Support for migration from 3.0
There are products based on Tizen 3.0 using different encryption scheme and
footer format. To properly migrate their internal memory encryption key the
flag marking the beginning of an upgrade is left by ode-fota.
During the first device unlock(attempt to mount encrypted partition) after the
upgrade the flag presence is checked. The flag is removed but if it was
present, oded will try to use the product specific key storage plugin to load
the master key for internal encryption.
If it succeeds it will encrypt the master key using given password. Otherwise
it will fall back to normal operation, that is, decrypt the master key using
given password.
Any attempt to decrypt the master key using a password will result in removal
of the upgrade flag.
It is assumed that affected products verify the password prior to passing it to
ode_internal_encryption_set_mount_password().
For unaffected products that do not require the migration it's enough to remove
the flag or the master key stored for the purpose of the upgrade before calling
ode_internal_encryption_set_mount_password(). Note that it is advised to remove
the master key stored for the purpose of the upgrade as soon as possible after
the upgrade due to security reasons. Even if the flag and master key are
present, the encryption introduced in this commit won't break anything as long
as the password is correct.
Change-Id: I86c83366c432aa8ce1d4f25c9beeed98d4f672c3
projects / platform / core / security / ode.git / commit