mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-25 07:29:24 -05:00
Patch for AES256 encryption
This commit is contained in:
parent
d6148bb4df
commit
a350cd92f1
50
Patches/LineageOS-14.1/android_system_vold/0001-AES256.patch
Normal file
50
Patches/LineageOS-14.1/android_system_vold/0001-AES256.patch
Normal file
@ -0,0 +1,50 @@
|
||||
From af22f14223092a5403bc33608260f355b57284f3 Mon Sep 17 00:00:00 2001
|
||||
From: Tad <tad@spotco.us>
|
||||
Date: Mon, 1 Jan 2018 09:50:29 -0500
|
||||
Subject: [PATCH] Build time variable for AES-256 encryption
|
||||
|
||||
Change-Id: Id08b5a18c5b4d4ec1f3f67a8e5eab93f5b967060
|
||||
---
|
||||
cryptfs.c | 11 +++++++++--
|
||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/cryptfs.c b/cryptfs.c
|
||||
index b25510f..86ffac3 100644
|
||||
--- a/cryptfs.c
|
||||
+++ b/cryptfs.c
|
||||
@@ -76,9 +76,17 @@
|
||||
|
||||
#define DM_CRYPT_BUF_SIZE 4096
|
||||
|
||||
+#ifdef CONFIG_STRONG_ENCRYPTION
|
||||
+#define HASH_COUNT 6000
|
||||
+#define KEY_LEN_BYTES 32
|
||||
+#define IV_LEN_BYTES 32
|
||||
+#define RSA_KEY_SIZE 4096
|
||||
+#else
|
||||
#define HASH_COUNT 2000
|
||||
#define KEY_LEN_BYTES 16
|
||||
#define IV_LEN_BYTES 16
|
||||
+#define RSA_KEY_SIZE 2048
|
||||
+#endif
|
||||
|
||||
#define KEY_IN_FOOTER "footer"
|
||||
|
||||
@@ -94,13 +102,12 @@
|
||||
|
||||
#define TABLE_LOAD_RETRIES 10
|
||||
|
||||
-#define RSA_KEY_SIZE 2048
|
||||
#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
|
||||
#define RSA_EXPONENT 0x10001
|
||||
#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
|
||||
|
||||
#define RETRY_MOUNT_ATTEMPTS 20
|
||||
-#define RETRY_MOUNT_DELAY_SECONDS 1
|
||||
+#define RETRY_MOUNT_DELAY_SECONDS 3
|
||||
|
||||
char *me = "cryptfs";
|
||||
|
||||
--
|
||||
2.15.1
|
||||
|
@ -65,7 +65,7 @@ enableZram() {
|
||||
}
|
||||
export -f enableZram;
|
||||
|
||||
enabledForcedEncryption() {
|
||||
enableForcedEncryption() {
|
||||
cd $base$1;
|
||||
if [[ $1 != *"mako"* ]]; then #Forced encryption seems to prevent some devices from booting
|
||||
sed -i 's|encryptable=/|forceencrypt=/|' fstab.* root/fstab.* rootdir/fstab.* rootdir/etc/fstab.* &>/dev/null || true;
|
||||
@ -73,7 +73,15 @@ enabledForcedEncryption() {
|
||||
fi;
|
||||
cd $base;
|
||||
}
|
||||
export -f enabledForcedEncryption;
|
||||
export -f enableForcedEncryption;
|
||||
|
||||
enableStrongEncryption() {
|
||||
cd $base$1;
|
||||
echo "CONFIG_STRONG_ENCRYPTION := true" >> BoardConfig.mk;
|
||||
echo "Enabled AES-256 encryption for $1";
|
||||
cd $base;
|
||||
}
|
||||
export -f enableStrongEncryption;
|
||||
|
||||
hardenDefconfig() {
|
||||
cd $base$1;
|
||||
|
@ -141,7 +141,7 @@ enter "packages/apps/PackageInstaller"
|
||||
patch -p1 < $patches"android_packages_apps_PackageInstaller/64d8b44.diff" #Fix an issue with Permission Review
|
||||
|
||||
enter "packages/apps/Settings"
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 32;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length
|
||||
sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; #MicroG doesn't support Backup, hide the options
|
||||
patch -p1 < $patches"android_packages_apps_Settings/0001-Privacy_Guard-More_Perms.patch" #Allow more control over various permissions via Privacy Guard
|
||||
|
||||
@ -174,12 +174,7 @@ cat /tmp/ar/hosts >> rootdir/etc/hosts #Merge in our HOSTS file
|
||||
patch -p1 < $patches"android_system_core/0001-Harden_Mounts.patch" #Harden mounts with nodev/noexec/nosuid. Disclaimer: From CopperheadOS 13.0
|
||||
|
||||
enter "system/vold"
|
||||
#XXX: THESE VALUES MUST *NOT* EVER BE CHANGED AFTER RELEASE!
|
||||
#sed -i 's|define HASH_COUNT 2000|define HASH_COUNT 6000|' cryptfs.c; #Increase pbkdf iterations
|
||||
#sed -i 's|define KEY_LEN_BYTES 16|define KEY_LEN_BYTES 32|' cryptfs.c; #128-bit -> 256-bit
|
||||
#sed -i 's|define IV_LEN_BYTES 16|define IV_LEN_BYTES 32|' cryptfs.c;
|
||||
#sed -i 's|define RSA_KEY_SIZE 2048|define RSA_KEY_SIZE 4096|' cryptfs.c; #Increase signning key size to 4096
|
||||
sed -i 's|define RETRY_MOUNT_DELAY_SECONDS 1|define RETRY_MOUNT_DELAY_SECONDS 3|' cryptfs.c;
|
||||
patch -p1 < $patches"android_system_vold/0001-AES256.patch" #Add a variable for enabling AES-256 bit encryption
|
||||
|
||||
enter "vendor/cm"
|
||||
rm -rf overlay/common/vendor/cmsdk/packages #Remove analytics
|
||||
@ -219,7 +214,7 @@ patch -p1 < $patches"android_kernel_oneplus_msm8974/0001-OverUnderClock-EXTREME.
|
||||
|
||||
enter "kernel/lge/g3"
|
||||
#sed -i 's/39 01 00 00 00 00 04 F2 01 00 40/39 01 00 00 00 00 04 F2 01 00 00/' arch/arm/boot/dts/msm8974pro-lge-common/msm8974pro-lge-panel.dtsi; #Oversharpening fix, Credit: @Skin1980
|
||||
patch -p1 < $patches"android_kernel_lge_g3/Overclock-1.patch" #2.45Ghz -> 2.76Ghz =+1.24Ghz XXX: Untested!
|
||||
patch -p1 < $patches"android_kernel_lge_g3/Overclock-1.patch" #2.45Ghz -> 2.76Ghz =+1.24Ghz
|
||||
patch -p1 < $patches"android_kernel_lge_g3/Overclock-2.patch"
|
||||
patch -p1 < $patches"android_kernel_lge_g3/Overclock-3.patch"
|
||||
patch -p1 < $patches"android_kernel_lge_g3/Overclock-4.patch"
|
||||
@ -240,10 +235,12 @@ patch -p1 < $patches"android_kernel_motorola_msm8916/0001-Overclock.patch" #1.36
|
||||
#Make changes to all devices
|
||||
cd $base
|
||||
find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enhanceLocation "$0"' {} \;
|
||||
find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enabledForcedEncryption "$0"' {} \;
|
||||
find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableForcedEncryption "$0"' {} \;
|
||||
#find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enableStrongEncryption "$0"' {} \;
|
||||
find "kernel" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'hardenDefconfig "$0"' {} \;
|
||||
cd $base
|
||||
sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_flo_defconfig; #Breaks compile
|
||||
enableStrongEncryption device/lge/mako #Enable experimental strong encryption for mako for testing
|
||||
sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_flo_defconfig; #Breaks on compile
|
||||
#
|
||||
#END OF DEVICE CHANGES
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user