Introduce a field to the configuration descriptor that provides a
standard semantically-defined version number rather than the
vendor-defined component version which acts more like a build ID.
Test: n/a
Bug: 298580435
Bug: 282205139
(cherry picked from https://android-review.googlesource.com/q/commit:0d520e8e1751fde5a3207c6f27be88a8bbc245dc)
Merged-In: Idb0c991ab12ae75687236f2489e639e4422a0225
Change-Id: Idb0c991ab12ae75687236f2489e639e4422a0225
The original change to add this test didn't make it into the Android 13
version of the VTS test, so the version gate needs to be updated to be
v3+
Bug: 292318194
Test: VtsAidlKeyMintTargetTest --gtest_filter="*EcdsaMissingCurve*"
(cherry picked from https://android-review.googlesource.com/q/commit:9ed7d2c5bfa3958ef399567e12d84a3f67f0cb80)
Merged-In: I94bf816688e57c7c04893a23cf0399129de94229
Change-Id: I94bf816688e57c7c04893a23cf0399129de94229
It turns out we had a bug (b/263844771) in how RKP support was
detected, and that was fixed. However, due to this bug, some S chipests
shipped without RKP support which is now required by the tests.
This change drops the RKP requirement from S chipsets. There should be
no new S chipsets, so this effectively grandfathers in the previous
ones that were skipped by the RKP VTS tests.
T+ tests (both VTS and other suites) will verify that RKP support is
there, so there is no gap introduced by this change.
Bug: 297139913
Test: VtsAidlKeyMintTargetTest
(cherry picked from https://android-review.googlesource.com/q/commit:8be875e0d0c18b8de67744c8b9629f2ff518dd60)
Merged-In: I387e5f058ada698747aac103c1745682291f2d1c
Change-Id: I387e5f058ada698747aac103c1745682291f2d1c
When deliberately testing invalid ID attestation, use the helper
function (which checks the error return code is correct) in one more
place.
Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I6ea5bd7ee19b3b172330117bfde1b16745debba7
(cherry-picked from commit c68dc93788)
Merged-In: I6ea5bd7ee19b3b172330117bfde1b16745debba7
Generalize the existing helper function to allow more variants.
Remove a couple of pointless invocations of the existing helper.
Bug: 286733800
Test: VtsAidlKeyMintTargetTest
(cherry picked from https://android-review.googlesource.com/q/commit:f42238c99ffe0df2e51cec84a96ed859a878b2b0)
Merged-In: Ic01c53cbe79f55c2d403a66acbfd04029395c287
Change-Id: Ic01c53cbe79f55c2d403a66acbfd04029395c287
Generalize the existing helper function to allow more variants.
Manual cherry-pick of aosp/2627969 combined with aosp/2648423 to avoid
merge conflicts
Bug: 286733800
Test: VtsAidlKeyMintTargetTest
Merged-In: Ic01c53cbe79f55c2d403a66acbfd04029395c287
Merged-In: I0dcac312ac4516a078b2742721e3a19074da52b1
Change-Id: I328f7b3195d4b4dd1ed1da17377696261094ea76
Strongbox may not support 1024 bit key size for RSA.
So in NoUserConfirmation test updated the key size to
2048 so that the test works for both TEE and Strongbox.
Bug: 280117495
Test: run VtsAidlKeyMintTarget
(cherry picked from https://android-review.googlesource.com/q/commit:ce2bebdd79cf7536b06c2d67cdee8867475a3b10)
Merged-In: I32bb28001aca9b69eedb1bd3d0bcff43052d06e4
Change-Id: I32bb28001aca9b69eedb1bd3d0bcff43052d06e4
Updated the BootLoaderStateTest for strongbox implementations which
do not support factory attestation.
Bug: 255344624
Test: vts -m VtsAidlKeyMintTarget
Change-Id: I8fe176a18fc0b9e2b2d0b012b7b63124d15c9e2f
Merged-In: I8fe176a18fc0b9e2b2d0b012b7b63124d15c9e2f
The Open Profile for DICE give possible guidelines on the requirements
for the DICE mode but Android needs those to be strictly specified.
Fix: 263144485
Test: n/a
(cherry picked from https://android-review.googlesource.com/q/commit:ed74a681ebf859f2652a4bbbd669f6000243aee9)
Merged-In: Ia5fc937654504199cabf4709f1c15484242e0161
Change-Id: Ia5fc937654504199cabf4709f1c15484242e0161
It's already documented that IRPC v3 doesn't make use of test mode keys
however VTS still required support for their generation. Fix this and
simplify implementation of the v3 HAL by expecting an error in all cases
that the deprecated test mode keys are seen.
IRPC v3 also fully deprecated the EEK meaning a v3 implementation must
unconditionally report CURVE_NONE for supportedEekCurve.
The VTS tests are enhanced with contextual version constants rather than
reusing constants with seemingly unrelated names.
Bug: 278013975
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
(cherry picked from https://android-review.googlesource.com/q/commit:f2ae193680d6f02a2394423f805aadd13a7d152b)
Merged-In: I5709a0b1cd77eb28e677f64bb781fad58d91570a
Change-Id: I5709a0b1cd77eb28e677f64bb781fad58d91570a
No tests are instantiated if KeyMint is present on the the device.
Explicitly allow that.
Bug: 277975776
Test: VtsAidlKeyMintTargetTest
Change-Id: I88f1c0a81f36d198dabcb1420b62a00bacdbb6e7
Enable some tests that are bypassed on strongbox implementation.
Bug: 262255219
Test: VtsAidlKeyMintTargetTest
Change-Id: I548bddcd16c0a1ee1c1cb8266d4d99dbdff3d39b
Following feedback from partners, allow the component version in the
configuration descriptor to be either an int or a string.
Bug: 273552826
Test: n/a
Change-Id: Iecc9889592a2e634a3b9e40f14347b231b703c60
The DICE chain specification changes slightly between VSR versions so
the VSR is used to select the set of validation rules that should be
applied.
Test: TH
Change-Id: I3697279d9348705a0279736c61e8333720321214
Deprecate the CSR format from v1 and v2 of the HAL, again. The older CSR
versions were allowed in order to ease migration from the
RemoteProvisioner app over to rkpd and that has now been completed.
Bug: 260920864
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I4d16eb64e4ffe602b4b252159202a4ddb56d63d7
RKP allows 0 ~ 64 byte challenge to be provided.
Test it by several different size inputs.
Bug: 272392463
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I488c75745dc68778ff6d862506a5beeec82f7ac1
