beryllium: fstab: Switch to FBE as default encryption method

* Switching to a different encryption method as FBE, which has no support to encrypt existing files, requires users to format /data completely. However, we are able to retain FDE functionality on already encrypted devices by setting encryptable=footer fstab entry. * This commit switches the default encryption to FBE on non-encrypted devices. * FDE support should be completely dropped in the next version of Android. Change-Id: Id7528f11e18284dae39b7844d23129973683477e
PotatoDevices · Jan 30, 2021 · 76b7dd2 · 76b7dd2
1 parent 54076c6
commit 76b7dd2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rootdir/etc/fstab.qcom b/rootdir/etc/fstab.qcom
@@ -7,7 +7,7 @@
 #       /proc/device-tree/firmware/android/fstab/vendor
 
 #<src>                                      <mnt_point>             <type>  <mnt_flags and options>                                                                           <fs_mgr_flags>
-/dev/block/bootdevice/by-name/userdata       /data                   ext4    noatime,nosuid,nodev,barrier=0,noauto_da_alloc                                                    wait,check,encryptable=footer,quota
+/dev/block/bootdevice/by-name/userdata       /data                   ext4    noatime,nosuid,nodev,barrier=0,noauto_da_alloc                                                    latemount,wait,check,fileencryption=ice,quota,encryptable=footer
 /dev/block/bootdevice/by-name/modem          /vendor/firmware_mnt    vfat    ro,shortname=lower,uid=0,gid=1000,dmask=227,fmask=337,context=u:object_r:firmware_file:s0         wait
 /dev/block/bootdevice/by-name/dsp            /vendor/dsp             ext4    ro,nosuid,nodev,barrier=1                                                                         wait
 /dev/block/bootdevice/by-name/persist        /mnt/vendor/persist     ext4    noatime,nosuid,nodev,barrier=1                                                                    wait