Google Git
Sign in
android / platform / test / vts-testcase / security / refs/heads/main
commit5fd8ee4fe82b38abe40a397a791a06f43e922aee[log] [tgz]
authorLongPing Wei <[email protected]>Tue Mar 25 10:12:26 2025 +0800
committerLongPing Wei <[email protected]>Tue Mar 25 10:29:34 2025 +0800
treed5aab311d1206b9a1420b7c015d056ec32c14e95
parent03c43ede280f944d5f79cdb70a467950f97f79d2 [diff]
avb: synchronize optional parameter list to latest

https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity#optional-parameters
Optional parameters

ignore_corruption: Log corrupted blocks, but allow read operations to proceed normally.
Available since: 1.2.0 (no proper version set) (kernel 4.1)

restart_on_corruption: Restart the system when a corrupted block is discovered.
This option is not compatible with ignore_corruption and panic_on_corruption and requires user space support to avoid restart loops.
Available since: 1.2.0 (no proper version set) (kernel 4.1)

panic_on_corruption: Panic the system when a corrupted block is discovered.
This option is not compatible with ignore_corruption and restart_on_corruption and requires user space support to avoid restart loops.
Available since: 1.7.0 (kernel 5.9)

restart_on_error: Restart the system when an I/O error is detected.
This option can be combined with the restart_on_corruption option.
Available since: 1.10.0 (kernel 6.12)

panic_on_error: Panic the device when an I/O error is detected.
This option is not compatible with the restart_on_error option but can be combined with the panic_on_corruption option.
Available since: 1.10.0 (kernel 6.12)

ignore_zero_blocks: Do not verify blocks that are expected to contain zeroes and always return zeroes instead.
This may be useful if the partition contains unused blocks that are not guaranteed to contain zeroes.
Available since: 1.3.0 (kernel 4.5)

check_at_most_once: Verify data blocks only the first time they are read from the data device, rather than every time.
It provides a reduced level of security because only offline tampering of the data device's content will be detected, not online tampering.
Available since: 1.4.0 (kernel 4.17)

root_hash_sig_key_desc <key_description>: The PKCS7 signature to validate the root hash during the creation of the device.
The key must be in trusted kernel keyring.
Verification of roothash depends on the config DM_VERITY_VERIFY_ROOTHASH_SIG being set.
Available since: 1.5.0 (kernel 5.4)

try_verify_in_tasklet: If possible, verify data blocks in kernel tasklet instead of workqueue. This option can reduce IO latency.
Available since: 1.9.0 (kernel 6.0)

Bug: 401036538
Change-Id: Ia3d1a6152b296bc1bea2feb872b4cad8e4a551db
Signed-off-by: LongPing Wei <[email protected]>
1 file changed
tree: d5aab311d1206b9a1420b7c015d056ec32c14e95
  1. avb/
  2. selinux/
  3. system_property/
  4. .clang-format
  5. __init__.py
  6. Android.bp
  7. OWNERS
  8. PREUPLOAD.cfg