给TWRP增加Data解密功能(MTK)
是的,你没有看错,给TWRP添加解密功能.
Data加密分为FDE(全磁盘加密) 和 FBE(文件基加密)
当你看到encryptable=/dev/block/platform/bootdevice/by-name/metadata为FDE加密
当你看到fileencryption=aes-256-xts为FBE加密
不知道为啥Y97还在用FDE加密,出厂都是安卓8的设备了。
先说一下解密思路:twrp启动——加载servicemanager hwservicemanager vndservicemanager——加载TrustonicTEE(Start mcDriverDaemon)——加载gatekeeper——加载keymaster——TEE解密——读取data
个人总结
下面演示机型Vivo Y97(Vivo V11i)
参考设备树:momo54181/android_device_vivo_k71v1_64_bsp (github.com)
设备树配置-BoardConfig.mk
Crypto
TW_INCLUDE_CRYPTO := true # 添加加密支持
TW_INCLUDE_CRYPTO_FBE := true # 添加 FBE加密支持
Test
TWRP_INCLUDE_LOGCAT := true #开启Logcat,方便看log
TARGET_USES_LOGD := true #开启logd,方便看log
init.recovery.mt****.rc
#Add By Momo5418 FBE Fixed
on property:crypto.ready=1
start vendor.keymaster-3-0-trustonic
start keymaster-3-0
start gatekeeper-1-0
on property:crypto.ready=0
stop mobicore
stop servicemanager
stop hwservicemanager
stop keymaster-3-0
stop gatekeeper-1-0
on property:ro.crypto.state=unsupported
stop mobicore
stop servicemanager
stop hwservicemanager
stop keymaster-3-0
stop gatekeeper-1-0
on property:ro.crypto.state=unencrypted
stop mobicore
stop servicemanager
stop hwservicemanager
stop keymaster-3-0
stop gatekeeper-1-0
on property:twrp.decrypt.done=true && property:twrp.all.users.decrypted=true
stop mobicore
stop servicemanager
stop hwservicemanager
stop keymaster-3-0
stop gatekeeper-1-0
可能遇到的问题
Keymaster不加载
解决办法:检查是否存在mcDriverDaemon
1.可能是system/或者vendor/vintf/manifest.xml配置有短缺
解决办法:将vendor/vintf/manifest.xml复制到system/vintf/manifest.xml
2.可能是init.recovery.cpu代号.rc 未加载keymaster 例如:
TEE加载错误-一般不用管他(FDE/FBE 一般不需要手动输入密码来解密data)
检查/vendor/app/mcRegistry