Copy code that can be re-used from the Cuttlefish KeyMint
implementation, specifically from the following directories
under device/google/cuttlefish:
- HAL-side code from guest/hals/keymint/rust/
- TA-side code from host/commands/secure_env/rust/
Create a corresponding pair of libkmr_{hal,ta}_nonsecure libraries here.
The only changes to the copied code are:
- Convert `pub(crate)` to `pub` in `attest.rs`.
- Add some missing doc comments.
- Add comment noting need for SELinux permission to read ro.serialno.
- Add comment noting need for clock to be in sync with Gatekeeper.
(A subsequent CL aosp/2852598 adjusts Cuttlefish so that it uses the
copied modules here, and can remove the original copies.)
In addition to the moved code, the default implementation also needs
a new implementation of a monotonic clock, added here in clock.rs
using `std::time::Instant`.
With the new nonsecure HAL and TA libraries in place, implement the
default KeyMint HAL service using the former, and spin up a single
thread running a nonsecure TA using the latter. Communicate between
the two via a pair of mpsc::channel()s.
Test: VtsAidlKeyMintTargetTest with normal Cuttlefish (all pass)
Test: VtsAidlKeyMintTargetTest with default/nonsecure impl (auth
tests fail, but this is expected as Gatekeeper hasn't moved)
Bug: 314513765
Change-Id: Ia450e9a8f2dc530f79e8d74d7ce65f7d67ea129f
When dumping attestation certificate chains with the --dump_attestations
option, add a separator between distinct chains to make them easier to
analyze.
Bug: 326564087
Test: VtsAidlKeyMintTargetTest
Change-Id: Ife19edfddef6c8cd26de9f9816c3c9bf65cbb929
Since message-ids can be wrapped, they are not safe from
overflow/underflow. Change them to be safe from overflow/underflow.
Bug: 321674574
Change-Id: I39a4baf057fc81389925e0fe358894f62ade9423
The invalid value used for the second IMEI attestation test is
potentially wrong in two ways:
- It doesn't match the provisioned value.
- It's not a valid IMEI, not least because it is longer than 16 bytes.
Make the test value shorter so the second failure doesn't apply and
the test can reliably expect CANNOT_ATTEST_IDS.
Bug: 292959871
Bug: 327123694
Test: VtsAidlKeyMintTargetTest
Change-Id: If8c6b9e08b48e6caf5c767578e1ac43964214619
(cherry picked from commit 0215cb3d3e)
Used ASN1_TIME_to_posix API instead of ASN1_TIME_to_time_t
to avoid integer overflow on 32-bit systems.
Bug: 325853206
Test: vts -m VtsAidlKeyMintTarget
Change-Id: I7a01a521d389482a61ad9974b7e40eaa099c3571
Secretkeeper is expected to advertize its public key to Android via
Device tree node at /avf/reference/avf/ Check that the identity used
during AutGraph key exchange protocol with client is indeed this.
Test: #secretkeeper_check_identity on device with Sk/default instance
enabled
Bug: 291213394
Change-Id: I08815d75410fdd0c76d675c7cc9521abe0cda98b
The audio effects HAL config can vary between different
CF "flavors" and thus must not belong to VAPEX. This is
consistent with handling of audio policy configuration files.
Bug: 318423731
Test: run `atest audioeffect_tests` on cf_x86_64_auto-trunk_staging-userdebug
Change-Id: I0f4ee9a44a3426934f6a055fc8c9ce74a8db78fc
Added test to apply level, mute and unmute input.
Added test to verify decreasing volume levels.
Bug: 305866207
Test: atest VtsHalVolumeTargetTest
Change-Id: Ie105a3bb77255da61719d042cbd5abc23c405d93
am skip reason: Merged-In Ifec617520db20d1ef61f1eca63b7160d9191f446 with SHA-1 9f215110bf is already in history
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2968162
Change-Id: I36b7231ee61323fb19280095c1dd777cdafcb1ec
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
am skip reason: Merged-In Ifec617520db20d1ef61f1eca63b7160d9191f446 with SHA-1 9f215110bf is already in history
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2968162
Change-Id: Iff89de6cef5511d27b32ca4a3431c387721d13b1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This change updates the VTS to exempt TV devices that consume <= 2W of
standby power from APF requirements. This update aligns with latest GTVS
policy.
Bug: 306587099
Test: TH
(cherry picked from https://android-review.googlesource.com/q/commit:9f215110bf524e3bf1d2fb591a724623e11423bc)
Merged-In: Ifec617520db20d1ef61f1eca63b7160d9191f446
Change-Id: Ifec617520db20d1ef61f1eca63b7160d9191f446
