recovery-utils: don't allow manual (un)encryption of rootfs partition

This partition isn't blacklisted, but it should only be (un)encrypted when providing an update package. Make it so that manual encryption status changes for this partition aren't possible from the recovery library. https://onedigi.atlassian.net/browse/DEL-7174 Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
2021-05-11 12:10:13 +02:00 · 2021-05-11 12:10:13 +02:00 · 953a376d97
parent bf8c73322b
commit 953a376d97
1 changed files with 16 additions and 0 deletions
--- a/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c
+++ b/meta-digi-dey/recipes-core/recovery/recovery-utils/recovery-utils/lib/recovery.c
@ -685,6 +685,8 @@ err:
 */
 int encrypt_partitions(char *to_encrypt, char *to_unencrypt, unsigned char force)
 {
+	char *rootfs[] = { "rootfs", NULL };
+
 	char *parts[MAX_PARTITIONS];
 	char *encrypted[MAX_PARTITIONS];
 	char *new_encrypted[MAX_PARTITIONS];
@ -736,6 +738,20 @@ int encrypt_partitions(char *to_encrypt, char *to_unencrypt, unsigned char force
 		goto err;
 	}

+	/*
+	 * Special case: rootfs encryption is possible, but it can't be done
+	 * manually. Like with the blacklisted partitions, remove any
+	 * appearence of 'rootfs' from the diffs, but with a different message.
+	 */
+	if (entry_exists(rootfs[0], enc_diff)) {
+		printf("Warning: rootfs encryption cannot be done manually, skipping\n");
+		subtract_array(rootfs, enc_diff);
+	}
+	if (entry_exists(rootfs[0], unenc_diff)) {
+		printf("Warning: rootfs unencryption cannot be done manually, skipping\n");
+		subtract_array(rootfs, unenc_diff);
+	}
+
 	/*
 	 * Create a copy of the encrypted parts array. We know the copy won't
 	 * surpass the limit, but check the return code in case of a strdup()