30196cf77c
Copy code that can be re-used from the Cuttlefish KeyMint
implementation, specifically from the following directories
under device/google/cuttlefish:
- HAL-side code from guest/hals/keymint/rust/
- TA-side code from host/commands/secure_env/rust/
Create a corresponding pair of libkmr_{hal,ta}_nonsecure libraries here.
The only changes to the copied code are:
- Convert `pub(crate)` to `pub` in `attest.rs`.
- Add some missing doc comments.
- Add comment noting need for SELinux permission to read ro.serialno.
- Add comment noting need for clock to be in sync with Gatekeeper.
(A subsequent CL aosp/2852598 adjusts Cuttlefish so that it uses the
copied modules here, and can remove the original copies.)
In addition to the moved code, the default implementation also needs
a new implementation of a monotonic clock, added here in clock.rs
using `std::time::Instant`.
With the new nonsecure HAL and TA libraries in place, implement the
default KeyMint HAL service using the former, and spin up a single
thread running a nonsecure TA using the latter. Communicate between
the two via a pair of mpsc::channel()s.
Test: VtsAidlKeyMintTargetTest with normal Cuttlefish (all pass)
Test: VtsAidlKeyMintTargetTest with default/nonsecure impl (auth
tests fail, but this is expected as Gatekeeper hasn't moved)
Bug: 314513765
Change-Id: Ia450e9a8f2dc530f79e8d74d7ce65f7d67ea129f
|
||
|---|---|---|
| .. | ||
| aidl | ||
| support | ||
| README.md | ||
| TEST_MAPPING | ||
KeyMint HAL
This directory contains the HAL definition for KeyMint. KeyMint provides cryptographic services in a hardware-isolated environment.
Note that the IRemotelyProvisionedComponent HAL, and it's associated types,
used to also be defined in this directory. As of Android U, this HAL has been
moved to a different directory (../rkp). This move is ABI compatible, as the
interfaces have been maintained. The build is split so that the generated
code may be built with different options.