给TWRP增加Data解密功能(MTK)

是的,你没有看错,给TWRP添加解密功能.

先说一下解密思路:twrp启动——加载servicemanager hwservicemanager vndservicemanager——加载TrustonicTEE(Start mcDriverDaemon)——加载gatekeeper——加载keymaster——TEE解密——读取data

个人总结

下面演示机型Vivo Y97(Vivo V11i)

TWRP Tree:momo54181/android_device_vivo_k71v1_64_bsp at dev (github.com)

设备树配置-BoardConfig.mk

Crypto

TW_INCLUDE_CRYPTO := true # Add加密功能
TW_INCLUDE_CRYPTO_FBE := true # Add FBE加密支持

TW_INCLUDE_FBE := true # Add FBE支持
BOARD_USES_METADATA_PARTITION := true # Add METADATA加密支持
TW_INCLUDE_FBE_METADATA_DECRYPT := true # Add FBE_METADATA加密支持
TW_CRYPTO_FS_TYPE := “ext4” # 分区类型
TW_CRYPTO_REAL_BLKDEV := “/dev/block/platform/bootdevice/by-name/userdata” # data分区地址
TW_CRYPTO_MNT_POINT := “/data” # 挂载到的地址
TW_CRYPTO_FS_OPTIONS := “noatime,nosuid,nodev,noauto_da_alloc,discard,errors=panic” #挂载参数

Test

TWRP_INCLUDE_LOGCAT := true #开启Logcat,方便看log
TARGET_USES_LOGD := true #开启logd,方便看log

Properties

TARGET_SYSTEM_PROP += $(DEVICE_PATH)/system.prop


system.prop-例子

ro.vndk.version=29
ro.mediatek.platform=MT6771
ro.hardware=mt6771
ro.board.platform=mt6771
ro.vendor.mediatek.platform=MT6771
ro.product.manufacturer=vivo
ro.product.vendor.brand=vivo
ro.product.model=vivo
ro.hardware.gatekeeper=k71v1_64_bsp
ro.product.system.device=k71v1_64_bsp
ro.product.vendor.device=k71v1_64_bsp
ro.product.board=k71v1_64_bsp
ro.build.product=k71v1_64_bsp
ro.product.odm.device=k71v1_64_bsp
ro.product.vendor.manufacturer=vivo
ro.product.vendor.model=vivo 1806
ro.mtk_tee_gp_support=1
ro.mtk_microtrust_tee_support=1
ro.mtk_soter_support=1
ro.hardware.kmsetkey=trustonic
ro.vendor.mtk_tee_gp_support=1
ro.vendor.mtk_trustonic_tee_support=1
ro.crypto.volume.filenames_mode=aes-256-cts
ro.crypto.metadata.enabled=true
ro.crypto.support_metadata_encrypt=true

init.recovery.cpu代号.rc(里面的有些东西在init.recovery.***.rc里面,自行复制到init.recovery.cpu代号.rc,不然TWRP大概率不读取)–例子

on init

start servicemanager
start hwservicemanager
start vndservicemanager

on post-fs-data
service servicemanager /system/bin/servicemanager
disabled
user root
seclabel u:r:recovery:s0

service hwservicemanager /system/bin/hwservicemanager
disabled
user root
onrestart setprop hwservicemanager.ready false
writepid /dev/cpuset/system-background/tasks
seclabel u:r:recovery:s0

service vndservicemanager /vendor/bin/vndservicemanager /dev/vndbinder
user root
writepid /dev/cpuset/system-background/tasks
seclabel u:r:recovery:s0

service keymaster-3-0 /vendor/bin/android.hardware.keymaster@3.0-service
disabled
user root
group root drmrpc
seclabel u:r:recovery:s0

service keymaster-4-0 /vendor/bin/android.hardware.keymaster@4.0-service
disabled
user root
group root drmrpc
seclabel u:r:recovery:s0

service vendor.keymaster-4-0-trustonic /vendor/bin/hw/android.hardware.keymaster@4.0-service.trustonic
disabled
user root
group root drmrpc
seclabel u:r:recovery:s0

service vendor.keymaster-3-0-trustonic /vendor/bin/hw/android.hardware.keymaster@3.0-service.trustonic
disabled
user root
group root drmrpc
seclabel u:r:recovery:s0

service gatekeeper-1-0 /vendor/bin/android.hardware.gatekeeper@1.0-service
disabled
user root
group root
seclabel u:r:recovery:s0

#Start Daemon (Registry directories should already be present)

service mobicore /vendor/bin/mcDriverDaemon –P1 /mnt/vendor/persist/mcRegistry
-r /vendor/app/mcRegistry/06090000000000000000000000000000.drbin
-r /vendor/app/mcRegistry/020f0000000000000000000000000000.drbin
-r /vendor/app/mcRegistry/05120000000000000000000000000000.drbin
-r /vendor/app/mcRegistry/020b0000000000000000000000000000.drbin
-r /vendor/app/mcRegistry/05070000000000000000000000000000.drbin
-r /vendor/app/mcRegistry/030b0000000000000000000000000000.drbin
-r /vendor/app/mcRegistry/03100000000000000000000000000000.drbin
-r /vendor/app/mcRegistry/030c0000000000000000000000000000.drbin
-r /vendor/app/mcRegistry/40188311faf343488db888ad39496f9a.drbin
-r /vendor/app/mcRegistry/070c0000000000000000000000000000.drbin
-r /vendor/app/mcRegistry/090b0000000000000000000000000000.drbin
-r /vendor/app/mcRegistry/0f5eed3c3b5a47afacca69a84bf0efad.drbin
-r /vendor/app/mcRegistry/07060000000000000000000000007169.drbin
-r /vendor/app/mcRegistry/07407000000000000000000000000000.drbin
-r /vendor/app/mcRegistry/04020000000000000000000000000000.drbin
-r /vendor/app/mcRegistry/9073f03a9618383bb1856eb3f990babd.drbin
seclabel u:r:recovery:s0

on property:hwservicemanager.ready=true
start vendor.keymaster-3-0-trustonic
start gatekeeper-1-0

on property:ro.crypto.state=unsupported
stop vendor.keymaster-3-0-trustonic
stop gatekeeper-1-0
stop servicemanager
stop hwservicemanager

on property:ro.crypto.state=unencrypted
stop vendor.keymaster-3-0-trustonic
stop gatekeeper-1-0
stop servicemanager
stop hwservicemanager


可能遇到的问题

Keymaster不加载

解决办法:检查是否存在mcDriverDaemon

1.可能是system/或者vendor/vintf/manifest.xml配置有短缺

解决办法:将vendor/vintf/manifest.xml复制到system/vintf/manifest.xml

2.可能是init.recovery.cpu代号.rc 未加载keymaster 例如:

TEE加载错误-一般不用管他(FBE不需要密码来解密data)

检查/vendor/app/mcRegistry

暂时无解