commit 5ae6b8718d65e3d88993090f58f375da83513875
author JeongHyeon Lee <jhs2.lee@samsung.com> Thu Apr 22 20:02:09 2021 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Apr 22 20:02:09 2021 +0000
tree f838f05906c33e682efb2700ba06f7ade6410d7c
parent 2fff2e52cd8ef7c8f09d6aaecc5d36d90f5cacb0
parent ff6234f481e0cea91ebad31f2e9deaebc33b0c43

libavb: Add new dm-verity error handling mode am: 45ec542fae am: 5ee43689e1 am: eb716e42b6 am: ff6234f481

Original change: https://android-review.googlesource.com/c/platform/external/avb/+/1677928

Change-Id: I68a6a158252eb5cfdd8c5d91ee33863f6eb381f6

README.md

diff --git a/README.md b/README.md
index eb6457e..de2f014 100644
--- a/README.md
+++ b/README.md
@@ -1014,6 +1014,11 @@
    be used for **ONLY** diagnostics and debugging. It cannot be used
    unless verification errors are allowed.
 
+* `AVB_HASHTREE_ERROR_MODE_PANIC` means that the OS will **panic** without
+  the current slot being invalidated. Be careful using this mode as it may
+  introduce boot panic if the same hashtree verification error is hit on
+  every boot. This mode is available since: 1.7.0 (kernel 5.9)
+
 The value passed in `hashtree_error_mode` is essentially just passed on through
 to the HLOS through the the `androidboot.veritymode`,
 `androidboot.veritymode.managed`, and `androidboot.vbmeta.invalidate_on_error`
@@ -1026,6 +1031,7 @@
 | `AVB_HASHTREE_ERROR_MODE_EIO` | **eio** | (unset) | (unset) |
 | `AVB_HASHTREE_ERROR_MODE_MANAGED_RESTART_AND_EIO` | **eio** or **enforcing** | **yes** | (unset) |
 | `AVB_HASHTREE_ERROR_MODE_LOGGING` | **ignore_corruption** | (unset) | (unset) |
+| `AVB_HASHTREE_ERROR_MODE_PANIC` | **panicking** | (unset) | (unset) |
 
 The only exception to this table is that if the
 `AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED` flag is set in the top-level vbmeta,

libavb/avb_cmdline.c

diff --git a/libavb/avb_cmdline.c b/libavb/avb_cmdline.c
index 5773a20..6613020 100644
--- a/libavb/avb_cmdline.c
+++ b/libavb/avb_cmdline.c
@@ -353,6 +353,10 @@
         // remapped by avb_manage_hashtree_error_mode().
         avb_assert_not_reached();
         break;
+      case AVB_HASHTREE_ERROR_MODE_PANIC:
+        verity_mode = "panicking";
+        dm_verity_mode = "panic_on_corruption";
+        break;
     }
     new_ret = avb_replace(
         slot_data->cmdline, "$(ANDROID_VERITY_MODE)", dm_verity_mode);

libavb/avb_slot_verify.h

diff --git a/libavb/avb_slot_verify.h b/libavb/avb_slot_verify.h
index a2c98f4..633e7da 100644
--- a/libavb/avb_slot_verify.h
+++ b/libavb/avb_slot_verify.h
@@ -88,7 +88,8 @@
   AVB_HASHTREE_ERROR_MODE_RESTART,
   AVB_HASHTREE_ERROR_MODE_EIO,
   AVB_HASHTREE_ERROR_MODE_LOGGING,
-  AVB_HASHTREE_ERROR_MODE_MANAGED_RESTART_AND_EIO
+  AVB_HASHTREE_ERROR_MODE_MANAGED_RESTART_AND_EIO,
+  AVB_HASHTREE_ERROR_MODE_PANIC
 } AvbHashtreeErrorMode;
 
 /* Flags that influence how avb_slot_verify() works.