Commit graph

424 commits

Author SHA1 Message Date
Stephen Crane
0ecf0530db trusty: Increase maximum number of coverage counters
The keymaster TA has 30841 distinct coverage counters, so 0x4000 counter
slots is not enough to handle this TA. Increase maximum number of
coverage counters to 0x8000.

Test: adb shell trusty_keymaster_fuzzer
Bug: 175918322
Change-Id: I879d18538edb4933a4205c8f73b7939ddbf69e37
2021-02-24 15:37:10 -08:00
Stephen Crane
885295f070 trusty: Add keymaster fuzzer corpus
Add an initial corpus for the keymaster fuzzer derived from running the
keystore2 unittests.

Test: adb shell "cd /data/fuzz/arm64/trusty_keymaster_fuzzer/ && ./trusty_keymaster_fuzzer corpus"
Bug: 175918322
Change-Id: I839bb9bacee1800cf2da25aedbb4ce3eccf16cba
2021-02-24 15:34:35 -08:00
Tri Vo
7280acc996 Merge "trusty: fuzz: Link to libtrusty dynamically" 2021-02-23 20:35:01 +00:00
Tri Vo
abd86f8f98 trusty: Export ConfirmationUI helper classes
And fix namespaces.

Bug: 174402999
Test: m
Change-Id: I54dcc92d8c153d0fa2b10b2679a9a871699de8b1
2021-02-23 11:31:35 -08:00
Tri Vo
cb89889af3 trusty: fuzz: Link to libtrusty dynamically
libtrusty can be depended on by multiple thing in a fuzzer's
dependencies tree. It's no longer convenient to link to statically.

Leave tests statically linked. Test infra doesn't seem to handle shared
test libs correctly.

Bug: 171750250
Test: trusty_test_fuzzer libtrusty_coverage_test
Change-Id: Ic7d003151e43fb5bab63354fd42ea9667332743f
2021-02-23 10:23:37 -08:00
Tri Vo
3e9dbccde6 Merge "Update OWNERS based on Trusty team membership" 2021-02-23 05:56:19 +00:00
Tri Vo
eefaf0bb3a Update OWNERS based on Trusty team membership
Change-Id: I2a940f57b3f5da67e12d4f89f9980036d47be321
2021-02-22 14:51:14 -08:00
Greg Kaiser
3e02a60412 trusty: Remove redundant check
This repeats a check in the lines immediately before it.

Test: TreeHugger
Change-Id: I47ac9f359018b87bc283657eddb75ad3d175244e
2021-02-21 10:31:40 -08:00
Stephen Crane
4778579283 Trusty: Add BoringSSL modulewrapper for ACVP
In order to validate the BoringSSL implementation in Trusty using ACVP,
we need a modulewrapper tool that forwards requests to Trusty and back
to the ACVP tool. Adds this tool, which interfaces with the Trusty ACVP
testing service.

Test: make trusty_acvp_modulewrapper
Test: adb shell "acvptool -wrapper trusty_acvp_modulewrapper -json vectors/ACVP-AES-CBC"
Bug: 173805789
Change-Id: I3028e44c00f8e315dfd94ea34c004bbd25fab788
2021-02-19 17:27:46 -08:00
Bob Badour
d69ad69a93 [LSC] Add LOCAL_LICENSE_KINDS to system/core
Added SPDX-license-identifier-Apache-2.0 to:
  bootstat/Android.bp
  cli-test/Android.bp
  code_coverage/Android.bp
  cpio/Android.bp
  debuggerd/crasher/Android.bp
  debuggerd/proto/Android.bp
  diagnose_usb/Android.bp
  fs_mgr/libdm/Android.bp
  fs_mgr/libfiemap/Android.bp
  fs_mgr/liblp/Android.bp
  fs_mgr/libsnapshot/Android.bp
  fs_mgr/libstorage_literals/Android.bp
  fs_mgr/libvbmeta/Android.bp
  fs_mgr/tests/Android.bp
  fs_mgr/tools/Android.bp
  gatekeeperd/Android.bp
  healthd/Android.bp
  healthd/testdata/Android.bp
  init/Android.bp
  init/Android.mk
  init/sysprop/Android.bp
  init/test_kill_services/Android.bp
  init/test_service/Android.bp
  libappfuse/Android.bp
  libasyncio/Android.bp
  libbinderwrapper/Android.bp
  libcrypto_utils/Android.bp
  libcrypto_utils/tests/Android.bp
  libdiskconfig/Android.bp
  libgrallocusage/Android.bp
  libkeyutils/mini_keyctl/Android.bp
  libmodprobe/Android.bp
  libnetutils/Android.bp
  libpackagelistparser/Android.bp
  libprocessgroup/Android.bp
  libprocessgroup/cgrouprc/Android.bp
  libprocessgroup/cgrouprc_format/Android.bp
  libprocessgroup/profiles/Android.bp
  libprocessgroup/setup/Android.bp
  libqtaguid/Android.bp
  libsparse/Android.bp
  libstats/push_compat/Android.bp
  libsuspend/Android.bp
  libsync/Android.bp
  libsystem/Android.bp
  libsysutils/Android.bp
  libusbhost/Android.bp
  libutils/Android.bp
  libvndksupport/Android.bp
  libvndksupport/tests/Android.bp
  llkd/Android.bp
  llkd/tests/Android.bp
  property_service/libpropertyinfoparser/Android.bp
  property_service/libpropertyinfoserializer/Android.bp
  property_service/property_info_checker/Android.bp
  qemu_pipe/Android.bp
  reboot/Android.bp
  rootdir/Android.bp
  rootdir/Android.mk
  rootdir/avb/Android.bp
  rootdir/avb/Android.mk
  run-as/Android.bp
  sdcard/Android.bp
  set-verity-state/Android.bp
  shell_and_utilities/Android.bp
  storaged/Android.bp
  toolbox/Android.bp
  trusty/apploader/Android.bp
  trusty/confirmationui/Android.bp
  trusty/confirmationui/fuzz/Android.bp
  trusty/coverage/Android.bp
  trusty/fuzz/Android.bp
  trusty/fuzz/test/Android.bp
  trusty/gatekeeper/Android.bp
  trusty/gatekeeper/fuzz/Android.bp
  trusty/keymaster/Android.bp
  trusty/keymaster/fuzz/Android.bp
  trusty/libtrusty/Android.bp
  trusty/libtrusty/tipc-test/Android.bp
  trusty/secure_dpu/Android.bp
  trusty/storage/interface/Android.bp
  trusty/storage/lib/Android.bp
  trusty/storage/proxy/Android.bp
  trusty/storage/tests/Android.bp
  trusty/utils/spiproxyd/Android.bp
  trusty/utils/trusty-ut-ctrl/Android.bp
  usbd/Android.bp
  watchdogd/Android.bp

Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-BSD to:
  debuggerd/Android.bp
  fastboot/Android.bp
  libkeyutils/Android.bp

Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-BSD
    SPDX-license-identifier-MIT
to:
  libcutils/Android.bp

Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-MIT
to:
  fs_mgr/Android.bp
  fs_mgr/libfs_avb/Android.bp
  trusty/Android.bp
  trusty/utils/rpmb_dev/Android.bp

Added SPDX-license-identifier-BSD
to:
  fastboot/fuzzy_fastboot/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all

Exempt-From-Owner-Approval: janitorial work
Change-Id: Id740a7d2884556081fdb68876584b25eb95e1bef
2021-02-19 12:59:05 -08:00
Tri Vo
19b62a5182 trusty: ConfirmationUI HAL<->TA IPC using shared memory
Bug: 148421469
Test: VtsHalConfirmationUIV1_0TargetTest
Change-Id: I686150b64da3d3e95618f29e396990660f2054ba
2021-02-17 11:10:14 -08:00
Tri Vo
83e66f792e Merge changes I9e4cbf11,I41cde13a
* changes:
  trusty: Allow fuzzing without coverage
  trusty: Fix up error messages
2021-02-11 22:39:29 +00:00
Andrei Homescu
909beaeae3 trusty: Fix apploader short option
Fix a typo in one of the short command line options
for the Trusty application loader. The typo caused
the tool to incorrectly accept the -s short option
and ignore it, but not accept the -D option which
is the short version of --dev.

Bug: 115420908
Test: m
Change-Id: I9d03f8dd20adedbd820621ae8f9b4d13137041ed
2021-02-11 12:55:00 -08:00
Tri Vo
19eccb4f51 trusty: Allow fuzzing without coverage
Bug: 171750250
Test: m
Change-Id: I9e4cbf11fd223092f9ad800b35d0502c27f71e8f
2021-02-10 16:46:24 -08:00
Tri Vo
ce812a22ca trusty: Fix up error messages
Bug: 171750250
Test: m
Change-Id: I41cde13a891da36c85df6a451b2d051c18365797
2021-02-10 13:31:24 -08:00
Arve Hjønnevåg
7b204ac4ca Merge "trusty: Android part of dynamic app loader" 2021-02-02 01:39:56 +00:00
Andrei Homescu
08d66c5036 trusty: Android part of dynamic app loader
Implement the Android tool that uploads Trusty application package files
to the Trusty app loader.

Bug: 115420908
Test: trusty_apploader boot-start-srv.app
Change-Id: Ie21b8cad749fd565579483944a8b71e861d3a51a
2021-02-01 14:00:35 -08:00
Marco Nelissen
003bf066b2 Merge "Send DeleteUsers/DeleteAllUsers to Trusty" 2021-01-30 22:55:43 +00:00
Shawn Willden
657f71cd26 Add attestation key to generate/import messages
Bug: 171845787
Test: Build
Change-Id: I59bd25dc8998668f0ea2053f3e647bf6cc58885a
2021-01-28 11:56:14 -07:00
Marco Nelissen
53dc3c99b7 Send DeleteUsers/DeleteAllUsers to Trusty
Actually route the DeleteUsers/DeleteAllUsers calls to Trusty,
instead of immediately returning ERROR_NOT_IMPLEMENTED.

Bug: 160731903
Test: "atest VtsHalGatekeeperV1_0TargetTest"
      manual testing with added instrumentation
Change-Id: I11fdaa0812fdfbc9b926611b15d84513ab13b18e
2021-01-25 17:55:19 -08:00
ichihlu
9ee8a75e6b Secure DPU: add folder for common headers
The header SecureDPU.h is moved out from the device specific folder as
it can be shared for different devices.

Bug: 176508588
Test: Pass TUI VTS test on the emulator.
Change-Id: I7695b49c4f7a247b570ced61145471efef3d0a3d
2021-01-22 06:31:37 +00:00
Matthew Maurer
c4abbe6427 trusty: keymaster-hal: Reconnect on failed VERSION
Trusty Keymaster will currently disconnect the client on an invalid
message. This includes the newly introduced GET_VERSION2 message.

While in the future we could change this behavior, this is a backcompat
path and so we can't assume a changed Trusty. Reconnect on failed
GET_VERSION2 before attempting version negotiation.

Bug: 177843218
Test: Set PIN on device using older Trusty
Change-Id: Ie60e4aaafa43e375797e6288b97834cac42413f4
2021-01-20 13:21:37 -08:00
Tri Vo
8da3ee71a3 trusty: Collect sancov file from confirmationui fuzzer
Bug: 174402999
Test: trusty_confirmationui_fuzzer
Change-Id: I06a7b475c0023cf1530aff636e5ac2295009fd73
2021-01-14 21:25:10 -08:00
Tri Vo
315967e660 trusty: coverage: Append .<pid>.sancov to sancov file names
Bug: 175221942
Test: adb shell ./trusty_gatekeeper_fuzzer -runs=0 corpus
Change-Id: Ic7a30b7531e8a327fb8ebe953fa02946e8539579
2021-01-14 21:25:10 -08:00
Tri Vo
2c56d833c5 trusty: fuzz: Explicit errors instead of asserts
Bug: 171750250
Test: m \
      trusty_test_fuzzer \
      trusty_gatekeeper_fuzzer \
      trusty_keymaster_fuzzer \
      trusty_confirmationui_fuzzer
Change-Id: Ib22cf72b2db7b991e716c0116ca57d3f77459ada
2021-01-14 21:25:07 -08:00
Tri Vo
3c651c278c Merge changes Iad1713e1,Iaee2c74b,I6bd1c8b2,I067dd077
* changes:
  trusty: Add simple fuzzer for keymaster TA
  trusty: Increase limit on coverage counters
  trusty: Write out sancov file when fuzzer exits
  trusty: Switch to dmabuf for coverage shared memory
2021-01-14 21:28:16 +00:00
Stephen Crane
f7b8a597f1 trusty: Add simple fuzzer for keymaster TA
Adds a simple libfuzzer-based coverage guided fuzzer for keymaster.
Current coverage is low, so we'll need to improve this with an initial
corpus or a more sophisticated protocol aware fuzzer.

Bug: 175918322
Test: make trusty_keymaster_fuzzer
Test: adb shell /data/fuzz/arm64/trusty_keymaster_fuzzer/trusty_keymaster_fuzzer
Change-Id: Iad1713e1a73cc5a6a3ec742cc433d1337aca9bc3
2021-01-13 16:21:49 -08:00
Stephen Crane
6735f8475e trusty: Increase limit on coverage counters
Keymaster has more than 4096 counters, so we need to allocate a larger
section for the libfuzzer extra counters. Increases the size of the
extra counters section to 16384.

Bug: 171750250
Test: atest libtrusty_coverage_test
Change-Id: Iaee2c74b6d0c7ae8a2e5a30525759f89f825a091
2021-01-13 16:09:33 -08:00
Stephen Crane
6bd77df8fc trusty: Write out sancov file when fuzzer exits
Add emission of sancov file when CoverageRecord is destroyed. This
will occur when a fuzzer driver exits cleanly, i.e. -runs=0 with an
existing corpus.

Test: make trusty_gatekeeper_fuzzer
Test: adb shell ./trusty_gatekeeper_fuzzer -runs=0 corpus
Bug: 175221942
Change-Id: I6bd1c8b2f2091e894c35f7a4874b54577a91c8fc
2021-01-13 16:09:31 -08:00
Stephen Crane
0d67131dd9 trusty: Switch to dmabuf for coverage shared memory
Trusty shared memory now uses dmabuf instead of memfd. Switch the
coverage buffer allocation to use libdmabufheap.

Test: atest libtrusty_coverage_test
Bug: None
Change-Id: I067dd0774d19b42380ce5cb8ceb3541fa77ef9f0
2021-01-13 15:56:25 -08:00
Wenhao Wang
1ee38ede4c Merge "trusty: Adapt to Confirmationui Corpus Format" 2021-01-13 20:17:31 +00:00
Wenhao Wang
dc45de0553 trusty: Adapt to Confirmationui Corpus Format
The corpus of Confirmationui usually contains multiple data packets
to be transfered from Android side to Trusty side.
Therefore we adjust the Confirmationui fuzzer so that it can send
data to Confirmationui TA several times through a same tipc channel.

Bug: 174402999
Bug: 171750250
Test: /data/fuzz/arm64/trusty_confirmationui_fuzzer/trusty_confirmationui_fuzzer
Change-Id: Ib6ae831e6a19c98eb62a1c75f77eb00f914e2f5c
2021-01-12 12:54:27 -08:00
Matthew Maurer
8ca6ab0161 trusty: tipc-test: Use dma_buf rather than memfd
Test: tipc-test -t send-fd
Bug: 117221195
Change-Id: I595cb4ee5fc24d8cafc9a3e706346139a974d674
2021-01-11 10:23:46 -08:00
Matthew Maurer
b6e795513b trusty: tipc-test: Test multi-page support
Test: tipc-test -t send-fd
Bug: 117221195
Change-Id: Ie8623a70f6935ede6bb5e9dd1a7945a7e356d854
2021-01-11 10:23:30 -08:00
Shawn Willden
e3e5ae9eae Merge "Revert^2 "Revise KeymasterMessage versioning system"" 2021-01-06 22:58:32 +00:00
Shawn Willden
9323f4113b Revert^2 "Revise KeymasterMessage versioning system"
24d46bd512

Change-Id: I4edcfdada8321ff181db70002a2661b821f6b33f
Bug: 176867651
Merged-In: Idefcdd64afa7977f6dc2c4299e69cc5065dcc20d
2021-01-06 19:54:24 +00:00
Treehugger Robot
f24141175a Merge "Revert "Revise KeymasterMessage versioning system"" 2021-01-06 09:24:43 +00:00
Bonian Chen
24d46bd512 Revert "Revise KeymasterMessage versioning system"
Revert "Revise KeymasterMessage versioning system"

Revert "Revise KeymasterMessage versioning system"

Revert "Add new message versioning protocol"

Revert submission 1533821-new_km_versioning

Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_master&target=adt3-userdebug&lkgb=7064747&lkbb=7064769&fkbb=7064769, bug 176867651
Reverted Changes:
I040fe7f62:Revise KeymasterMessage versioning system
Ibea104c39:Revise KeymasterMessage versioning system
Ibea104c39:Revise KeymasterMessage versioning system
I425fb45fc:Add new message versioning protocol

Change-Id: I1569334c59cb62be6aae4a42ce999f40c7a472de
BUG: 176867651
2021-01-06 06:42:21 +00:00
Treehugger Robot
936557b6f0 Merge "Revise KeymasterMessage versioning system" 2021-01-05 22:40:06 +00:00
Shawn Willden
db089205aa Revise KeymasterMessage versioning system
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Ibea104c39942c6c88523688306a030f40e9b150f
2020-12-22 20:33:13 -07:00
Stephen Crane
c602562bb2 trusty: Add vendor variant of libtrusty_coverage
We want to add coverage statistics to the trusty-ut-ctrl tool, which is
a vendor binary. Thus we need a vendor variant of libtrusty_coverage.
Merges system libtrusty_test and vendor libtrusty into a single
vendor_available library so that we can add vendor_available to
libtrusty_coverage and make it accessible from vendor tools.

Bug: 175221942
Test: make libtrusty_coverage
Change-Id: I68cc8f1c1580bda8591dbe744e9751474811576d
2020-12-22 22:39:40 +00:00
Bernie Innocenti
62ba2b11b1 Add explicit Result::has_value() checks where needed
Test: m checkbuild continuous_instrumentation_tests continuous_instrumentation_tests_api_coverage continuous_native_tests device-tests platform_tests
Change-Id: Ifd5dcda48e370d750e243d427e68a77dce333951
2020-12-19 21:17:16 +09:00
Tri Vo
56bcb02b6e Merge "trusty: Retrieve coverage PCs from coverage record" 2020-12-15 20:15:08 +00:00
Stephen Crane
e962930d19 trusty: Retrieve coverage PCs from coverage record
Adds the ability to retrieve and save program counter information from
the trusty coverage record data. PC information is saved to a .sancov
file, parseable by the LLVM sancov tool. Sancov can then symbolize and
display this coverage information for consumption by humans.

Adds a sancov dump to the libtrusty_coverage_test for testing.

Bug: 175221942
Test: atest libtrusty_coverage_test
Test: Retrieve sancov file and manually symbolize with sancov
Change-Id: I342ea2ca9abb87986b2904ff69415544ee6070fc
2020-12-14 22:06:13 -08:00
Treehugger Robot
00ed8bdddb Merge "Update message versionioning system" 2020-12-15 01:25:12 +00:00
Tri Vo
5a611cb834 Merge "trusty: fuzz: Link libtrusty_test statically" 2020-12-14 20:39:09 +00:00
Shawn Willden
4f45dc3a7e Update message versionioning system
Bug: 171845787
Test: Build
Change-Id: Ie769113070a8a755a268f65e36384fe333c798b6
2020-12-13 10:56:50 -07:00
Tri Vo
cafdd7c335 trusty: fuzz: Link libtrusty_test statically
Simplifies development flow because libtrusty_test.so doesn't need to be
pushed with the fuzzer.

Bug: 171750250
Test: m trusty_gatekeeper_fuzzer && adb sync data && \
adb shell /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: I7c83b5784ede4881dcd9c2dd33c97bf49fcde6ff

Change-Id: Iba60f03000bfca15b00e484ef3a168604c65554a
2020-12-11 13:19:55 -08:00
Wenhao Wang
bf40c084cc trusty: Add ExtraCounters to Confirmationui Fuzzer
Add ExtraCounters to Confirmationui fuzzer so that the fuzzer can
grab the coverage information of the Confirmationui TA.

Bug: 174402999
Bug: 171750250
Test: /data/fuzz/arm64/trusty_confirmationui_fuzzer/trusty_confirmationui_fuzzer
Change-Id: I2e287281e7c8100f0d48413fbe0ff99d397a74c1
2020-12-11 10:56:40 -08:00
Wenhao Wang
36d45bbfd5 Merge "trusty-ut-ctrl: Make it as binary" 2020-12-02 03:28:58 +00:00
Treehugger Robot
41c2e6286e Merge changes Ie9da525c,I9911f02c,Iad18af1f,I5f432a3d
* changes:
  trusty: provide coverage to gatekeeper fuzzer
  trusty: fuzz: Example TA fuzzer
  trusty: fuzz: Helper lib for libFuzzer extra counters
  trusty: coverage: Coverage client library
2020-12-01 20:20:08 +00:00
Tri Vo
a1008a1edf trusty: provide coverage to gatekeeper fuzzer
Bug: 171750250
Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: Ie9da525c0dcb6c9c5ed2f50396c0065e3a567d22
2020-11-30 20:09:08 -08:00
Tri Vo
680fc001b8 trusty: fuzz: Example TA fuzzer
Bug: 169776499
Test: /data/fuzz/arm64/trusty_test_fuzzer/trusty_test_fuzzer
Change-Id: I9911f02cb49c39f1c3cd89b4e5582e8dfaa645d1
2020-11-30 20:09:07 -08:00
Tri Vo
a67840f998 trusty: fuzz: Helper lib for libFuzzer extra counters
Bug: 169776499
Test: /data/nativetest64/libtrusty_coverage_test/libtrusty_coverage_test
Change-Id: Iad18af1f0404fc47bef481955c7a4292ef3a24ec
2020-11-30 20:09:02 -08:00
Tri Vo
5b40e89894 trusty: coverage: Coverage client library
Bug: 169776499
Test: /data/nativetest64/libtrusty_coverage_test/libtrusty_coverage_test
Change-Id: I5f432a3df04fe7b0e2940a12f8d28b3d0655791f
2020-11-30 19:39:00 -08:00
Wenhao Wang
0124a59fe4 trusty: Fuzzer for Confirmationui TA
Note: We need to add Confirmationui TA into
TRUSTY_BUILTIN_USER_TASKS to run the fuzzer.

Bug: 174402999
Bug: 171750250
Test: /data/fuzz/arm64/trusty_confirmationui_fuzzer/trusty_confirmationui_fuzzer
Change-Id: I22769782ded05eeedeb111f7537b5ba76e98ce73
2020-11-29 13:03:55 -08:00
Tri Vo
9763f21565 Merge changes Id77b87bb,I56a15c80
* changes:
  trusty: fuzz: make utils lib use libtrusty_test
  trusty: Add libtrusty_test
2020-11-24 20:39:26 +00:00
Tri Vo
90c0e833c9 trusty: fuzz: make utils lib use libtrusty_test
Test: m libtrusty_fuzz_utils
Change-Id: Id77b87bb14f09b29f53c78a4ea89073fbe1c83a1
2020-11-23 12:57:44 -08:00
Sasha Smundak
92500f1d93 The last line should not end with backslash
Bug: 173737347
Test: treehugger
Change-Id: I4cae512e92c228684e9743939e29691e2beabebb
2020-11-19 14:54:24 -08:00
Tri Vo
421de90544 trusty: Add libtrusty_test
Used by tests on the system side of the Treble boundary, e.g. fuzzing

Test: m libtrusty libtrusty_test
Change-Id: I56a15c80eb7c4b9e51f8e59a7cd1abdfc35d8d5a
2020-11-18 12:17:16 -08:00
Tri Vo
27b0b3f770 trusty: wrap syscalls in TEMP_FAILURE_RETRY
Needed to handle EINTR robustly.

Test: m libtrusty
Change-Id: I46a58ae911fd8db3d3528e24edbb6013d807b48c
2020-11-17 19:56:07 -08:00
Tri Vo
b47dbe7eb0 trusty: Reformat libtrusty
Test: m libtrusty
Change-Id: I5eb8413e7581603879de5abcb6de7b1b6d3484c0
2020-11-17 19:55:59 -08:00
Wenhao Wang
450311d91a trusty-ut-ctrl: Make it as binary
Make the trusty-ut-ctrl as binary such that we can put it into
factory image, put it into PRODECT_PACKAGES_DEBUG fro the device.mk

Bug: 152901318
Test: Trusty storage tests
Change-Id: I8229113e7649c25d0a712b2b0964f23c9d41cf26
2020-11-12 16:48:18 -08:00
Stephen Crane
5e3a3ce011 trusty: fuzz: dump trusty kernel logs on crash
Adds an Abort() function to the fuzzer utils library that grabs and
prints the relevant trusty kernel logs before exiting the fuzzer.

Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: I7741c7e5e0ffdc402e3d3dd9a7e5856e2a640dd2
2020-11-02 10:16:44 -08:00
Stephen Crane
6c0fb906f6 trusty: Add corpus for gatekeeper fuzzer
Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: I30bb2844972df952d853f0809e2eb8d5b5a1dd9c
2020-11-02 09:58:54 -08:00
Tri Vo
10ffc3417d trusty: Fuzzer for Gatekeeper TA
Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: If55b93b1a15c5bd9a1148ff54a859635a6e7290c
2020-10-29 18:02:01 -07:00
Tri Vo
e8823ffcb4 trusty: fuzz: Helper library
Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: Ife058ca25417e6bee4bf593b10a4e7e4000f9f2f
2020-10-29 18:01:59 -07:00
Wenhao Wang
323353413f Merge "rpmb_dev: Switch to RPMB provisioning scheme" 2020-10-10 05:06:56 +00:00
Arve Hjønnevåg
3e7c3504a3 Merge "trusty: keymaster: set_attestation_key: Change wrapped key" 2020-10-06 23:31:38 +00:00
Wenhao Wang
a560b76faa Merge "rpmb_dev: Fix RPMB_REQ_DATA_READ command" 2020-10-03 05:11:27 +00:00
Arve Hjønnevåg
fe090a4686 trusty: keymaster: set_attestation_key: Change wrapped key
Remove WrappedPrivateKey and select wrapped vs plaintext key command
based on format instead.

Bug: 154033394
Test: send wrapped test key. Not yet accepted by trusty
Change-Id: I3b0a29be78f2a8e84ebd990713f66788256d8e3f
2020-10-02 16:55:16 -07:00
Wenhao Wang
62855c3985 rpmb_dev: Switch to RPMB provisioning scheme
Remove the --key option part to disable the initial setting of rpmb key
on the mock rpmb device.
The RPMB provisioning scheme will program the RPMB key into the mock
rpmb device.

Bug: 152901318
Test: Trusty storage tests
Change-Id: I03b9cfbbd10e2e5364405319a57e2ecc4ee0f48e
2020-10-02 12:39:30 -07:00
Wenhao Wang
975491be09 rpmb_dev: Fix RPMB_REQ_DATA_READ command
Add ".check_key_programmed = true." for RPMB_REQ_DATA_READ such that
we can check whether the rpmb key has been programmed before executing
RPMB_REQ_DATA_READ command.

"JEDEC STANDARD Universal Flash Storage (UFS) Version 3.0" specifies
that data access before the key has been programmed should return
“Authentication Key not yet programmed” (0007h)..

Bug: 152901318
Test: Trusty storage tests
Change-Id: I4759fbce5f37234090a22a1d9dc3b38072f6ecaf
2020-10-02 12:32:30 -07:00
Arve Hjønnevåg
0c32a253df trusty: keymaster: Add set_attestation_key
Add tool to provision keymaster attestation keys.

Bug: 154033394
Test: keys from soft_attestation_cert then VtsHalKeymasterV4_0TargetTest

Change-Id: Ic96e9a8676991b3126bbae99118a1f23ee0744a5
2020-09-10 16:43:20 -07:00
Matthew Maurer
0b9a329303 Merge "Add support for tipc_send()" 2020-08-03 19:35:55 +00:00
Matthew Maurer
e251fa32fd Add support for tipc_send()
* Supports sending memfds in addition to data from an iovec
* Also add a basic test called send-fd

Bug: 117221195
Test: Run send-fd with corresponding Trusty application.
Change-Id: I562d2ff744938c868323a016659ca1332f6a576b
2020-08-03 09:30:37 -07:00
Jeff Sharkey
7b21637782 Update language to comply with Android's inclusive language guidance
See https://source.android.com/setup/contribute/respectful-code for reference

Bug: 161896447
Change-Id: Iafcccbdbdf3ff1078e87000e2ce560ff09b43f68
2020-07-31 16:36:06 -06:00
Treehugger Robot
71db317340 Merge "Use more inclusive language for #inclusivefixit" 2020-07-28 12:03:43 +00:00
Hongguang Chen
a41111070c Use more inclusive language for #inclusivefixit
Updating language to comply with Android’s inclusive language guidance.

See https://source.android.com/setup/contribute/respectful-code for reference.

Bug: 161896447
Test: make
Change-Id: I85a9f48fbab79b3b68f00c0af68750c616d815f8
2020-07-27 22:54:22 +00:00
Hongguang Chen
714adb834a Use more inclusive language for #inclusivefixit
Updating language to comply with Android’s inclusive language guidance.

See https://source.android.com/setup/contribute/respectful-code for reference.

Bug: 161896447
Test: make
Change-Id: I6f1668d1f7925393c72db6ae282003a9ecc723b7
2020-07-27 15:52:32 -07:00
Tri Vo
4e94e5bcfa trusty: spi: Add SPI proxy daemon
Bug: 118762930
Test: /data/nativetest64/trusty-ut-ctrl/trusty-ut-ctrl \
-D /dev/trusty-ipc-dev0 com.android.trusty.swspi.test

Change-Id: I6589009b2570f1101fed73197997d31a454887eb
2020-07-22 11:19:02 -07:00
Matthew Maurer
8f62566566 trusty: rpmb_dev: Prevent desync between rpmb_dev and storageproxyd
The mock RPMB can get out of sync with TD storage blocks in the event of
panic or crash. Making this O_SYNC will prevent this from happening.

Bug: 160723681
Test: None
Change-Id: Ia16dfc88ceae56e4e9724a42ac0db492c0e707a4
2020-07-10 22:09:01 +00:00
Wenhao Wang
469e388e47 trusty:storageproxyd: Fix in_cdb.length setting on send_ufs_rpmb_req
The in_cdb.length (ALLOCATION_LENGTH) must be set in order to send
SECURITY PROTOCOL IN command.

Bug: 143636526
Test: Trusty storage tests
Change-Id: Ie4252e9b19c05825c895ec07f8c9684ae456f6c9
2020-06-12 15:30:08 -07:00
Kenny Root
15351dcf60 Use <fqname> to avoid conflicts
The newer way of specifying the interface is using <fqname> and it also
has the handy side-effect of not causing conflicts when we add the
strongbox implementation to devices.

Test: make # check $OUT for the correct manifest
Change-Id: If8333814723261c4f3de375861ee19a6d922d55f
2020-04-14 14:37:24 -07:00
Matthew Maurer
1010727a48 trusty: keymaster: Remove legacy support
Library based HALs have been deprecated for several years now, and
Keymaster 2 based testing is woefully out of date compared to running
VTS against the modern 3.0 and 4.0 implementations.

Purging these modules and their resulting dependencies will make it
easier for the central system/keymaster repository to move forwards.

Test: mm
Bug: 150239636
Change-Id: Ic2ddbe685a50e65f9db25f682ad33105195efa8a
2020-02-26 00:43:23 +00:00
Treehugger Robot
a78d0cb735 Merge "First working version of the confirmationui HAL service" 2020-01-21 16:40:03 +00:00
Janis Danisevskis
8fe0cfb098 First working version of the confirmationui HAL service
This implementation does not provide any security guaranties.
 * The input method (NotSoSecureInput) runs a crypto protocols that is
   sufficiently secure IFF the end point is implemented on a trustworthy
   secure input device. But since the endpoint is currently in the HAL
   service itself this implementation is not secure.
 * This implementation provides most of the functionality, but not the
   secure UI infrastructure required to run Android Protected
   Confirmation.

Bug: 146078942
Test: VtsHalConfirmationUIV1_0TargetTest
Change-Id: I14717b5fa4ef15db960cdd506b8c6fe5369aec8d
2020-01-17 16:34:48 -08:00
Steven Moreland
e40e4270e8 remove deprecated bp 'subdirs'
noticed some, so thought I would remove them everywhere here

Bug: N/A
Test: N/A
Change-Id: I2978673b158d6c253914ea22f7f0129e446a5f91
2020-01-14 12:18:40 -08:00
Wenhao Wang
d363769dcf Merge "trusty:storageproxyd: Add ufs to parse_dev_type" 2020-01-04 00:10:57 +00:00
Wenhao Wang
3bf07c27de trusty:storageproxyd: Add ufs to parse_dev_type
Modify parse_dev_type function to accept new dev_type argument "ufs".

Bug: 143636526
Test: Trusty storage tests
Change-Id: I9524fd4cb9619b5ce1f4f46e87f1890f84f4d2f3
2020-01-03 13:47:57 -08:00
Matthew Maurer
17785fd185 trusty: storageproxyd: Fix rebase of UFS support
The UFS support got rebased on top of the RPMB socket support
improperly. As a result, RPMB socket support was broken due to an
unconditional rmpb_fd = rc which would set the rpmb_fd to be connect()'s
error code in the case of an RPMB socket.

Bug: 146903427
Test: Boot Trusty+Android with the rpmb_dev mock, check for liveness
Change-Id: Ib1220dc49392f1a10369eed7716e44680bd83a66
2019-12-26 15:03:45 -08:00
Wenhao Wang
ce2f1a4761 Add storageproxyd UFS support
This CL enables storageproxyd to run on UFS device.
The proxy prepares and sends SECURITY PROTOCOL IN/OUT commands to UFS
device.

Bug: 143636526
Test: Trusty storage tests
Change-Id: Ibe16578c12b978c9a95deccfb1873081e8d0e994
2019-12-20 15:44:51 -08:00
Matthew Maurer
503ea0e231 Add support for mocked RPMB
When developing, it may be preferable to operate on a device which does
not have a real RPMB storage, or which is unprovisioned. This CL allows
the rpmb_dev program to act as a daemon serving a fixed key, and for
storageproxyd to speak to rpmb_dev's socket rather than an actual rpmb
device or a virtual rpmb device.

Test: Trusty Gatekeeper VTS
Change-Id: I19b2b143fffb8e68e4a028d00eaf5cd1928e12f6
2019-11-27 14:41:16 -08:00
Treehugger Robot
8578a8a8ec Merge "trusty-ut-ctrl: link statically to libtrusty" 2019-10-31 23:03:54 +00:00
Matthew Maurer
d35f685a7c Update OWNERS based on Trusty team membership
Change-Id: Iafad614b6568e53209752b1c45f0f0209c95684b
2019-10-31 13:32:20 -07:00
Tri Vo
8b1e934555 trusty-ut-ctrl: link statically to libtrusty
Removes the need to push libtrusty.so to run trusty-ut-ctrl binary.

Test: m trusty-ut-ctrl
Change-Id: I19c2957d3eb1dc165e13f2ce5560fe31ea9a2469
2019-10-28 14:54:06 -07:00
Matthew Maurer
dfad089dad Merge "Provide VINTF for Trusty Keymaster" 2019-09-10 19:09:04 +00:00
Matthew Maurer
c649ca538d Provide VINTF for Trusty Keymaster
This makes it easier to add or remove the Trusty keymaster service from
a device by providing a manifest fragment to add whenever it is enabled.

Test: Keymaster VTS, Keystore CTS (sans attestation)
Change-Id: Ib0f5fd7c016c0c18d77c9d2623c89f3b35ba7ad7
2019-09-09 23:23:45 +00:00
Matthew Maurer
3d1023e50d Inject auth token into tags
The reference keymaster at system/keymaster still expects to receive its
auth tokens in the tags, rather than as a separate parameter. This
change injects the separate parameter passed to the KM4 HAL as a legacy
tag in the request.

Longer term, system/keymaster should support a separate authToken
parameter, and it should be serialized and sent to Trusty separately.

Test: Keymaster VTS + Keystore CTS (sans attestation)
Change-Id: Ie69cbd358504bb7612f7d55158509043cdad4e4e
2019-09-09 16:00:36 -07:00
Steven Moreland
a4eaf64de8 Remove libhwbinder/libhidltransport deps
Since these were combined into libhidlbase.

Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I0bdffced6af52695c0ef98c9dd659348e56f7aa6
2019-09-05 14:17:42 -07:00
Janis Danisevskis
7daa66aa07 Replace legacy trusty gatekeeper HAL with HIDLized version
This patch replaces the legacy libhardware based gatekeeper HAL with a
true HIDL based implementation.

Test: Workes with trusty gatekeeper
Change-Id: I072b0c3fc74523400132aacd34e2f2cac9cf261b
Merged-In: I072b0c3fc74523400132aacd34e2f2cac9cf261b
2019-06-23 11:11:09 -07:00
Matthew Maurer
b321b410ff Trusty Keymaster@4.0
Adds support for proxying V4.0 commands to Trusty and makes 4.0 the
default when including trusty-base.mk.

Bug: 128851722
Test: Keymaster VTS 4.0 + Trusty
Change-Id: I2e2220963996fcb88d6953ee1a58af1b947b857d
2019-05-16 14:19:50 -07:00
Matthew Maurer
b0a8c9520b Enable Trusty Gatekeeper@1.0
Previously we only installed the gatekeeper.trusty.so library, which is
insufficient to actually start Gatekeeper. We now also install the -impl
and -service wrappers.

Bug: 127700127
Test: Gatekeeper 1.0 VTS with Trusty running
Change-Id: Idd8d6a4e1e409c2a712dddfd92d5f9cf6b16b50c
2019-03-19 11:18:38 -07:00
Matthew Maurer
57ba8c58fc Add support for RPMB over VirtIO Serial
In order to test Trusty gatekeeper automatically, the storage proxy
needs to be active inside the emulator. This patch allows storageproxyd
to speak a length-framed RPMB to an external RPMB daemon.

For a concrete example of a daemon speaking this protocol, see rpmb_dev
in the Trusty tree.

Bug: 124277696
Test: Launch storageproxyd with -t virt, use Trusty test infra
Change-Id: I391d4768976f0eb1f3b8df58eefd58fc3a9409cd
2019-03-05 17:25:57 -08:00
Matthew Maurer
30ff1f4177 Clang-format before updating storage proxy
These files were previously not clang-format clean. I am submitting the
clang-format cleanup in its own CL to avoid mixing up the code I'm
adding/adjusting with old code which needed to be reformatted.

Bug: 124277696
Test: m
Change-Id: I8a57ca97925a16bee10b15d2013a5dcf87b0ed15
2019-02-21 15:52:11 -08:00
Treehugger Robot
52ca777e57 Merge "trusty: Avoid unnecessary use of static libtrusty" 2019-01-18 21:54:39 +00:00
Matthew Maurer
178c56a1ba trusty: Avoid unnecessary use of static libtrusty
Test: manual
Change-Id: I9e57118b6cc8c24d9ec7a5c34413c196bbba5b51
2019-01-04 12:04:47 -08:00
Michael Ryleev
129fadf051 trusty: Add trusty unittest control utility
It is designed to connect to user specified port and
implements unittest logging protocol supported by
typical unittest ap running on Trusty side.

Test: manual
Change-Id: I6e37ccee9b9e4dde563ef0e4f531b42091cc2bd8
2019-01-04 11:54:26 -08:00
Chih-Hung Hsieh
747eb149d0 Add noexcept to move constructors and assignment operators.
Bug: 116614593
Test: build with WITH_TIDY=1
Change-Id: I5a7461386946ca623ab509609092aa0ac8418b80
2018-10-05 16:43:47 +00:00
Michael Ryleev
bfccad2474 trusty: keymaster3: Modify TrustyKeymaster3Device::update method
Modify TrustyKeymaster3Device::update method to handle the case when
amount of input data received exceeds a maximum amount supported by
underlying transport. In such case, only send an portion of data that
fits and allow higher levels to take care of the rest.

This is not an ideal fix as it is not very efficient for large sets
of data but at least it should work in more cases.

Test: android.keystore.cts
Change-Id: Id7360d0da3b87493193d480fc0c78c65dc1fc51f
2018-09-18 16:12:24 -07:00
Treehugger Robot
d361839b30 Merge "add the impementation of delete_key, delete_all_key for Legacy HAL" 2018-09-11 22:40:31 +00:00
Roberto Pereira
1b4ab72459 trusty: keymaster: remove unnecessary group from trusty KM3 HAL service
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: Ib943a9aa5a0cab27913173a68932db651e991907
2018-09-10 19:19:44 +00:00
Treehugger Robot
d230bcf4b0 Merge "Fix disagreement of client_id/app_data pointer semantic" 2018-09-04 19:43:03 +00:00
Janis Danisevskis
56c533dfd9 Fix disagreement of client_id/app_data pointer semantic
KM1/KM2 implementations should treat nullptr and KeymasterBlob{nullptr, 0}
equally when passed in as client_id or app_data. However, trusty KM1
treats them differently.

Bug: 113110105
Bug: 113084196
Change-Id: Ie0e2b5d60d808e4f7a8e48aeb4c694268f9bc0a1
2018-09-04 19:42:10 +00:00
Yan, Shaopu
764d62e204 add the impementation of delete_key, delete_all_key for Legacy HAL
the new layer (Keymaster2PassthroughContext) will call the related function
operation, however, currently it’s null so it will have null pointer reference
issue and we need to provide them in the keymater legacy HAL.

Bug: 113084196
Change-Id: Id1b0df47c03d341aedc7a0634cb101966143641c
2018-08-24 21:10:50 +00:00
Roberto Pereira
37996b6c67 trusty_keymaster_ipc: Use ALOGV instead of ALOGE for info/debug message
This message was originally ALOGV but got accidentally changed during a
refactoring in 81ebcb1943

Bug:110153632
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: Ibdfa0ab50cb8544c6f23c15049904f1741769647
2018-08-23 15:56:09 -07:00
Roberto Pereira
b5dfc75a32 Switch from old style KM2 HAL to new KM3 HAL
Bug:110153632
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I31b6a66a44eb1a6bf89c6eb6a3c632ace83071a9
2018-08-14 10:49:38 -07:00
Roberto Pereira
2426197400 Add Keymaster 3.0 binderized Trusty HAL
Based on AndroidKeymaster3Device

Test: VtsHalKeymasterV3_0TargetTest
Bug:110153632
Change-Id: I682e5c9823ed3d8d8c0cfde0713ee64f96eab78a
2018-08-14 10:49:38 -07:00
Roberto Pereira
81ebcb1943 Move IPC functionality from trusty_keymaster_device to trusty_keymaster_ipc
This allows the IPC functionality to be used by multiple HAL
implementations

Test: trusty_keymaster_tipc & keystore.trusty compile
Bug: 110153632
Change-Id: I78f273db6f59a417319058113e15e422ece73290
2018-08-08 17:31:18 -07:00
Roberto Pereira
22a3b1f733 Update the Trusty Keymaster directory structure
Added three new directories:
  - include: contains ipc and legacy header files
  - ipc: contains common keymaster IPC code that can be shared between HALS
  - legacy: contains the old style HAL implementation

Test: trusty_keymaster_tipc & keystore.trusty compile
Bug:110153632
Change-Id: I2fdaa9d3d0421a0e359c05807ab5f0a12c5d3996
2018-08-08 17:22:24 -07:00
Roberto Pereira
4f9599e4fe Run clang-format on all trusty/keymaster .cpp and .h files
Test: Compiles
Bug: 110153632
Change-Id: Ib6e1df87d3c3dfd8c507768d9018114a1b962d74
2018-08-08 17:22:24 -07:00
Arve Hjønnevåg
c97372e73b Merge "trusty: tipc_test: Read output and test result from ta2ta_ipc_test"
am: 7b7e416649

Change-Id: I17c82528a7e373dd18137c7c976e868d4718bd5f
2018-07-25 17:24:18 -07:00
Arve Hjønnevåg
7b7e416649 Merge "trusty: tipc_test: Read output and test result from ta2ta_ipc_test" 2018-07-26 00:17:54 +00:00
Elliott Hughes
5ae98112eb Merge "trusty: add the trusty folks to the system/core/trusty/ OWNERS."
am: e663c78d92

Change-Id: I293f21462010e8098b226277636f04b4cd4b02a7
2018-07-25 16:59:03 -07:00
Elliott Hughes
e87aaf9831 trusty: add the trusty folks to the system/core/trusty/ OWNERS.
Bug: N/A
Test: N/A
Change-Id: Icd74a1fa322b4f7bd6a6a4d9e1b375b5598f84b6
2018-07-25 15:01:15 -07:00
Arve Hjønnevåg
b6d6075983 trusty: tipc_test: Read output and test result from ta2ta_ipc_test
Bug: 79993976
Test: tipc-test -t ta2ta-ipc
Change-Id: If30b9acfab035974ddf1bec0e89e530fdeab4b2f
2018-06-29 15:03:25 -07:00
Elliott Hughes
4c33b88c4b Merge "bpfmt." am: 0609e8d231 am: b57755c429
am: a91867a788

Change-Id: Ieb0985434e2464e47b3adb93fb27fe5042e91657
2018-02-20 02:24:45 +00:00
Elliott Hughes
dc699a269f bpfmt.
Bug: N/A
Test: builds
Change-Id: I89ad00e1c4c7e0767bc80a7ac7935a4d55e090ac
2018-02-16 17:58:14 -08:00
Yi Kong
04e5fde33d Merge "Use correct format specifier" am: 370d2e02e0 am: ef44dd2325
am: 53d69290a7

Change-Id: I158f99bdba598d64bc676be4ea4e1c38e6cbcce4
2018-01-03 20:45:03 +00:00
Yi Kong
21c515ad1c Use correct format specifier
Discovered by the upcoming compiler update.

Test: m checkbuild
Change-Id: I8dd4bb711bfa4f4b71a3345a2ee38f689cee5257
2017-12-27 13:42:49 -08:00
TreeHugger Robot
40b150f9d5 Merge "Remove libkeymaster_staging" 2017-12-21 22:10:29 +00:00
Shawn Willden
10ed6fcc85 Add swillden and dkrahn to OWNERS
Test: N/A
Change-Id: I0d3fd54af475ee9184eb44de689b821c450b874f
2017-12-21 12:45:24 -08:00
Shawn Willden
625140d6e7 Remove libkeymaster_staging
Test: Builds
Change-Id: I62cc11ec4aca5ccbe2d7d56e9ddf0c78591383f7
2017-12-21 12:50:10 -07:00
Elliott Hughes
3289b9c928 Merge "Add OWNERS." 2017-12-07 23:21:26 +00:00
Elliott Hughes
693d63f9cf Add OWNERS.
Bug: N/A
Test: N/A
Change-Id: Ie785058c0f5eb9b4086c98ccba6e63e3ed411b65
2017-12-07 13:30:03 -08:00
Yan, Shaopu
a3e4876715 Merge "add null pointer check for msg buffer"
am: f03f2a5cd7

Change-Id: I988bd6cf38aae918dd6b8c547b6db92501925685
2017-11-28 19:58:40 +00:00
Yan, Shaopu
53eb0cb5a3 add null pointer check for msg buffer
Test: Build
Change-Id: I94e08ccc8372449f11f6e673b6449c50d7eef4f9
2017-11-28 15:17:27 +08:00
Xin Li
23e27db576 Merge commit 'a63ccea6abc7ea02e2d98e41c80793ca97237bd3' from
oc-mr1-dev-plus-aosp into stage-aosp-master

Change-Id: Ia33311cd1fd26dfaea59a69317b306fb91203c40
Merged-In: I03d06b10807e8a313c9654c2e1db36bfb59e3f99
2017-11-14 13:19:45 -08:00
Chih-Hung Hsieh
122352d983 Use -Werror in system/core
* Move -Wall -Werror from cppflags to cflags.
* Fix/suppress warning on unused variables.

Bug: 66996870
Test: build with WITH_TIDY=1
Change-Id: I1e05e96a1d0bcb2ccef1ce456504b3af57167cc5
2017-11-01 11:32:55 -07:00
Treehugger Robot
74e7c2f4bd Merge "Add missing includes." 2017-10-23 20:49:56 +00:00
Dan Albert
ee33873a5a Add missing includes.
Exempt-From-Owner-Approval: trivial cleanup
Test: mma
Bug: None
Change-Id: Ieb452cc9ea6ffc600873562aa37a1e3fc031dd98
2017-10-17 16:26:38 -07:00
Elliott Hughes
a3524a255f resolve merge conflicts of 796987482 to stage-aosp-master am: bb5ec4a926
am: 314ddcd9a3

Change-Id: I4fee960013f5539d85613eb09e365ee580ed1745
2017-10-17 21:57:49 +00:00
Treehugger Robot
796987482f Merge "<stdbool.h> not necessary in C++." 2017-10-17 19:26:53 +00:00
Elliott Hughes
a0f73f9bff <stdbool.h> not necessary in C++.
Bug: N/A
Test: builds
Change-Id: I1f32b202e353414e74ace87a7d5b495b5deb5f99
Merged-In: I1f32b202e353414e74ace87a7d5b495b5deb5f99
2017-10-17 16:21:33 +00:00
Janis Danisevskis
5c148f3f26 libkeymaster1 split
libkeymaster1 was split into libkeymaster_portable and
libkeymaster_staging.

Bug: 37467707
Test: mma -j
Merged-In: Iead014db3f3d841f08c8072b0493ec9fd7a05055
Merged-In: I63869316451867d54bf34afb28ea232cc7eddbae
Change-Id: Iacdcef8631b4903fef4a79d146a9f59e37f31c3f
2017-10-14 01:18:32 +00:00
Dan Albert
f0d3f6716a Add missing includes.
Test: mma
Bug: None
Merged-In: I8a3390d186aec73f55ae2be2c7b4b2deffed810f
Change-Id: I8a3390d186aec73f55ae2be2c7b4b2deffed810f
2017-10-11 13:31:43 -07:00
Andreas Gampe
a0e683c6a7 Merge "Keymaster: Move test to std::unique_ptr" am: 81348ffa9e am: 346d7e1405
am: 0fdb8616b8

Change-Id: Ie48dcc9b3c874697b726d6ab0a333905c455adb8
2017-10-02 21:37:31 +00:00
Andreas Gampe
346d7e1405 Merge "Keymaster: Move test to std::unique_ptr"
am: 81348ffa9e

Change-Id: I74b22a692e23589002eca812b88dc458bc67fad4
2017-10-02 21:22:16 +00:00
Andreas Gampe
b9d9da25ca Keymaster: Move test to std::unique_ptr
In preparation for UniquePtr removal.

Test: mmma system/core/trusty/keymaster
Change-Id: I42ca2b0d30d87e838d35a82e7ccea4e784acb2f6
2017-10-02 11:53:22 -07:00
Christopher Ferris
fcede542f2 Merge "Add missing include for readv." am: 1f6a807bac am: 831140358d
am: 4c4b8edb19

Change-Id: Ib5f0f4b99a0775329ec12130b84cf68997fe2008
2017-08-26 15:25:15 +00:00
Christopher Ferris
831140358d Merge "Add missing include for readv."
am: 1f6a807bac

Change-Id: Ib0530b4e3ea1a9fdc779c87cdd12489859a35bff
2017-08-26 15:19:14 +00:00
Christopher Ferris
5d6a0325ef Add missing include for readv.
Test: Builds.
Change-Id: Ia8511dcec6f49d3f6016a4dac88ccf343495349b
2017-08-25 17:33:38 -07:00
Hung-ying Tyan
f151c8efd2 Merge "Move trusty reference implementations to /vendor" into oc-mr1-dev
am: 9495196e20

Change-Id: I8e21eb54387caa145eac24de9a4b1ec752e7193e
2017-08-23 02:42:18 +00:00
Hung-ying Tyan
063a3fa4d2 Move trusty reference implementations to /vendor
Trusty implementations are provided by vendors. This patch moves
the AOSP reference implementations to the vendor partition.

Bug: 63085384
Test: Build gordon_peak which adopts trusty as the TEE and confirm
      that libtrusty and gateway.trusty are moved to /vendor.
Test: Build marlin which does not adopt trusty as the TEE and confirm
      that this patch has no effect on the build result.
Test: mmm BOARD_VNDK_VERSION=current system/core/trusty
Change-Id: I7f6d897b86c69d06923a18d28154760e006dd193
2017-08-22 11:23:45 +08:00
Jocelyn Bohr
4a6626980c Merge "Pass in message_version_ received from the secure side." am: 1a955faab2 am: 4e8bbb968c am: 3a5d47af18
am: eb7207dbcd

Change-Id: I40d7f76b82cf87b6b156015db141ceb58ff10a38
2017-08-16 00:25:56 +00:00
Jocelyn Bohr
eb7207dbcd Merge "Pass in message_version_ received from the secure side." am: 1a955faab2 am: 4e8bbb968c
am: 3a5d47af18

Change-Id: If57d80e166bb9ffd915ffe58ebb371bb3ada91c1
2017-08-16 00:13:37 +00:00
Hung-ying Tyan
52723d68f9 Merge "Remove nvram trusty implementation." into oc-mr1-dev
am: 46691ee85c

Change-Id: Ia9a30f38a6e2bbad926ea6e336f943f8da9e45b6
2017-08-16 00:07:04 +00:00
Treehugger Robot
1a955faab2 Merge "Pass in message_version_ received from the secure side." 2017-08-15 23:35:48 +00:00
Hung-ying Tyan
98a48d8e4b Remove nvram trusty implementation.
Bug: 64705490
Test: build pass
Change-Id: I32a1565ec935fff1c45540442134a37b55702752
2017-08-15 18:52:42 +08:00
Jocelyn Bohr
d74c72db7e Merge "Enable non-secure side to receive messages > 4K" am: 28fa8b0924 am: 9295f6f36d
am: c323791e73

Change-Id: I142fbd2ce1005489090a0bf287a27bd1946a7ced
2017-08-12 03:16:34 +00:00
Treehugger Robot
28fa8b0924 Merge "Enable non-secure side to receive messages > 4K" 2017-08-12 03:02:01 +00:00
Jocelyn Bohr
38b9b49941 Pass in message_version_ received from the secure side.
Without this there is the possibility of message version mismatch
between the secure side and the non-secure side.

Bug: 63746689
Test: cts passes
Change-Id: I242974eb86dd86ba0f657e7ab3af4ac14c08bb5c
2017-08-11 18:08:56 -07:00
Hung-ying Tyan
5505eb783b Revert "Move trusty reference implementations to /vendor"
The CL is not complete and will cause build break when BOARD_VNDK_VERSION is set.

This reverts commit 7d81b4e081.

Change-Id: If9632fb7ee8147c39f1ad0860ddc3bed62ba89db
2017-08-11 08:02:21 +00:00
Jocelyn Bohr
b3ed3772b9 Enable non-secure side to receive messages > 4K
AttestKeyResponse may be larger than 4K (always less than 8K) when
attesting an RSA key. This change allows the non-secure side to read a
response that may be larger than 4K by adding an additional bit
indicating the end of a response. If a message command has the
KEYMASTER_STOP_BIT set, then the non-secure side knows that the response
has been fully read.

Test: android.keystore.cts.KeyAttestationTest#testRsaAttestation passes
      with production attestation key and chain, when AttestKeyResponse is
      larger than 4K.

      Tested with other CTS tests when keymaster messages are smaller
      than 4K, still passes.

      Manual test to verify that a tipc error due to large message size is
      handled correctly.
Bug: 63335726

Change-Id: I8776ba7ca70da893648e15cfa770784ab31a2cb0
2017-08-10 16:53:27 -07:00
Hung-ying Tyan
7d81b4e081 Move trusty reference implementations to /vendor
Trusty implementations are provided by vendors. This patch moves
the AOSP reference implementations to the vendor partition.

Bug: 63085384
Test: build gordon_peak which adopts trusty as the TEE and confirm
      that libtrusty and gateway.trusty are moved to /vendor.
Test: build marlin which does not adopt trusty as the TEE and confirm
      that this patch has no effect on the build result.
Change-Id: I9a5440071386b929058207fdef560ed2d7223ba3
2017-08-10 10:48:17 +08:00
Jocelyn Bohr
67d5ddde7b Merge "Return correct error code when finish input length is too long." am: 90657bbeab am: efea269a75
am: 18e3e2a66f

Change-Id: I40d235ba41cdb8a94d2955ed4dc77d94df72ed7b
2017-08-03 23:55:11 +00:00
Treehugger Robot
90657bbeab Merge "Return correct error code when finish input length is too long." 2017-08-03 23:35:05 +00:00
Jocelyn Bohr
f1e5edf765 Return correct error code when finish input length is too long.
Bug: 63745895
Change-Id: I465bf9138a0a21363f89f2c6074f7108ee33af70
2017-08-03 13:59:10 -07:00
Elliott Hughes
cb6e5d6ed2 Merge "Stop asking for old versions of C++ in system/core." am: e61e2fcf21 am: 0915192d8b
am: 514464f4ca

Change-Id: Ibbd6515b4a44105e7b965e7b36bc4c3648c7e713
2017-08-03 02:33:04 +00:00
Elliott Hughes
972d078b3e Stop asking for old versions of C++ in system/core.
Bug: http://b/32019064
Test: builds
Change-Id: I1befc647b581bd293f98010e816b6413caab5e6c
2017-08-02 14:06:28 -07:00
Steven Moreland
57db1511bd Merge "system/core: use proper nativehelper headers" am: 4f59afe9fa am: 6208cd1322
am: 106c355688

Change-Id: I8ddfceec58ab69b6c0952ea39f3ad78802f5d7bc
2017-07-19 15:36:37 +00:00
Steven Moreland
00fe3ad728 system/core: use proper nativehelper headers
libnativeheader exports headers under nativeheader. These were
available before incorrectly as global headers in order to give
access to jni.h.

Test: modules using system/core find headers
Bug: 63762847
Change-Id: I86240f7857dd815100cab32ad261aa9a0a54329c
2017-07-18 17:03:20 -07:00
Steven Moreland
8bb85bd07c trusty*: Android.mk -> Android.bp
Test: links
Bug: 37512442
Merged-In: I86bcdcfffbbd81dedb921612bd2d21ea4aabaeb1
Change-Id: I86bcdcfffbbd81dedb921612bd2d21ea4aabaeb1
2017-05-08 16:54:04 +00:00
Steven Moreland
c5c1937b58 trusty*: Android.mk -> Android.bp
Test: links
Bug: 37512442
Change-Id: I86bcdcfffbbd81dedb921612bd2d21ea4aabaeb1
2017-05-08 09:47:26 -07:00
Steven Moreland
38207765fb Merge "trusty/storage/* to Android.bp" am: 1dcd257a21 am: 1561e34bf4 am: 9b7632ef8a
am: bc7edfe56f

Change-Id: I4b762bf23b062862824a98bb9e7c099388ae3e5c
2017-05-05 03:50:40 +00:00
Janis Danisevskis
8f7d80468e Rename libkeymaster to libkeymaster_staging
Fix a build breakage by renaming libkeymaster to
libkeymaster_staging. fugu's vendor tree already had
a libkeymaster.so which masked system/keymaster/libkeymaster.

Bug: 37997750
Change-Id: Iead014db3f3d841f08c8072b0493ec9fd7a05055
2017-05-04 14:15:30 -07:00
Steven Moreland
7f0a5bd767 trusty/storage/* to Android.bp
Test: links
Bug: 37512442
Change-Id: I53449f572e41a24a4e49b16ef01bdbb23cc10cb5
2017-05-04 15:51:50 +00:00
Janis Danisevskis
275b62a9a3 libkeymaster1 split
libkeymaster1 was split into libkeymaster_portable and libkeymaster.

Bug: 37467707
Change-Id: I63869316451867d54bf34afb28ea232cc7eddbae
2017-05-03 15:54:44 +00:00
Janis Danisevskis
8a0f637d41 Revert "libkeymaster1 split"
This reverts commit c5bb8c74d1.

Reason for revert: build breakage

Change-Id: I892346eec4a4628da893b0cd4182c8f546beb60a
2017-05-03 00:22:39 +00:00
Janis Danisevskis
c5bb8c74d1 libkeymaster1 split
libkeymaster1 was split into libkeymaster_portable and libkeymaster.

Change-Id: Iacdcef8631b4903fef4a79d146a9f59e37f31c3f
2017-05-01 12:32:37 -07:00
Steven Moreland
f304a20523 libtrusty: Android.mk -> Android.bp
Test: links

Change-Id: Ic64361f98e9e51b62bfda8b2b1c3a00ae03f0a37
2017-04-26 18:58:18 -07:00
Jocelyn Bohr
5020603116 trusty: keymaster: update device tests to use 2.0 API
Test: builds, ran trusty_keymaster_tipc on imx6ul
Change-Id: Ie9e8ee35ec31aead12adb348e6542a648b41fd7a
2017-04-10 17:33:49 -07:00
Jocelyn Bohr
465615e538 trusty: keymaster: Implement abort
Test: builds
Change-Id: I8dfef740a75ff76aebd3ee63aa747e319193aaed
2017-04-10 17:33:49 -07:00
Jocelyn Bohr
e57f3ce2bf trusty: keymaster: Implement finish
Test: builds
Change-Id: I8505f428613176eea5373a459bbce0de17406c55
2017-04-10 17:33:49 -07:00
Jocelyn Bohr
86eb966106 trusty: keymaster: Implement update
Test: builds
Change-Id: Ie411a4e7ae3b5242814777f2781e1d2508917bfa
2017-04-10 17:33:49 -07:00
Jocelyn Bohr
d7da42c0fa trusty: keymaster: Implement begin
Test: builds
Change-Id: Icb5470a8c95131ee3d68ab2ce41423302b9ed531
2017-04-10 17:33:49 -07:00
Jocelyn Bohr
22812e9a30 trusty: keymaster: Implement upgrade_key
Test: builds
Change-Id: I2ce86be1cd2c2c35ded371b21cb6546c31e0014e
2017-04-10 17:33:49 -07:00
Jocelyn Bohr
a256198b92 trusty: keymaster: Implement attest_key
Test: builds
Change-Id: Ic5bf59db43b4301cbc2fa216470b9f07de8336b0
2017-04-10 17:33:49 -07:00
Jocelyn Bohr
4cbfa7f2f0 trusty: keymaster: Implement export_key
Test: builds
Change-Id: I47d1ed4144014fca47fdf67f9f4d2eb0d9b1eb8f
2017-04-10 17:33:49 -07:00
Jocelyn Bohr
2d768669fa trusty: keymaster: Implement import_key
Test: builds
Change-Id: Ie130df9958d0a75fdedb463a38ea2625e88940db
2017-04-10 17:33:49 -07:00
Jocelyn Bohr
a02270fdd9 trusty: keymaster: Implement get_key_characteristics
Test: builds
Change-Id: I6e6a28d8eec5ff91a9e8c82597593857732407f3
2017-04-10 17:33:45 -07:00
Jocelyn Bohr
e514dd8ad4 trusty: keymaster: Implement generate_key
Test: builds
Change-Id: Ib77e29709eed2e5f0cd16ed214db61f4257fcebd
2017-04-10 17:21:10 -07:00
Jocelyn Bohr
126402aae7 trusty: keymaster: Implement add_rng_entropy
Test: builds
Change-Id: Iec5f61777f9b39136028d61acaf724b9fafb4492
2017-04-10 17:19:49 -07:00
Jocelyn Bohr
dccc76cd0b trusty: keymaster: Implement configure
This patch also forces the underlying structure of enum keymaster_command
to be uint32_t.

Test: builds
Change-Id: Ie8969beb9d6a15313456fbe54ef3806f6778ade2
2017-04-10 17:19:26 -07:00
Jocelyn Bohr
e194e272f3 trusty: keymaster: Begin update from Keymaster 0.3 to 2.0
Replaces all Keymaster 0.3 methods with Keymaster 2.0 methods.
Stub out implementations.

Change-Id: Ie92110eb9da77ead98f65ed53d9a9c9457b8ac3c
Test: builds
2017-04-10 17:18:00 -07:00
Mark Salyzyn
5654a887b1 trusty: use log/log.h for ALOG macros
Test: compile
Bug: 34250038
Change-Id: I12e7c6ea5a9ca950751fcf65352889650f198986
2017-01-13 07:30:11 -08:00
Mark Salyzyn
30f991f251 liblog: use log/log.h when utilizing ALOG macros
Test: compile
Bug: 30465923
Change-Id: Id6d76510819ebd88c3f5003d00d73a0dbe85e943
2017-01-11 09:31:15 -08:00
Mark Salyzyn
cfd5b080af system/core: preparation to pull back interfaces from android/log.h
Point to log/log.h where necessary, define LOG_TAG where necessary.
Accept that private/android_logger.h is suitable replacement for
log/logger.h and android/log.h.

Correct liblog/README

Effectively a cleanup and controlled select revert of
'system/core: drop or replace log/logger.h' and
'system/core: Replace log/log.h with android/log.h'.

Test: compile
Bug: 30465923
Change-Id: Ic2ad157bad6f5efe2c6af293a73bb753300b17a2
2016-10-20 08:11:39 -07:00
Mark Salyzyn
ff2dcd9af9 system/core Replace log/log.h with android/log.h
Should use android/log.h instead of log/log.h as a good example
to all others.  Adjust header order to comply with Android Coding
standards.

Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: I33a8fb4e754d2dc4754d335660c450e0a67190fc
2016-09-30 12:47:05 -07:00
Mark Salyzyn
66ce3e08c5 system/core Replace cutils/log.h with android/log.h
Should use android/log.h instead of cutils/log.h as a good example
to all others.  Adjust header order to comply with Android Coding
standards.

Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: I2c9cbbbd64d8dccf2d44356361d9742e4a9b9031
2016-09-30 12:47:05 -07:00
Chih-hung Hsieh
6dc68cb5f9 Merge "Fix google-explicit-constructor warnings in system/core." 2016-07-29 16:57:17 +00:00
Mattias Nissler
bcd37e67db Merge "trusty: Add nvram-wipe utility." 2016-07-29 08:17:08 +00:00
Chih-Hung Hsieh
034c475931 Fix google-explicit-constructor warnings in system/core.
* Declare explicit conversion constructors.
* Add NOLINT for implicit conversion constructors.
* Fix also some misaligned indendations.

Bug: 28341362
Change-Id: Idf911f35923b408d92285cc1a053f382ba08c63e
Test: build with clang-tidy
2016-07-26 11:26:01 -07:00
Chih-Hung Hsieh
cdb2ca5d9f Fix misc-macro-parentheses warnings in system/core.
Add parentheses around macro arguments used beside operators.
Bug: 28705665

Change-Id: I9226f319e283be640eddc31687f75b51a8ef0ac6
2016-06-22 14:33:13 -07:00
Mattias Nissler
ab8fe428db trusty: Add nvram-wipe utility.
This adds a small utility which is useful to trigger access-controlled
NVRAM wipes from recovery and to disable wiping functionality after
boot.

BUG: 29260086
Change-Id: I131d400ab2643ce91d7838a2bb770afd48f83b5f
2016-06-15 14:09:53 +02:00
Michael Ryleev
462461bd28 trusty: storageproxyd: use upstream kernel headers
Force usage of upstream kernel headers to pull in
definition of rpmb related structures.

This change is required until b/25567964 is resolved.

Change-Id: Ic710d32281dcdd093f6308b82ee937143b692613
Bug: 25567964
2016-05-24 14:52:38 -07:00
Michael Ryleev
e2d6564818 trusty: storage: add tests
Change-Id: I40c9ea47e1304ef35db3d5936b001b63f3a9795e
2016-05-18 13:31:36 -07:00
Michael Ryleev
abebb89359 trusty: storage: add client lib for testing
Change-Id: I593aeed5f657b5de1fce47264ae31aa6e79f2a63
2016-05-18 13:31:36 -07:00
Michael Ryleev
f59560df2c trusty: storage: implement storage proxy daemon
Change-Id: I80cdf61e5ced00dd32a3e35eb81969d25b624df9
2016-05-02 15:12:01 -07:00
Andres Morales
117b1307d9 trusty: storage: add trusty interface header
Change-Id: I9885cc8d4204690690b384bbf209f82cb64f9265
2016-05-02 15:12:01 -07:00
Michael Ryleev
aedf9af3ec trusty: add trusty-base.mk
The trusty-base.mk should be included by devices that use
Trusty TEE to pull in the baseline set of Trusty specific modules.

Change-Id: I47c2095a21f47a40d390c9d5426380ad9507a708
2016-05-02 15:12:01 -07:00
Andres Morales
95989dbb0f trusty: add keymaster module
Change-Id: Id240b1b33e07d4cb3ea9d188014701e3d2b3c477
2016-05-02 15:12:01 -07:00
Andres Morales
1571f47f3c trusty: add gatekeeper module
Change-Id: I3e468c103326e6a9147dbed6c803748ffd5e207a
2016-05-02 15:12:01 -07:00
Mattias Nissler
ff03857437 Merge "[core][trusty] Implement Trusty NVRAM HAL module." 2016-03-15 14:43:29 +00:00
Mattias Nissler
32ac6aafa4 [core][trusty] Implement Trusty NVRAM HAL module.
This adds an NVRAM HAL module implementation which interfaces with the
Trusty NVRAM app.

BUG: 23524282
Change-Id: Ibfee13baccc2c5369786a078f2feffcd4eb7a139
2016-03-11 16:07:05 +01:00
Michael Ryleev
bccd5deee0 trusty: tipc_test: fix for building with -Wformat-security flag
Change-Id: I7aca7c7c8001ed82ed3503d622280bcd738da210
2016-02-19 13:36:26 -08:00
Michael Ryleev
33275cdd95 trusty: tipc_test: add tests for readv/writev APIs
Change-Id: If9582ae687ff6c18a767ea850a7ef346d9662724
2016-02-19 13:34:47 -08:00
Andres Morales
2b71daefb2 Merge "Revert "[core][trusty] add gatekeeper module"" 2015-09-16 22:54:14 +00:00
Andres Morales
1a1474caf2 Revert "[core][trusty] add gatekeeper module"
This reverts commit 6ee0f94adf.

Change-Id: I673103c60f43b409cc72176c9450883336831cae
2015-09-16 22:53:49 +00:00
Andres Morales
9dde56672b Merge "Revert "[core][trusty] add keymaster module"" 2015-09-16 22:45:06 +00:00
Andres Morales
8ea9657ccd Revert "[core][trusty] add keymaster module"
This reverts commit 748b690415.

Change-Id: Ic65ce4af2d2f811129d941069dcd70e814c18f36
2015-09-16 22:44:34 +00:00
Andres Morales
6ee0f94adf [core][trusty] add gatekeeper module
Change-Id: I1559a719034a754788d2cfa9a05fa60f36583bbf
2015-09-16 11:31:03 -07:00
Andres Morales
748b690415 [core][trusty] add keymaster module
Change-Id: I7495161a96c7a0652ff3d8318ebe6dab533fe319
2015-09-16 11:30:55 -07:00
Michael Ryleev
0a72ad9a1d Add libtrusty and corresponding test utility
libtrusty is an interface to Trusty TEE.

Change-Id: I7d53a744010f122257b686247997a8f11a4d480c
2015-09-16 11:15:43 -07:00