Commit graph

142 commits

Author SHA1 Message Date
Wenhao Wang
469e388e47 trusty:storageproxyd: Fix in_cdb.length setting on send_ufs_rpmb_req
The in_cdb.length (ALLOCATION_LENGTH) must be set in order to send
SECURITY PROTOCOL IN command.

Bug: 143636526
Test: Trusty storage tests
Change-Id: Ie4252e9b19c05825c895ec07f8c9684ae456f6c9
2020-06-12 15:30:08 -07:00
Kenny Root
15351dcf60 Use <fqname> to avoid conflicts
The newer way of specifying the interface is using <fqname> and it also
has the handy side-effect of not causing conflicts when we add the
strongbox implementation to devices.

Test: make # check $OUT for the correct manifest
Change-Id: If8333814723261c4f3de375861ee19a6d922d55f
2020-04-14 14:37:24 -07:00
Matthew Maurer
1010727a48 trusty: keymaster: Remove legacy support
Library based HALs have been deprecated for several years now, and
Keymaster 2 based testing is woefully out of date compared to running
VTS against the modern 3.0 and 4.0 implementations.

Purging these modules and their resulting dependencies will make it
easier for the central system/keymaster repository to move forwards.

Test: mm
Bug: 150239636
Change-Id: Ic2ddbe685a50e65f9db25f682ad33105195efa8a
2020-02-26 00:43:23 +00:00
Treehugger Robot
a78d0cb735 Merge "First working version of the confirmationui HAL service" 2020-01-21 16:40:03 +00:00
Janis Danisevskis
8fe0cfb098 First working version of the confirmationui HAL service
This implementation does not provide any security guaranties.
 * The input method (NotSoSecureInput) runs a crypto protocols that is
   sufficiently secure IFF the end point is implemented on a trustworthy
   secure input device. But since the endpoint is currently in the HAL
   service itself this implementation is not secure.
 * This implementation provides most of the functionality, but not the
   secure UI infrastructure required to run Android Protected
   Confirmation.

Bug: 146078942
Test: VtsHalConfirmationUIV1_0TargetTest
Change-Id: I14717b5fa4ef15db960cdd506b8c6fe5369aec8d
2020-01-17 16:34:48 -08:00
Steven Moreland
e40e4270e8 remove deprecated bp 'subdirs'
noticed some, so thought I would remove them everywhere here

Bug: N/A
Test: N/A
Change-Id: I2978673b158d6c253914ea22f7f0129e446a5f91
2020-01-14 12:18:40 -08:00
Wenhao Wang
d363769dcf Merge "trusty:storageproxyd: Add ufs to parse_dev_type" 2020-01-04 00:10:57 +00:00
Wenhao Wang
3bf07c27de trusty:storageproxyd: Add ufs to parse_dev_type
Modify parse_dev_type function to accept new dev_type argument "ufs".

Bug: 143636526
Test: Trusty storage tests
Change-Id: I9524fd4cb9619b5ce1f4f46e87f1890f84f4d2f3
2020-01-03 13:47:57 -08:00
Matthew Maurer
17785fd185 trusty: storageproxyd: Fix rebase of UFS support
The UFS support got rebased on top of the RPMB socket support
improperly. As a result, RPMB socket support was broken due to an
unconditional rmpb_fd = rc which would set the rpmb_fd to be connect()'s
error code in the case of an RPMB socket.

Bug: 146903427
Test: Boot Trusty+Android with the rpmb_dev mock, check for liveness
Change-Id: Ib1220dc49392f1a10369eed7716e44680bd83a66
2019-12-26 15:03:45 -08:00
Wenhao Wang
ce2f1a4761 Add storageproxyd UFS support
This CL enables storageproxyd to run on UFS device.
The proxy prepares and sends SECURITY PROTOCOL IN/OUT commands to UFS
device.

Bug: 143636526
Test: Trusty storage tests
Change-Id: Ibe16578c12b978c9a95deccfb1873081e8d0e994
2019-12-20 15:44:51 -08:00
Matthew Maurer
503ea0e231 Add support for mocked RPMB
When developing, it may be preferable to operate on a device which does
not have a real RPMB storage, or which is unprovisioned. This CL allows
the rpmb_dev program to act as a daemon serving a fixed key, and for
storageproxyd to speak to rpmb_dev's socket rather than an actual rpmb
device or a virtual rpmb device.

Test: Trusty Gatekeeper VTS
Change-Id: I19b2b143fffb8e68e4a028d00eaf5cd1928e12f6
2019-11-27 14:41:16 -08:00
Treehugger Robot
8578a8a8ec Merge "trusty-ut-ctrl: link statically to libtrusty" 2019-10-31 23:03:54 +00:00
Matthew Maurer
d35f685a7c Update OWNERS based on Trusty team membership
Change-Id: Iafad614b6568e53209752b1c45f0f0209c95684b
2019-10-31 13:32:20 -07:00
Tri Vo
8b1e934555 trusty-ut-ctrl: link statically to libtrusty
Removes the need to push libtrusty.so to run trusty-ut-ctrl binary.

Test: m trusty-ut-ctrl
Change-Id: I19c2957d3eb1dc165e13f2ce5560fe31ea9a2469
2019-10-28 14:54:06 -07:00
Matthew Maurer
dfad089dad Merge "Provide VINTF for Trusty Keymaster" 2019-09-10 19:09:04 +00:00
Matthew Maurer
c649ca538d Provide VINTF for Trusty Keymaster
This makes it easier to add or remove the Trusty keymaster service from
a device by providing a manifest fragment to add whenever it is enabled.

Test: Keymaster VTS, Keystore CTS (sans attestation)
Change-Id: Ib0f5fd7c016c0c18d77c9d2623c89f3b35ba7ad7
2019-09-09 23:23:45 +00:00
Matthew Maurer
3d1023e50d Inject auth token into tags
The reference keymaster at system/keymaster still expects to receive its
auth tokens in the tags, rather than as a separate parameter. This
change injects the separate parameter passed to the KM4 HAL as a legacy
tag in the request.

Longer term, system/keymaster should support a separate authToken
parameter, and it should be serialized and sent to Trusty separately.

Test: Keymaster VTS + Keystore CTS (sans attestation)
Change-Id: Ie69cbd358504bb7612f7d55158509043cdad4e4e
2019-09-09 16:00:36 -07:00
Steven Moreland
a4eaf64de8 Remove libhwbinder/libhidltransport deps
Since these were combined into libhidlbase.

Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I0bdffced6af52695c0ef98c9dd659348e56f7aa6
2019-09-05 14:17:42 -07:00
Janis Danisevskis
7daa66aa07 Replace legacy trusty gatekeeper HAL with HIDLized version
This patch replaces the legacy libhardware based gatekeeper HAL with a
true HIDL based implementation.

Test: Workes with trusty gatekeeper
Change-Id: I072b0c3fc74523400132aacd34e2f2cac9cf261b
Merged-In: I072b0c3fc74523400132aacd34e2f2cac9cf261b
2019-06-23 11:11:09 -07:00
Matthew Maurer
b321b410ff Trusty Keymaster@4.0
Adds support for proxying V4.0 commands to Trusty and makes 4.0 the
default when including trusty-base.mk.

Bug: 128851722
Test: Keymaster VTS 4.0 + Trusty
Change-Id: I2e2220963996fcb88d6953ee1a58af1b947b857d
2019-05-16 14:19:50 -07:00
Matthew Maurer
b0a8c9520b Enable Trusty Gatekeeper@1.0
Previously we only installed the gatekeeper.trusty.so library, which is
insufficient to actually start Gatekeeper. We now also install the -impl
and -service wrappers.

Bug: 127700127
Test: Gatekeeper 1.0 VTS with Trusty running
Change-Id: Idd8d6a4e1e409c2a712dddfd92d5f9cf6b16b50c
2019-03-19 11:18:38 -07:00
Matthew Maurer
57ba8c58fc Add support for RPMB over VirtIO Serial
In order to test Trusty gatekeeper automatically, the storage proxy
needs to be active inside the emulator. This patch allows storageproxyd
to speak a length-framed RPMB to an external RPMB daemon.

For a concrete example of a daemon speaking this protocol, see rpmb_dev
in the Trusty tree.

Bug: 124277696
Test: Launch storageproxyd with -t virt, use Trusty test infra
Change-Id: I391d4768976f0eb1f3b8df58eefd58fc3a9409cd
2019-03-05 17:25:57 -08:00
Matthew Maurer
30ff1f4177 Clang-format before updating storage proxy
These files were previously not clang-format clean. I am submitting the
clang-format cleanup in its own CL to avoid mixing up the code I'm
adding/adjusting with old code which needed to be reformatted.

Bug: 124277696
Test: m
Change-Id: I8a57ca97925a16bee10b15d2013a5dcf87b0ed15
2019-02-21 15:52:11 -08:00
Treehugger Robot
52ca777e57 Merge "trusty: Avoid unnecessary use of static libtrusty" 2019-01-18 21:54:39 +00:00
Matthew Maurer
178c56a1ba trusty: Avoid unnecessary use of static libtrusty
Test: manual
Change-Id: I9e57118b6cc8c24d9ec7a5c34413c196bbba5b51
2019-01-04 12:04:47 -08:00
Michael Ryleev
129fadf051 trusty: Add trusty unittest control utility
It is designed to connect to user specified port and
implements unittest logging protocol supported by
typical unittest ap running on Trusty side.

Test: manual
Change-Id: I6e37ccee9b9e4dde563ef0e4f531b42091cc2bd8
2019-01-04 11:54:26 -08:00
Chih-Hung Hsieh
747eb149d0 Add noexcept to move constructors and assignment operators.
Bug: 116614593
Test: build with WITH_TIDY=1
Change-Id: I5a7461386946ca623ab509609092aa0ac8418b80
2018-10-05 16:43:47 +00:00
Michael Ryleev
bfccad2474 trusty: keymaster3: Modify TrustyKeymaster3Device::update method
Modify TrustyKeymaster3Device::update method to handle the case when
amount of input data received exceeds a maximum amount supported by
underlying transport. In such case, only send an portion of data that
fits and allow higher levels to take care of the rest.

This is not an ideal fix as it is not very efficient for large sets
of data but at least it should work in more cases.

Test: android.keystore.cts
Change-Id: Id7360d0da3b87493193d480fc0c78c65dc1fc51f
2018-09-18 16:12:24 -07:00
Treehugger Robot
d361839b30 Merge "add the impementation of delete_key, delete_all_key for Legacy HAL" 2018-09-11 22:40:31 +00:00
Roberto Pereira
1b4ab72459 trusty: keymaster: remove unnecessary group from trusty KM3 HAL service
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: Ib943a9aa5a0cab27913173a68932db651e991907
2018-09-10 19:19:44 +00:00
Treehugger Robot
d230bcf4b0 Merge "Fix disagreement of client_id/app_data pointer semantic" 2018-09-04 19:43:03 +00:00
Janis Danisevskis
56c533dfd9 Fix disagreement of client_id/app_data pointer semantic
KM1/KM2 implementations should treat nullptr and KeymasterBlob{nullptr, 0}
equally when passed in as client_id or app_data. However, trusty KM1
treats them differently.

Bug: 113110105
Bug: 113084196
Change-Id: Ie0e2b5d60d808e4f7a8e48aeb4c694268f9bc0a1
2018-09-04 19:42:10 +00:00
Yan, Shaopu
764d62e204 add the impementation of delete_key, delete_all_key for Legacy HAL
the new layer (Keymaster2PassthroughContext) will call the related function
operation, however, currently it’s null so it will have null pointer reference
issue and we need to provide them in the keymater legacy HAL.

Bug: 113084196
Change-Id: Id1b0df47c03d341aedc7a0634cb101966143641c
2018-08-24 21:10:50 +00:00
Roberto Pereira
37996b6c67 trusty_keymaster_ipc: Use ALOGV instead of ALOGE for info/debug message
This message was originally ALOGV but got accidentally changed during a
refactoring in 81ebcb1943

Bug:110153632
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: Ibdfa0ab50cb8544c6f23c15049904f1741769647
2018-08-23 15:56:09 -07:00
Roberto Pereira
b5dfc75a32 Switch from old style KM2 HAL to new KM3 HAL
Bug:110153632
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I31b6a66a44eb1a6bf89c6eb6a3c632ace83071a9
2018-08-14 10:49:38 -07:00
Roberto Pereira
2426197400 Add Keymaster 3.0 binderized Trusty HAL
Based on AndroidKeymaster3Device

Test: VtsHalKeymasterV3_0TargetTest
Bug:110153632
Change-Id: I682e5c9823ed3d8d8c0cfde0713ee64f96eab78a
2018-08-14 10:49:38 -07:00
Roberto Pereira
81ebcb1943 Move IPC functionality from trusty_keymaster_device to trusty_keymaster_ipc
This allows the IPC functionality to be used by multiple HAL
implementations

Test: trusty_keymaster_tipc & keystore.trusty compile
Bug: 110153632
Change-Id: I78f273db6f59a417319058113e15e422ece73290
2018-08-08 17:31:18 -07:00
Roberto Pereira
22a3b1f733 Update the Trusty Keymaster directory structure
Added three new directories:
  - include: contains ipc and legacy header files
  - ipc: contains common keymaster IPC code that can be shared between HALS
  - legacy: contains the old style HAL implementation

Test: trusty_keymaster_tipc & keystore.trusty compile
Bug:110153632
Change-Id: I2fdaa9d3d0421a0e359c05807ab5f0a12c5d3996
2018-08-08 17:22:24 -07:00
Roberto Pereira
4f9599e4fe Run clang-format on all trusty/keymaster .cpp and .h files
Test: Compiles
Bug: 110153632
Change-Id: Ib6e1df87d3c3dfd8c507768d9018114a1b962d74
2018-08-08 17:22:24 -07:00
Arve Hjønnevåg
c97372e73b Merge "trusty: tipc_test: Read output and test result from ta2ta_ipc_test"
am: 7b7e416649

Change-Id: I17c82528a7e373dd18137c7c976e868d4718bd5f
2018-07-25 17:24:18 -07:00
Arve Hjønnevåg
7b7e416649 Merge "trusty: tipc_test: Read output and test result from ta2ta_ipc_test" 2018-07-26 00:17:54 +00:00
Elliott Hughes
5ae98112eb Merge "trusty: add the trusty folks to the system/core/trusty/ OWNERS."
am: e663c78d92

Change-Id: I293f21462010e8098b226277636f04b4cd4b02a7
2018-07-25 16:59:03 -07:00
Elliott Hughes
e87aaf9831 trusty: add the trusty folks to the system/core/trusty/ OWNERS.
Bug: N/A
Test: N/A
Change-Id: Icd74a1fa322b4f7bd6a6a4d9e1b375b5598f84b6
2018-07-25 15:01:15 -07:00
Arve Hjønnevåg
b6d6075983 trusty: tipc_test: Read output and test result from ta2ta_ipc_test
Bug: 79993976
Test: tipc-test -t ta2ta-ipc
Change-Id: If30b9acfab035974ddf1bec0e89e530fdeab4b2f
2018-06-29 15:03:25 -07:00
Elliott Hughes
4c33b88c4b Merge "bpfmt." am: 0609e8d231 am: b57755c429
am: a91867a788

Change-Id: Ieb0985434e2464e47b3adb93fb27fe5042e91657
2018-02-20 02:24:45 +00:00
Elliott Hughes
dc699a269f bpfmt.
Bug: N/A
Test: builds
Change-Id: I89ad00e1c4c7e0767bc80a7ac7935a4d55e090ac
2018-02-16 17:58:14 -08:00
Yi Kong
04e5fde33d Merge "Use correct format specifier" am: 370d2e02e0 am: ef44dd2325
am: 53d69290a7

Change-Id: I158f99bdba598d64bc676be4ea4e1c38e6cbcce4
2018-01-03 20:45:03 +00:00
Yi Kong
21c515ad1c Use correct format specifier
Discovered by the upcoming compiler update.

Test: m checkbuild
Change-Id: I8dd4bb711bfa4f4b71a3345a2ee38f689cee5257
2017-12-27 13:42:49 -08:00
TreeHugger Robot
40b150f9d5 Merge "Remove libkeymaster_staging" 2017-12-21 22:10:29 +00:00
Shawn Willden
10ed6fcc85 Add swillden and dkrahn to OWNERS
Test: N/A
Change-Id: I0d3fd54af475ee9184eb44de689b821c450b874f
2017-12-21 12:45:24 -08:00