Improve the documentation and tests related to device-unique
attestation on StrongBox KeyMint devices:
* Test that the chain produced is exactly of length 2.
* Document how the chain needs to be structured.
* Explain the trust properties of the key used for the
self-signed root.
Test: atest VtsAidlKeyMintTargetTest
Bug: 187803288
Change-Id: I09bb16d6938b567c114485d2df00bde9d3e1ccf9
This primarily updates CDDL to allow for OEMs who wish to use P256
instead of Ed25519 to do so. One structural change of note that affects
all implementors is that SignedMacAad now includes the tag from the
COSE_Mac0 of MacedKeysToSign to prevent a potential vulnerability that
would exist if an attacker compromised the server's EEK private key.
Bug: 189018262
Test: Purely a comment change
Change-Id: I043a19c6aba0f771315d45c04ab5263b610b5de8
Merged-In: I043a19c6aba0f771315d45c04ab5263b610b5de8
This fixes up the tests to go along with the change to the signature
of the MAC key. Primarily, this adds the MAC tag from the MACing
operation over the public key set to be signed into the AAD of the
signature of said MAC key.
Bug: 189018262
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ibdcf242e0ae73dee1a08fe98d939130055e4492e
Merged-In: Ibdcf242e0ae73dee1a08fe98d939130055e4492e
The cppcose_rkp library was updated to generate MAC via callback instead
of passing keys around to allow for stronger MAC key protection.
Bug: 182928606
Test: VtsHalRemotelyProvisionedComponentTargetTest
Test: RemoteProvisionerUnitTests
Change-Id: Ia8a0410408fe3064e904c5282b52f172f8134b9a
Merged-In: Ia8a0410408fe3064e904c5282b52f172f8134b9a
If these HALs aren't present on the device, then the test runner will
fail due to test binary trying to dynamically link to libs that aren't
present. Statically linking them will allow the test to fail gracefully
when the test harness sees that the HAL interfaces aren't available on
device.
Fixes: 184797684
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I0f8dea081a51256cfb0e50d6af20038e2b8f1f07
Merged-In: I0f8dea081a51256cfb0e50d6af20038e2b8f1f07
The error is on property kernel_configs, but it is described as being on
kernel_config.
Bug: N/A
Test: N/A
Change-Id: Ifa58ac370775d5b5d01860be446bc961f52f667f
The current matrix is left in this same CL because this way, downstream
modifications to the current CL will automatically get absorbed into the
level 7 compatibility matrix. A CL on top of this will disable the 7
matrix and then get reverted in the aosp/master..goog/master merge
path.
WARNING: this is not actually the Android S compatibility matrix in this
CL, but rather the AOSP current matrix copied into
compatibility_matrix.6.xml. The actual S compatibility matrix is not
released on AOSP yet. However, this is the parts of it which are
available on AOSP, added here in order to allow Android T development
in a way that will merge happily downstream.
Bug: 178221726
Test: boot device, vts_treble_vintf_vendor_test
Test: inspect matrix by diffing matrix with old matrix using:
m analyze_matrix &&
system/libvintf/analyze_matrix/hals_for_release.py
Change-Id: Id83986fc5089eefc2292f0042753f739f4e01a44
(cherry picked from commit 86a518cfa6)
Merged-In: Id83986fc5089eefc2292f0042753f739f4e01a44
- clarify & test BIGNUM spec
- allow alternative return codes when requesting device unique
attestation
- use specific error for early boot import failure
- test more early boot key scenarios (in post-early-boot mode)
Test: VtsAidlKeyMintTargetTest
Change-Id: I70a342084a29144aef1ed0ff80fec02cc06ffbc0
When device is configured as single SIM device, skip
VTS on 2nd vendor radio service instance.
Fix: 187998097
Test: atest VtsHalRadioV1_6TargetTest
Merged-In: Ib634b22dd75f10e5059c9482764ca481184162be
Change-Id: Ib634b22dd75f10e5059c9482764ca481184162be
(cherry picked from commit efb934b15a)
