From 953a376d97ed66bc9357a374a1ea9a22a775ee09 Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Tue, 11 May 2021 12:10:13 +0200 Subject: [PATCH] recovery-utils: don't allow manual (un)encryption of rootfs partition This partition isn't blacklisted, but it should only be (un)encrypted when providing an update package. Make it so that manual encryption status changes for this partition aren't possible from the recovery library. https://onedigi.atlassian.net/browse/DEL-7174 Signed-off-by: Gabriel Valcazar --- .../recovery-utils/recovery-utils/lib/recovery.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c b/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c index 28ddc1551..ce1762341 100644 --- a/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c +++ b/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c @@ -685,6 +685,8 @@ err: */ int encrypt_partitions(char *to_encrypt, char *to_unencrypt, unsigned char force) { + char *rootfs[] = { "rootfs", NULL }; + char *parts[MAX_PARTITIONS]; char *encrypted[MAX_PARTITIONS]; char *new_encrypted[MAX_PARTITIONS]; @@ -736,6 +738,20 @@ int encrypt_partitions(char *to_encrypt, char *to_unencrypt, unsigned char force goto err; } + /* + * Special case: rootfs encryption is possible, but it can't be done + * manually. Like with the blacklisted partitions, remove any + * appearence of 'rootfs' from the diffs, but with a different message. + */ + if (entry_exists(rootfs[0], enc_diff)) { + printf("Warning: rootfs encryption cannot be done manually, skipping\n"); + subtract_array(rootfs, enc_diff); + } + if (entry_exists(rootfs[0], unenc_diff)) { + printf("Warning: rootfs unencryption cannot be done manually, skipping\n"); + subtract_array(rootfs, unenc_diff); + } + /* * Create a copy of the encrypted parts array. We know the copy won't * surpass the limit, but check the return code in case of a strdup()