tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "KeyMint: more warnings around non-secure test impl" into main

Browse source
This commit is contained in:
David Drysdale 2024-04-29 07:25:08 +00:00 committed by Gerrit Code Review
commit b2adc861ee
2 changed files with 21 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
security/keymint/aidl/default/Android.bp
View file

@ -7,6 +7,13 @@ package {
default_applicable_licenses: ["hardware_interfaces_license"], default_applicable_licenses: ["hardware_interfaces_license"],
} }
// The following target has an insecure implementation of KeyMint where the
// trusted application (TA) code runs in-process alongside the HAL service
// code.
//
// A real device is required to run the TA code in a secure environment, as
// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
// isolated execution environment."
cc_binary { cc_binary {
name: "android.hardware.security.keymint-service", name: "android.hardware.security.keymint-service",
relative_install_path: "hw", relative_install_path: "hw",
@ -46,6 +53,13 @@ cc_binary {
], ],
} }
// The following target has an insecure implementation of KeyMint where the
// trusted application (TA) code runs in-process alongside the HAL service
// code.
//
// A real device is required to run the TA code in a secure environment, as
// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
// isolated execution environment."
rust_binary { rust_binary {
name: "android.hardware.security.keymint-service.nonsecure", name: "android.hardware.security.keymint-service.nonsecure",
relative_install_path: "hw", relative_install_path: "hw",

10
security/keymint/aidl/default/main.rs
View file

@ -17,11 +17,15 @@
//! Default implementation of the KeyMint HAL and related HALs. //! Default implementation of the KeyMint HAL and related HALs.
//! //!
//! This implementation of the HAL is only intended to allow testing and policy compliance. A real //! This implementation of the HAL is only intended to allow testing and policy compliance. A real
//! implementation **must be implemented in a secure environment**. //! implementation **must implement the TA in a secure environment**, as per CDD 9.11 [C-1-1]:
//! "MUST back up the keystore implementation with an isolated execution environment."
//!
//! The additional device-specific components that are required for a real implementation of KeyMint
//! that is based on the Rust reference implementation are described in system/keymint/README.md.
use kmr_hal::SerializedChannel; use kmr_hal::SerializedChannel;
use kmr_hal_nonsecure::{attestation_id_info, get_boot_info}; use kmr_hal_nonsecure::{attestation_id_info, get_boot_info};
use log::{debug, error, info}; use log::{debug, error, info, warn};
use std::ops::DerefMut; use std::ops::DerefMut;
use std::sync::{mpsc, Arc, Mutex}; use std::sync::{mpsc, Arc, Mutex};
@ -62,7 +66,7 @@ fn inner_main() -> Result<(), HalServiceError> {
error!("{}", panic_info); error!("{}", panic_info);
})); }));
info!("Insecure KeyMint HAL service is starting."); warn!("Insecure KeyMint HAL service is starting.");
info!("Starting thread pool now."); info!("Starting thread pool now.");
binder::ProcessState::start_thread_pool(); binder::ProcessState::start_thread_pool();