00cd79d
commit ea0a7ba3c3
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
fs_mgr/libfs_avb/avb_util.cpp
View file

@ -80,9 +80,8 @@ bool ConstructVerityTable(const FsAvbHashtreeDescriptor& hashtree_desc,
// Always use ignore_zero_blocks.
target.IgnoreZeroBlocks();
if (hashtree_desc.flags & AVB_HASHTREE_DESCRIPTOR_FLAGS_CHECK_AT_MOST_ONCE) {
target.CheckAtMostOnce();
}
// Always check only once
target.CheckAtMostOnce();
LINFO << "Built verity table: '" << target.GetParameterString() << "'";