When we forget a volume, forget per-volume key Protect all per-volume-per-user keys with a per-volume key, which is forgotten when the volume is forgotten. This means that the user's key is securely lost even when their storage is encrypted at forgetting time. Bug: 25861755 Test: create a volume, forget it, check logs and filesystem. Change-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378

commit: 26a53888a4efa4a966db189dd0b614f7573b2760 [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Thu Oct 26 11:16:39 2017 -0700
committer: Paul Crowley <paulcrowley@google.com> Thu Oct 26 12:19:09 2017 -0700
tree: e9dd12e8c9013fae4064fc073243888cf1f9b58b
parent: c6433a299df633c45d714a20fe3672b9b86d9312 [diff] [blame]
diff --git a/KeyStorage.h b/KeyStorage.h
index 655cd17..786e5b4 100644
--- a/KeyStorage.h
+++ b/KeyStorage.h

@@ -44,6 +44,9 @@
 // Checks if path "path" exists.
 bool pathExists(const std::string& path);
 
+bool createSecdiscardable(const std::string& path, std::string* hash);
+bool readSecdiscardable(const std::string& path, std::string* hash);
+
 // Create a directory at the named path, and store "key" in it,
 // in such a way that it can only be retrieved via Keymaster and
 // can be securely deleted.
commit	26a53888a4efa4a966db189dd0b614f7573b2760	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Thu Oct 26 11:16:39 2017 -0700
committer	Paul Crowley <paulcrowley@google.com>	Thu Oct 26 12:19:09 2017 -0700
tree	e9dd12e8c9013fae4064fc073243888cf1f9b58b
parent	c6433a299df633c45d714a20fe3672b9b86d9312 [diff] [blame]