Commit graph

289 commits

Author SHA1 Message Date
David Drysdale
c5b7d179c2 Depend on KeyMint HAL via default
This allows for easier bumping of the KeyMint version level.

At the moment this change should have no effect: the same dependency
is used, just reached via a default rather than explicitly.

However, when the KeyMint version increases in the near future, using
this default should mean that no change is needed here: the default
definition will change to -V2 and this will be referenced here.

Test: TreeHugger
Change-Id: Ic250e5b91ee2b48cd7a05783ce21af16ae330ed1
2021-12-02 08:16:25 +00:00
Armelle Laine
904cae37ce Merge "trusty: update default_applicable_licenses "Android-Apache-2.0"" 2021-11-30 23:41:46 +00:00
Armelle Laine
c2cc120d60 trusty: update default_applicable_licenses "Android-Apache-2.0"
rpmb_dev is a rpmb device stub used in emulation
as well as platform early bringup so we don't expect
any open source developer to be impacted by the migration
from MIT to Apache 2.0.
Note that with such a migration to Apache 2.0, recipients
won't receive lesser permissions, they just have updated
requirements for which license text to share along with the code.

Bug: 191508826
Test: None
Signed-off-by: Armelle Laine <armellel@google.com>
Change-Id: I0ae2bc66901344f8f9227e929a98946e52c50355
2021-11-29 19:53:54 +00:00
Treehugger Robot
1d02ce9ad4 Merge "Configure Trusty KeyMint devices to use attest_keys." 2021-11-22 18:21:09 +00:00
Shawn Willden
b440e0c077 Configure Trusty KeyMint devices to use attest_keys.
Change-Id: If86133e7648b601a4a61ea5614e6971a2bb8d264
Bug: 197096139
Test: Manual
2021-11-22 16:52:30 +00:00
David Drysdale
fcf3fc08e4 KeyMint: don't mix Binder and std shared pointers
Bug: 203871378
Test: VtsAidlKeyMintTargetTest, TreeHugger
Change-Id: I8671342939af2bbdef643be9ce81b0bb9e7ae1a9
2021-10-28 15:39:34 +01:00
Marco Nelissen
3e923cd527 Fix 32-bit build
Bug: None
Test: build
Change-Id: Id1a9c2bd4526750eca9b85896d0e90eed58b8f51
2021-10-20 10:11:52 -07:00
Marco Nelissen
08fec49a3b Log if keymaster IPC takes too long
Bug: None
Test: run with very low timeout and verify it logs
Change-Id: I2818683f65c2191518373609c6171c056de55a9a
2021-10-20 07:51:05 -07:00
Thurston Dang
7e8dab775b storageproxyd: discard writes when checkpointing, if necessary
If a checkpointing operation is in progress, discard any write operations
that are flagged as STORAGE_MSG_FLAG_PRE_COMMIT_CHECKPOINT. In tandem
with trusty-side changes that set the flag appropriately, this avoids
the awkward case where the checkpoint is rolled back, which potentially
leads to inconsistency between the data and the superblock.

Based on Stephen's CL/1845477 "Add helper to check checkpoint state of
mounts".

Test: m storageproxyd
Bug: 194313068
Change-Id: Ib6a432db1bc1b034f803b743b0d7322e3f31d814
2021-10-12 03:47:24 +00:00
Armelle Laine
a3359bb3c9 Merge "storageproxyd: Retry RPMB request on UNIT ATTENTION" 2021-10-04 17:32:51 +00:00
Max Bires
9eb326c9c0 Merge "Make RemoteProvisioner required for KeyMint cc_bin" 2021-09-29 19:26:40 +00:00
Stephen Crane
a9085181af storageproxyd: Retry RPMB request on UNIT ATTENTION
Attempts a retry of the intial write or read when an RPMB command
triggers a UNIT ATTENTION condition. This causes the UA status to be
reset and hopefully result in a successful command. This runs the risk
of retrying a successful write, but we wouldn't have been able to get
the RPMB response after that write anyway due to the UA condition.

Test: m storageproxyd
Bug: 200037389
Change-Id: Ib970e779365bb396756c114684c7f6e56a737ab1
2021-09-29 10:28:43 -07:00
Marco Nelissen
0aae5be54f tipc_test: allow connecting to arbitrary services
Add an option to specify a service name. Currently only the "connect"
test supports this, and will try to connect to the named service
instead of the echo and datasink services.
Also fix the built-in help text, as it was missing the "burst" option,
and didn't mention that the "connect" test connects to both the echo
and datasink services.

Bug: 200034376
Test: run

Change-Id: I3903f94c16320f8e07ac4bfb69e3bb45329138c0
2021-09-24 20:14:24 +00:00
Tri Vo
6aaac7cad9 Merge "storageproxyd: Fix inverted conditional in error checking" 2021-09-24 19:05:05 +00:00
Stephen Crane
bdb2eba4a4 storageproxyd: Fix inverted conditional in error checking
check_scci_sense (now renamed unexpected_scsi_sense) was supposed to
return false iff the sense data was valid and did not contain an error.
This return value was inverted. Invert the return values and rename the
function to clarify its role.

Test: m storageproxyd
Bug: 195544379
Change-Id: I3b84188aabe58345a83d2fd57bb8103e730cf365
2021-09-24 10:20:58 -07:00
Marco Nelissen
92cd8891ff trusty_apploader: log to stderr
Print an error message to stderr on connection failure, so that the
command doesn't exit silently in case of the common user error of
forgetting to run it as root.

Bug: None
Test: Run as regular user, see "permission denied" message.
Change-Id: Ia213dedccab27e6152b5eb969fbee06d82d3d4ff
2021-09-21 15:51:58 -07:00
Marco Nelissen
7637d25ae0 re-tab and clang-format tipc_test
tipc_test.c used a mix of tabs and spaces for indentation and other
things that clang-format doesn't like, so retab and format it.

Bug: None
Test: build
Change-Id: I9b3a64bae54697d43e7fb39fe7d6e1dabe0be380
2021-09-20 17:10:05 -07:00
Stephen Crane
38003165b2 [storageproxyd] Dump binary buffers to log instead of stderr
Rewrites the buffer logging to print to the Android log instead of
stderr. The storageproxyd service is started by init and stderr is not
logged anywhere. Because we want to log sense data errors under normal
operation, we need to log to logcat instead of stderr.

Test: Define RPMB_DEBUG, build for qemu-trusty, run, inspect logcat
Bug: 195544379
Change-Id: Iecc0d4680420bb92c94be628789093888a2f1941
2021-09-15 14:17:38 -07:00
Tri Vo
11ffd99154 Merge "Revert^2 "Activate KeyMint."" 2021-09-13 23:31:49 +00:00
Shawn Willden
9863dd3c10 Revert^2 "Activate KeyMint."
81cdd3f3da

Bug: 177729159
Test: VtsAidlKeyMintTargetTest & CtsKeystoreTestCases
Change-Id: I85d9e57fe83627992ddaa705946893a4b9890001
Merged-In: I85d9e57fe83627992ddaa705946893a4b9890001
2021-09-09 14:27:41 -07:00
Treehugger Robot
4fd0ff9756 Merge changes I928ddebc,Iade322a2
* changes:
  storageproxyd: Add logging of failed RPMB transactions
  storageproxyd: Add file handle param to debug buffer print
2021-09-08 20:01:31 +00:00
Stephen Crane
310d805d96 storageproxyd: Add logging of failed RPMB transactions
Adds parsing and logging of SCSI errors from SG_IO calls for RPMB. Does
not alter behavior of the RPMB proxy in response to these errors.

Test: m storageproxyd
Bug: 195544379
Change-Id: I928ddebcb65aa6c305d3dcab7c64bd19d11a50fa
2021-09-07 19:54:16 -07:00
Stephen Crane
dd3f7b867d storageproxyd: Add file handle param to debug buffer print
Adds a file handle parameter to the debug print_buf function to allow
printing to either stdout or stderr.

Test: m storageproxyd
Bug: 195544379
Change-Id: Iade322a21312a676b3599bddafdfc43b599617ea
2021-09-07 19:53:04 -07:00
Max Bires
b688b38666 Make RemoteProvisioner required for KeyMint cc_bin
This change adds the RPK apk back into the image for Trusty Keymint
devices, though the functionality will still be disabled by the
server check-in for now.

Ignore-AOSP-First: Will be CP'ed to AOSP
Bug: 194509629
Test: atest RemoteProvisionerUnitTests
Change-Id: Ic20ca119bd9c0614f7559b24ad60718c813a0cca
2021-08-26 00:31:44 -07:00
Janis Danisevskis
5b4b52126e Handle long responses by keymint IPC.
The KeyMint TA may send responses that are longer thant the 8K buffer
that the KeyMint HAL holds. This patch introduces
trusty_keymaster_call_2 which can grow the receive buffer on demand.

Bug: 195622501
Test: VTS and CTS test for regression testing.
Change-Id: Ia06e590e547e649ca81cda9a71851f334970788f
Merged-In: Ia06e590e547e649ca81cda9a71851f334970788f
2021-08-12 19:21:11 +00:00
Tri Vo
2b52180603 Merge "trusty: storage: Allow starting without /data mounted" 2021-08-06 05:29:45 +00:00
Tri Vo
91e475068d trusty: storage: Allow starting without /data mounted
Bug: 187105270
Test: m
Change-Id: I3735e0752a6e502536000bd3102abda30cbd58fe
2021-08-02 15:02:11 -07:00
Jiyong Park
1486987d34 Remove ndk_platform backend. Use the ndk backend.
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.

Bug: 161456198
Test: m
Change-Id: I7e60ee840fd64f9e36bafa8baea19daab9c15cea
2021-07-27 12:19:00 +09:00
Armelle Laine
d6ddc20d83 Merge "[trusty-base] Update Trusty Keymint properties" 2021-07-23 14:43:12 +00:00
David Drysdale
267adbd4f1 Merge "TrustyKeyMint: support boot, vendor patchlevels" 2021-07-22 06:32:32 +00:00
David Drysdale
e7697d7101 TrustyKeyMint: support boot, vendor patchlevels
- Invoke TrustyKeymaster::ConfigureVendorPatchlevel() from
   remote keymint Initialize(), using vendor patchlevel retrieved
   from property.
 - Add TrustyKeymaster::ConfigureVendorPatchlevel() method to
   send the CONFIGURE_VENDOR_PATCHLEVEL message.
 - Add message type values for
   CONFIGURE_{VENDOR,BOOT}_PATCHLEVEL messages.

Test: pending device availability
Change-Id: Ie42345112b08ef9c669535cef2de60ea77da15b4
2021-07-21 16:26:32 +01:00
Armelle Laine
bd1dbe2bb5 [trusty-base] Update Trusty Keymint properties
Support legacy 3DES algorithm
(property parity with software implementation)

Bug: 193715461
Change-Id: Id2c45b94b2b3375972dd53fa65186007eda35970
Test: atest VtsAidlKeyMintTargetTest
Signed-off-by: Armelle Laine <armellel@google.com>
2021-07-19 16:14:20 +00:00
David Drysdale
a2aba786fe Merge "Splitting out Trusty IPC into a library." 2021-07-19 09:16:47 +00:00
Wenhao Wang
6e0a762290 trusty:storageproxyd: Add wakelock to the UFS commands
We add a wakelock to the sequence of UFS commands so that
the sequence will not be disrrupted when devices get suspended.

Bug: 193456223
Test: Trusty storage tests
Change-Id: Ib90f8b284017cf261d2a2aea940834a42c21de02
2021-07-15 22:34:58 -07:00
Wenhao Wang
09b493b143 trusty:storageproxyd: Fix return paths on errors
The function send_ufs_rpmb_req is missing return paths on errors.
This patch fixes it so that any UFS command failure will return
error code to the function caller.

Bug: 193855098
Test: Trusty storage tests
Change-Id: I391ecff9ed3f892b7c3adae0ceeb18930791326f
2021-07-15 22:24:11 -07:00
Max Bires
a9362a4e60 Splitting out Trusty IPC into a library.
This allows the relevant IPC code to be included in the provisioner tool
easily as it's shuffled over into a non-AOSP component due to
chip specific requirements in provisioning Device IDs.

Bug: 178796950
Test: Stuff builds
Merged-In: I57482e89035e8648544f87291ec14c6aece09bd0
Change-Id: I57482e89035e8648544f87291ec14c6aece09bd0
2021-07-15 16:17:59 +01:00
Seth Moore
8fe5602099 Merge "Client side implementation of Trusty IRPC HAL" 2021-07-14 16:35:37 +00:00
Tri Vo
f9cfeac49e trusty: Increase timeout for ConfirmationUI fuzzer
Bug: 192923547
Test: trusty_confirmationui_msg_fuzzer
Change-Id: I72755b0a35bbc3f2540672ca53acd14b1add38cb
2021-07-12 16:34:01 -07:00
Max Bires
95b5b04872 Client side implementation of Trusty IRPC HAL
This change includes the code necessary to communicate to the
IRemotelyProvisionedComponent backend implementation running in Trusty.
It also makes the relevant changes to the manifest XML file to add the
IRemotelyProvisionedComponent HAL.

Bug: 192228022
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I32c30ce2dc44e95ff91574ce405f10e3b5dc9699
Merged-In: I32c30ce2dc44e95ff91574ce405f10e3b5dc9699
2021-07-08 03:00:51 +00:00
Janis Danisevskis
b24f12226a Forward HAT and ConfirmationToken to TA on finish.
The Trusty KeyMint HAL did not forward auth tokens and confirmation
tokens to the TA. This broke all per-op-bound key operations.

Test: CtsVerifier biometrics tests.
Bug: 192201272
Merged-In: Ifb2b08514acab78ff3d4fec4bc928260820d4ce0
Change-Id: Ifb2b08514acab78ff3d4fec4bc928260820d4ce0
2021-07-01 15:17:32 -07:00
Treehugger Robot
d669e6291c Merge "trusty: Increase maximum number of coverage counters" 2021-06-25 18:50:30 +00:00
Tri Vo
8ad386576f trusty: Increase maximum number of coverage counters
Confirmation UI TA has 52585 counters.

Bug: 171750250
Test: trusty_confirmationui_tipc_fuzzer
Change-Id: Iecb7c88c41c67ce4ab22c56b9e34ad5370b4018d
2021-06-24 22:23:21 -07:00
Shawn Willden
fed81d8e41 Add TrustyKeyMintDevice
Bug: 177729159
Test: Not testable until more CLs land
Merged-In: Iea4e70bb5b4ce051492f2e42d2e0d219d088388e
Change-Id: Iea4e70bb5b4ce051492f2e42d2e0d219d088388e
2021-06-18 07:11:36 -06:00
Andrei Homescu
4b5afea93b trusty: apploader: Handle invalid version error
Bug: 115426059
Test: m
Change-Id: Ia7a850cceb1f60e77959cff9726e348d8356c26b
2021-05-10 22:19:08 -07:00
Tri Vo
e23e85bee5 Merge "trusty: Helper library for metrics" 2021-05-04 14:17:05 +00:00
Tri Vo
a8919a2e82 trusty: Helper library for metrics
Bug: 182489121
Test: libtrusty_metrics_test
Change-Id: I7fc45ea3319185a8ac55889e56bd484d4774e928
2021-05-03 17:15:30 -07:00
Stephen Crane
e54e8d4ebf Trusty: Move tipc fuzzer connection to end of iteration
We detect a TA crash by not being able to reconnect to its channel. We
were previously connecting to the TA at the beginning of each fuzz
iteration, but this results in only detecting a crash on the following
iteration. By moving this connection to the end of the fuzz iteration,
we can detect a crash corresponding to the correct fuzz iteration and
libFuzzer will produce the correct crashing input.

Test: /data/fuzz/arm64/trusty_keymaster_fuzzer/trusty_keymaster_fuzzer
Bug: 185407818
Change-Id: I6808c72611fcabab5b314218f8b588dd7d944188
2021-04-15 01:02:50 +00:00
Treehugger Robot
817f8971ac Merge "trusty: apploader: Log errors to logcat" 2021-04-01 05:30:25 +00:00
Tri Vo
413ab28953 trusty: apploader: Log errors to logcat
Otherwise, these error logs don't end up in bugreports, making it very
difficult to debug.

When using locally, users will have to check logcat instead of stderr.

Bug: 183919392
Bug: 115420908
Test: m
Change-Id: I3b829347971d05968b851e11ce784829d12ef098
2021-03-31 13:27:57 -07:00
Hridya Valsaraju
b3ebe7cd10 Add legacy-align parameter to DmabufHeapAlloc()
The parameter is intended to make the API backwards compatible with
legacy ION devices. It will be ignored for devices that support DMA-BUF
heaps.

Test: build
Bug: 154310076
Change-Id: Ic5b49269283caa7d05d9468f8ed7f02e1b3c1f1e
Merged-In: Ic5b49269283caa7d05d9468f8ed7f02e1b3c1f1e
2021-03-23 16:51:40 -07:00