* This command is needed to support provisioning KeyMintv3 attestation IDs
Bug: 265381212
Test: Ran KM Vts
Change-Id: I9b9bf3753b90c58096fa85a4e7303b47eaafe31f
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
Trusty Benchmarks need to be evaluated in ABL which is much more
controlled than linux. However fastboot prints evry atomic message from
trusty/abl on its own line starting with "(bootloader)"
Bug: 263454481
Test: - "fastboot oem trusty runtest trusty.hwrng.bench"
Change-Id: I99847a8cc54457c8ec809e219736325dce0ac891
Replaced HIDL spec implementation with AIDL spec in gatekeeper
module. Based on the changes in aosp/2161796.
Bug: 268342724
Test: VtsHalGatekeeperTargetTest, CtsVerifier
Change-Id: Ic322e5c5a7d0577df28410a546cbad88549158bc
Adds a background watchdog thread to the Trusty storageproxy to monitor
and log any requests that are delayed for too long. This is intended to
assist in recognizing and debugging any sources of hangs related to
servicing Trusty storage requests in Android.
Test: Add sleep() and run trusty storage tests
Bug: 266595872
Change-Id: I98dfaff0dff04f97d5c657ee131e746f63b39739
RemoteProvsioner is deprecated, and already disabled/non-functional
on some builds. Turn off the tests because they are causing spurious
presubmit failures.
Test: n/a
Bug: 266181756
Change-Id: I9b8d3e742ef2b2448a798b1e96b6f3e02695e2be
Useful for testing on unprovisioned devices, so that IDs match those
expected by the VTS tests.
Note that any attestation involving the values set as attestation IDs
will only be signed by a fake key, and so will not be a valid
attestation of anything.
Bug: 258602662
Test: VtsAidlKeyMintTargetTest --gtest_filter="*NewKeyGenerationTest.EcdsaAttestationIdTags*default"
Change-Id: Ic31e4f28ec3a2830ae12a794b2fa063944df2614
This CL adds the capability to the HAL to process reponses from the TA
that are larger than the capacity of the channel from HAL to TA.
Bug: 253501976
Test: with Trusty KM which has a smaller limit than some responses
Change-Id: I2fe056143f18718eb10bdd2d0559f3d171b14c96
This handles the STORAGE_FILE_GET_MAX_SIZE. The new behavior will
return a max size of 0x10000000000 (former default value in Trusty)
for a regular file and the partition size for a block device.
Test: N/A
Bug: 247003431
Change-Id: Ib8b8504b63496d64487cf2f96a1c0758bfafdd97
Signed-off-by: Jay Monkman <jtmjtmjtmjtmjtmjtmjtm@gmail.com>
Added SPDX-license-identifier-Apache-2.0 to:
trusty/keymint/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: I70d332c63bd3a02e1d00a87579d1c16054167845
To match what the implementation returns.
Bug: 244732345
Test: atest android.keystore.cts.DeviceOwnerKeyManagementTest
Change-Id: I48b4c6694d938d3d61a1524319e1d8b1da19e0b5
By default, the existing C++ implementation of KeyMint will continue to
be used. However, this can be overridden at build time to force use of
the Rust implementation by setting
export TRUSTY_KEYMINT_IMPL=rust
Note that this requires a concomitant change to the bootloader prebuilts
that include the Trusty prebuilts, to include the corresponding Rust
version of the KeyMint TA.
Bug: 197891150
Bug: 225036046
Test: VtsAidlKeyMintTargetTest
Change-Id: I05b4b7d49cea0ac1c10b3a2e8fa5c49374aa1675
Implementation of the KeyMint HAL service based on the Rust reference
implementation.
This CL adds the code and associated metadata, but does not included it
into the overall build.
Bug: 197891150
Bug: 225036046
Test: VtsAidlKeyMintTargetTest
Change-Id: I9d95b9d8be645b6299a06d40973b38b66dcf3c07
Part of the change to support 2nd IMEI attestation.
Bug: 244732345
Test: atest keystore2_test android.keystore.cts.DeviceOwnerKeyManagementTest
Change-Id: I59544e1e8019869cadeb7b46800c9b519048934c
These TEST_MAPPING definitions ensure that the VTS tests for the
respective HAL services will be executed upon any changes committed to
the HAL services.
Test: hopefully this is the test
Change-Id: Icfaf3621f2c7b9608deb998ba4b5cfd6621a7310
Adds a system vendor property (ro.vendor.trusty.storage.fs_ready) to
indicate when backing storage on the Android filesystem (e.g. /data) is
ready for use. Before this property is set, the Trusty storage proxy may
restart causing connections in Trusty to the storage service to be
disconnected. All Trusty operations that may require storage and can
wait until the device filesystems are ready should wait on this
property.
Bug: 258018785
Test: manual
Change-Id: I9b1408b72df34a0d0cbcc1b99e9617f15bc47558
status after registering it with `CHECK_EQ` macro.
Bug: b/205760172
Test: atest VtsHalConfirmationUITargetTest
Change-Id: I00f5a09ca525e3abb63a5d1f404fb6f3daed9442
Bug: b/205760172
Test: Run android.hardware.confirmationui-service.trusty_fuzzer, confirmation UI test using CTS Verifier and atest VtsHalConfirmationUITargetTest
Change-Id: If0e97c9ae5f89fbbfa994c12ece53d3996e17a33
Replaced HIDL spec implementation with AIDL spec in confirmationui
module.
Ignore-AOSP-First: Dependent on internal change.
Bug: b/205760172
Test: Run confirmation UI test using CTS Verifier, atest VtsHalConfirmationUITargetTest
Change-Id: I49b9cb6d93fa35fd611003f7545d2ce4976eec7c
The new 6.0 kernel headers changed all variable length
structures from [0] to []. This causes a clang warning to
trigger, so rewrite the mmc data structures using a union
to avoid having a variable sized array in the middle of the
structure.
Test: Builds.
Change-Id: Ib1ac92c4f76af386d934f51a3c73cb8914e97624
This is the Android-side companion change to go/oag/2241573,
adding the interface for STORAGE_FILE_GET_MAX_SIZE (implementation
sold separately).
Bug: 247003431
Test: None
Change-Id: Ie834c91a085b2e4a668e0d9d22ec0f6b1e4e6c1c
This is effectively a no-op change; both packages are installed.
However, removing required and moving it to PRODUCT_PACKAGES cuts the
dependency from vendor modules to system-ext modules. This is needed for
vendor-only build test.
Test: build and see both packages are installed
Change-Id: I6620020a1eccfab08594c9be3b298611bd237f1d
The boringssl ACVP config has grown, so we need to increase the size of
our memory allocation that we share with the Trusty test TA.
Test: acvptool -wrapper trusty_acvp_modulewrapper -regcap
Bug: None
Change-Id: Ia90f4972d0d2ac420b09110f5647355a44175267
Add a specific error message to the Android CLI tool for the case
where the apploader rejected an attempt to load an application
which requested encryption of its ELF image via its manifest while
containing an unencrypted ELF image.
Bug: 241824652
Change-Id: Ib2a3c881015700492b8166be38c41753bf51b3b2
Fsync failures are special because they may indicate a failure of an
operation before the current operation. Report these cases as a new,
distinct error.
Test: Cause fsync failure and check error response
Bug: 239105007
Change-Id: Ie9d4a1949586e90006256c975786e21ced655e66
Previously we did not support STORAGE_MSG_FLAG_POST_COMMIT for anything
but RPMB operations (in which case it was a no-op). We need to support
this flag in order to store a superblock in non-secure storage, as we
need that write to commit atomically wrt all other writes.
Test: com.android.storage-unittest.nsp
Bug: 228793975
Change-Id: Ia453c1916970e0b65a91e42f18b920ac4e1f01db