On very large HDDs, the sector count was wrapping around. Switch most
calculations to bytes using uint64_t, and use BLKGETSIZE64 for checking
the loopback device size.
BUG=chrome-os-partner:12705
TEST=parrot build, manual testing
STATUS=Fixed
Change-Id: I1f7aea81151ed5cc130b1f6a05fda83f7a85150f
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/31073
Reviewed-by: Elly Jones <ellyjones@chromium.org>
mkfs.ext4 does not use the resize= hint for calculating inode ratios.
This means very tiny initial filesystems will not get enough inodes
once it has been resized. This calculates the desired inode ratio based
on the expected final size of the filesystem.
BUG=chrome-os-partner:12678
TEST=lumpy build, manual testing
STATUS=Fixed
Change-Id: I216aaaa6e0ef50e82265ee46ecac5a65bb077387
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/30579
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
The encrypted partition has been plagued with TPM problems, which means
systems that have a wedged TPM, or interrupt the TPM Ownership, Lockbox
creation, etc, all fail to keep the encrypted partition across a reboot.
As a result, we're forced to write the encryption key to disk initially,
and then throw it away once the system key from NVRAM can be used to
encrypt it.
On most systems that have a sane unowned TPM, the key will only be on
disk until the first login finishes and Cryptohome can Finalize the
NVRAM area. For all the other systems, they will continue to run, but
with their encryption key effectively in the clear. Technically, this
is not a regression from R21, so at least we can move forward and work
to improve this in the future.
Some attempt is made to wipe out the key, but this is especially ugly for
SSDs, since doing a "shred" just means the blocks will get moved around.
When ext4 supports "secure delete", we can move to that instead.
BUG=chromium-os:32951
TEST=alex build, manual testing
Change-Id: I9b9a0190ea0f47a277a150eb0882e4a507ff2927
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/29123
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Force mode of created key file to 0600, and make sure there is enough
room in the decryption buffer for any possible change to the decryption
algo.
BUG=None
TEST=alex build, manual testing
Change-Id: I89dceec22683ff66b5e1f61a63f14a1db1c4e2ee
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/28892
Reviewed-by: Elly Jones <ellyjones@chromium.org>
On kernels prior to 3.1, the "allow_discard" option does not exist.
Allow for this by attempting to set up the table twice if the
allow_discard attempt fails.
BUG=chrome-os-partner:11529
TEST=link build, boots 3.2 ok, falls back when option is invalid.
Change-Id: I904d3770543ebdeb0eace9ffa8e6c654cf97976d
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/28024
Reviewed-by: Elly Jones <ellyjones@chromium.org>
When doing a migration, try to guess at a smaller minimum size for the
initial filesystem so that systems with giant drives are not needlessly
penalized. Start with an even smaller initial filesystem size (16M).
Move debug time counters into the main .o file to avoid compiler
insanity when turning debug on and off.
BUG=chromium-os:22172
TEST=link build & boot, manual testing
Change-Id: I47c3ffb6e4cd88c4f0ead6fa21724704c7ed1630
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/25638
Reviewed-by: Elly Jones <ellyjones@chromium.org>
When testing mount-encrypted, allow for the "MOUNT_ENCRYPTED_ROOT"
environment variable to define the root directory of all the internal
mount paths. By default, it remains "/". This changes all the formerly
static globals to dynamic.
Add support for environment variable "MOUNT_ENCRYPTED_FSCK" which
causes a fsck during the "umount" phase.
Improve loopback name handling and add debugging.
Rename "device" command to "info", add path details.
BUG=chromium-os:22172
TEST=x86-alex build, manual testing
Change-Id: Icf89a0a5283d38e098fa8e1d92a84b1cccacb4db
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/23580
Reviewed-by: Will Drewry <wad@chromium.org>
When shutting the system down, mount-encrypted can be used to clean up
all its bind mounts and devices.
BUG=None
TEST=x86-alex build, manual testing
Change-Id: I025ce8c16c55f8556d7fff45eb6ac2b7a835101a
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/21913
Reviewed-by: Elly Jones <ellyjones@chromium.org>
When the filesystem resizing process starts, it has the TPM open,
which means it can collide with tcsd after the main process exits.
Additionally, improve the debugging around TPM usage for better timing
analysis.
BUG=None
TEST=lumpy build & manual testing
Change-Id: I7028131015fb972c99e8b3d035f58346f08fbd06
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/19535
Reviewed-by: Elly Jones <ellyjones@chromium.org>
