Because Keystore2 always requires valid auth tokens for user keys, this
copies and extends the existing in-guest GateKeeper implementation to
negotiate a shared secret key with Keymint in order to generate a
session key for signing auth tokens.
This implementation also uses AIDL rather than HIDL to interact with the
framework. It's also packaged in an APEX.
The files are cobbled together from a few sources:
- SoftGateKeeper.h is based on hardware/interfaces/gatekeeper/1.0/software/SoftGateKeeper.h
- GateKeeper.{cpp,h} are based on device/google/cuttlefish/guest/hals/gatekeeper/remote/remote_gatekeeper.{cpp,h}
- SharedSecret.{cpp,h} are based on device/google/cuttlefish/guest/hals/keymint/remote/remote_shared_secret.{cpp,h}
- Apex files are based on device/google/cuttlefish/guest/hals/keymint/rust/
Keymint modifications to use BOOT_TIME are lifted from
https://android-review.git.corp.google.com/c/platform/hardware/interfaces/+/2856649/6..8/security/keymint/aidl/default/ta/clock.rs#38
Bug: 332376454
Change-Id: I81845d5e6370bdddb1a24d67437964e03a5fb243
Test: Run with rust-nonsecure keymint on Cuttlefish
inotify event size is dynamic, we need to make sure read would not
return error when having inotify event.
Bug: 333829392
Test: manual check `Invalid argument` error won't happen
Change-Id: I3cac8d1519659c6b1b53c1d41013818adab876c7
Limit the connection types to test to the following:
- HDMI*
- IP_V4
- USB
Only these connection types can be easily checked by the HAL
for presence of an external device.
Bug: 326888643
Test: atest VtsHalAudioCoreTargetTest
Change-Id: I659e14a150b3043ead8d844cd89a2c4700d57efd
Adding a key parameter to deriveDicePolicyBoundKey to use it
as the base of the derived key.
Bug: 284152719
Test: qemu android build
Change-Id: Iab3ee341825f01345996bde3b0b62037e4ec45da
Adding a function to HWCryptoKey AIDL definition to derive a key given
another. This will be used with deriveDicePolicyBoundKey to create
device bound keys.
Bug: 284152719
Test: qemu android build
Change-Id: Ie1e8552846df73325c2428471ca007fca217b675
Adding deriveDicePolicyBoundKey function AIDL definition. It
will derive a new key based on a DICE policy
Bug: 284152719
Test: qemu android build
Change-Id: Ie9d5a1233b4aad07fe55cdc522de0cc057d3bec3
Add test paths for HALs that are RKP-only so that they may pass tests.
Fix up a few tests that were just being skipped for RKP-only HALs.
Test: ran VTS against cuttlefish with no factory key
Bug: 329409739
Change-Id: I5400874dd2f9885c061970a30ea44985353d23ed
The latest OpenThread has updated the usage of the platform log APIs.
This CL updates the log APIs usages and implementations.
Bug: b/333301206
Test: Run ThreadNetwork HAL and check logs.
Change-Id: I0c0999edbed1c041e2752d195e753d02b2c734f4
As of VNDK deprecation, any libraries that defines vndk is no longer
valid anymore. This change removes all VNDK definition(s) from modules
which was VNDK.
Bug: 328994089
Test: AOSP CF build succeeded
Change-Id: Ifdade9c052db29c989ce7d804ba725361c4c0f8e
Merged-In: Ic4f19113c1a25dc1fb60cdfbf9c0f2d8d7d09726
error: field `0` is never read
--> hardware/interfaces/security/keymint/aidl/default/main.rs:38:24
|
38 | struct HalServiceError(String);
| --------------- ^^^^^^
| |
| field in this struct
|
= note: `HalServiceError` has derived impls for the traits `Clone` and `Debug`, but these are intentionally ignored during dead code analysis
= note: `-D dead-code` implied by `-D warnings`
= help: to override `-D warnings` add `#[allow(dead_code)]`
help: consider changing the field to be of unit type to suppress this warning while preserving the field numbering, or remove the field
|
38 | struct HalServiceError(());
| ~~
error: aborting due to 1 previous err
Bug: http://b/330185853
Test: ./test_compiler.py --prebuilt-path dist/rust-dev.tar.xz --target aosp_cf_x86_64_phone --image
Change-Id: I57f3bd1d702c97929f5fd34f909aa72aa2f2ba02
This will make it easier to swap in and out with the Cuttlefish remote
implementation.
Bug: 331474817
Test: m com.android.hardware.keymint.rust_nonsecure
Change-Id: I0e9a350b62a90ef6126db109195e19b4181d0cf8
Base AIDL definitions for command processing interface. The entry point
to the interface is IHwCryptoOperations.aidl.
Bug: 284152719
Test: qemu android build
Change-Id: Id11b165dac07c9f73be30805f0d611a22fc5f3ff
If HIDL is not supported on the device, don't expect to be able to
register the HIDL service.
Test: atest fmq_test
Bug: 218588089
Change-Id: I1764b26f06ef8f280f719d8ab44db2ebfe562944
The tuner vts will read the system property
ro.vendor.vts_tuner_configuration_variant as the suffix of the config
file to read. Vendor who wants to support multiple region for a single
SoC need to put all VTS config with different suffix as
/vendor/etc/tuner_vts_config_aidl_V1.{suffix}.xml on device.
Bug: 322899156
Test: atest VtsHalTvTunerTargetTest
Change-Id: I1f76d700671c07bc90965fba94f96b8be47198d7
