Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_core / 2f423b136d08061f35559bc3c475a37bdc9d3a82
commit2f423b136d08061f35559bc3c475a37bdc9d3a82[log] [tgz]
authorDanny Lin <danny@kdrag0n.dev>Wed Oct 07 00:24:54 2020 -0700
committerTim Zimmermann <tim@linux4.de>Sun Mar 24 06:44:18 2024 +0100
treea673645c92a5ee13607841c0e840f46fc0a9aa98
parent87dabc941a0cb533ca789ccb7db88605c9e78b62 [diff]
init: Report valid verified boot for SafetyNet checks

Google's SafetyNet attestation includes checks for the integrity of the
verified boot chain, as reported by some ro.boot.* properties normally
passed by the bootloader. Reporting successful, valid values helps pass
SafetyNet checks, as long as other system state is intact.

However, the real prop values must be retained in recovery/fastbootd in
order for fastbootd to allow/deny flashing correctly based on the
bootloader lock state. This is accomplished a simple build time conditional,
to have the code bail out early when built for recovery. This is more reliable
and works across all OEMs rather than androidboot.mode

Given that CalyxOS is meant for usage with a locked bootloader, we only
need to spoof the value of verified boot state from yellow to green.
The other values are already acceptable, so we don't touch them

Co-authored-by: Chirayu Desai <chirayudesai1@gmail.com>
Co-authored-by: Michael Bestas <mkbestas@gmail.com>
Change-Id: I66d23fd91d82906b00d5eb020668f01ae83ec31f
1 file changed
tree: a673645c92a5ee13607841c0e840f46fc0a9aa98
  1. bootstat/
  2. cli-test/
  3. code_coverage/
  4. debuggerd/
  5. diagnose_usb/
  6. fastboot/
  7. fs_mgr/
  8. gatekeeperd/
  9. healthd/
  10. include/
  11. init/
  12. janitors/
  13. libappfuse/
  14. libasyncio/
  15. libcrypto_utils/
  16. libcutils/
  17. libgrallocusage/
  18. libkeyutils/
  19. libmodprobe/
  20. libnetutils/
  21. libpackagelistparser/
  22. libprocessgroup/
  23. libsparse/
  24. libstats/
  25. libsuspend/
  26. libsync/
  27. libsystem/
  28. libsysutils/
  29. libusbhost/
  30. libutils/
  31. libvndksupport/
  32. llkd/
  33. mini_keyctl/
  34. mkbootfs/
  35. property_service/
  36. reboot/
  37. rootdir/
  38. run-as/
  39. sdcard/
  40. shell_and_utilities/
  41. storaged/
  42. toolbox/
  43. trusty/
  44. usbd/
  45. watchdogd/
  46. .clang-format.clang-format-4
  47. .clang-format-2 ⇨ ../../build/soong/scripts/system-clang-format-2
  48. .clang-format-4 ⇨ ../../build/soong/scripts/system-clang-format
  49. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  50. .gitignore
  51. CleanSpec.mk
  52. METADATA
  53. MODULE_LICENSE_APACHE2
  54. OWNERS
  55. PREUPLOAD.cfg