Customize /system mountpoint on Android

Question

I'm trying to change a Nexus 5 to use dm-verity module. For that I need to:

1. invoke an utility called veritysetup during boot before /system is mounted;
2. (this utility will will create a new device called /dev/mapper/devname);
3. let /system be mounted on /dev/mapper/devname, not the actual partition.

It looks like the mountpoint is configured on fstab.hammerhead (device/lge/hammerhead). In fact I have another mod working by changing this file. So this seams like the easy part.

I know some filesystems are mounted by init.c (system/core/init), like /dev and /proc, and some are mounted on init.hammerhead (system/core/rootdir), like /acct. But I can find where the request to mount /system is.

Any ideas?

Answer 1

That's not the correct way to do it. To use dm-verity we need to:

1. build android using "user" build type (default is "eng");
2. change fstab to include "verify" keyword on fs_mgr_flags.

So, when Android the vold module will find the verity flag and will create the mapper device.

If the system image has a signed hash table and precomputed hash and the root image has the public key everything should just work. We should find that the system partition was mounted on /dev/block/dm-0 instead of /dev/block/platform/msm_sdcc.1/by-name/system and is being verified while being read.