tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Test for bootloader state" am: eb94a4f9ef am: e1c1abb059

Browse source 
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2514097

Change-Id: I78c2cc0f362a14f5d6ad64d59eebdeffeb784010
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Tri Vo 2023-04-12 17:24:54 +00:00 committed by Automerger Merge Worker
commit cd06c1740a
2 changed files with 87 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
security/keymint/aidl/vts/functional/Android.bp
View file

@ -63,6 +63,7 @@ cc_test {
srcs: [
"AttestKeyTest.cpp",
"AuthTest.cpp",
"BootloaderStateTest.cpp",
"DeviceUniqueAttestationTest.cpp",
"KeyBlobUpgradeTest.cpp",
"KeyMintTest.cpp",

86
security/keymint/aidl/vts/functional/BootloaderStateTest.cpp Normal file
View file

@ -0,0 +1,86 @@
/*
* Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#define LOG_TAG "keymint_1_bootloader_test"
#include <memory>
#include <optional>
#include <string>
#include <vector>
#include <android/binder_manager.h>
#include <remote_prov/remote_prov_utils.h>
#include "KeyMintAidlTestBase.h"
namespace aidl::android::hardware::security::keymint::test {
using ::android::getAidlHalInstanceNames;
using ::std::string;
using ::std::vector;
// Since this test needs to talk to KeyMint HAL, it can only run as root. Thus,
// bootloader can not be locked.
class BootloaderStateTest : public testing::TestWithParam<std::string> {
public:
virtual void SetUp() override {
::ndk::SpAIBinder binder(AServiceManager_waitForService(GetParam().c_str()));
keyMint_ = IKeyMintDevice::fromBinder(binder);
ASSERT_TRUE(keyMint_) << "Failed to get KM device";
}
std::shared_ptr<IKeyMintDevice> keyMint_;
};
// Check that attested bootloader state is set to unlocked.
TEST_P(BootloaderStateTest, IsUnlocked) {
// Generate a key with attestation.
AuthorizationSet keyDesc = AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(EcCurve::P_256)
.AttestationChallenge("foo")
.AttestationApplicationId("bar")
.Digest(Digest::NONE)
.SetDefaultValidity();
KeyCreationResult creationResult;
auto kmStatus = keyMint_->generateKey(keyDesc.vector_data(), std::nullopt, &creationResult);
ASSERT_TRUE(kmStatus.isOk());
vector<Certificate> key_cert_chain = std::move(creationResult.certificateChain);
// Parse attested AVB values.
const auto& attestation_cert = key_cert_chain[0].encodedCertificate;
X509_Ptr cert(parse_cert_blob(attestation_cert));
ASSERT_TRUE(cert.get());
ASN1_OCTET_STRING* attest_rec = get_attestation_record(cert.get());
ASSERT_TRUE(attest_rec);
vector<uint8_t> key;
VerifiedBoot attestedVbState;
bool attestedBootloaderState;
vector<uint8_t> attestedVbmetaDigest;
auto error = parse_root_of_trust(attest_rec->data, attest_rec->length, &key, &attestedVbState,
&attestedBootloaderState, &attestedVbmetaDigest);
ASSERT_EQ(error, ErrorCode::OK);
ASSERT_FALSE(attestedBootloaderState) << "This test runs as root. Bootloader must be unlocked.";
}
INSTANTIATE_TEST_SUITE_P(PerInstance, BootloaderStateTest,
testing::ValuesIn(getAidlHalInstanceNames(IKeyMintDevice::descriptor)),
::android::PrintInstanceNameToString);
} // namespace aidl::android::hardware::security::keymint::test