The Trusty storage proxy requires that the suspend service is started to
acquire a wakelock for UFS RPMB operations. Without the binder thread
pool running, starting this service results in at least a 1s polling
delay. This change ensures that we start the thread pool before handling
any RPMB operations, so acquiring the wakelock will complete as soon as
the service is ready without needing to poll once per second.
Test: m storageproxyd
Test: Artificially delay suspend_service to check if we poll
Bug: 281951047
Change-Id: I1a4cdd48d57201b0cf9c24523d22e5bdbcea376a
Borrow the code from AttestKeyTest.cpp (in KeyMint VTS) for determining
the devices IMEI value(s), and use that as default value.
Also update to use the newer provisioning message if the second IMEI is
set.
Test: provision a test device
Change-Id: Ie8e183dc50ac9107c2c2c2966c591e8b6022fd20
Add android.trusty.stats.nw.setter.IStatsSetter interface
for sending an IStats interface from Android to Trusty.
Bug: 259517277
Test: /data/nativetest64/vendor/trusty_stats_test/trusty_stats_test
Change-Id: Ie3976cdf069dd47b51477a70eb597c76de79f522
This ensures that full integration testing is done when changes are made
to the KM/IRPC client HAL service for Trusty.
Test: The tests are run.
Change-Id: Id22bbac119f76653a5b2338e97f28032822741f0
* This command is needed to support provisioning KeyMintv3 attestation IDs
Bug: 265381212
Test: Ran KM Vts
Change-Id: I9b9bf3753b90c58096fa85a4e7303b47eaafe31f
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
Trusty Benchmarks need to be evaluated in ABL which is much more
controlled than linux. However fastboot prints evry atomic message from
trusty/abl on its own line starting with "(bootloader)"
Bug: 263454481
Test: - "fastboot oem trusty runtest trusty.hwrng.bench"
Change-Id: I99847a8cc54457c8ec809e219736325dce0ac891
Replaced HIDL spec implementation with AIDL spec in gatekeeper
module. Based on the changes in aosp/2161796.
Bug: 268342724
Test: VtsHalGatekeeperTargetTest, CtsVerifier
Change-Id: Ic322e5c5a7d0577df28410a546cbad88549158bc
Adds a background watchdog thread to the Trusty storageproxy to monitor
and log any requests that are delayed for too long. This is intended to
assist in recognizing and debugging any sources of hangs related to
servicing Trusty storage requests in Android.
Test: Add sleep() and run trusty storage tests
Bug: 266595872
Change-Id: I98dfaff0dff04f97d5c657ee131e746f63b39739
RemoteProvsioner is deprecated, and already disabled/non-functional
on some builds. Turn off the tests because they are causing spurious
presubmit failures.
Test: n/a
Bug: 266181756
Change-Id: I9b8d3e742ef2b2448a798b1e96b6f3e02695e2be
Useful for testing on unprovisioned devices, so that IDs match those
expected by the VTS tests.
Note that any attestation involving the values set as attestation IDs
will only be signed by a fake key, and so will not be a valid
attestation of anything.
Bug: 258602662
Test: VtsAidlKeyMintTargetTest --gtest_filter="*NewKeyGenerationTest.EcdsaAttestationIdTags*default"
Change-Id: Ic31e4f28ec3a2830ae12a794b2fa063944df2614
This CL adds the capability to the HAL to process reponses from the TA
that are larger than the capacity of the channel from HAL to TA.
Bug: 253501976
Test: with Trusty KM which has a smaller limit than some responses
Change-Id: I2fe056143f18718eb10bdd2d0559f3d171b14c96
This handles the STORAGE_FILE_GET_MAX_SIZE. The new behavior will
return a max size of 0x10000000000 (former default value in Trusty)
for a regular file and the partition size for a block device.
Test: N/A
Bug: 247003431
Change-Id: Ib8b8504b63496d64487cf2f96a1c0758bfafdd97
Signed-off-by: Jay Monkman <jtmjtmjtmjtmjtmjtmjtm@gmail.com>
Added SPDX-license-identifier-Apache-2.0 to:
trusty/keymint/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: I70d332c63bd3a02e1d00a87579d1c16054167845
To match what the implementation returns.
Bug: 244732345
Test: atest android.keystore.cts.DeviceOwnerKeyManagementTest
Change-Id: I48b4c6694d938d3d61a1524319e1d8b1da19e0b5
By default, the existing C++ implementation of KeyMint will continue to
be used. However, this can be overridden at build time to force use of
the Rust implementation by setting
export TRUSTY_KEYMINT_IMPL=rust
Note that this requires a concomitant change to the bootloader prebuilts
that include the Trusty prebuilts, to include the corresponding Rust
version of the KeyMint TA.
Bug: 197891150
Bug: 225036046
Test: VtsAidlKeyMintTargetTest
Change-Id: I05b4b7d49cea0ac1c10b3a2e8fa5c49374aa1675
Implementation of the KeyMint HAL service based on the Rust reference
implementation.
This CL adds the code and associated metadata, but does not included it
into the overall build.
Bug: 197891150
Bug: 225036046
Test: VtsAidlKeyMintTargetTest
Change-Id: I9d95b9d8be645b6299a06d40973b38b66dcf3c07
Part of the change to support 2nd IMEI attestation.
Bug: 244732345
Test: atest keystore2_test android.keystore.cts.DeviceOwnerKeyManagementTest
Change-Id: I59544e1e8019869cadeb7b46800c9b519048934c
These TEST_MAPPING definitions ensure that the VTS tests for the
respective HAL services will be executed upon any changes committed to
the HAL services.
Test: hopefully this is the test
Change-Id: Icfaf3621f2c7b9608deb998ba4b5cfd6621a7310
Adds a system vendor property (ro.vendor.trusty.storage.fs_ready) to
indicate when backing storage on the Android filesystem (e.g. /data) is
ready for use. Before this property is set, the Trusty storage proxy may
restart causing connections in Trusty to the storage service to be
disconnected. All Trusty operations that may require storage and can
wait until the device filesystems are ready should wait on this
property.
Bug: 258018785
Test: manual
Change-Id: I9b1408b72df34a0d0cbcc1b99e9617f15bc47558
status after registering it with `CHECK_EQ` macro.
Bug: b/205760172
Test: atest VtsHalConfirmationUITargetTest
Change-Id: I00f5a09ca525e3abb63a5d1f404fb6f3daed9442
Bug: b/205760172
Test: Run android.hardware.confirmationui-service.trusty_fuzzer, confirmation UI test using CTS Verifier and atest VtsHalConfirmationUITargetTest
Change-Id: If0e97c9ae5f89fbbfa994c12ece53d3996e17a33
Replaced HIDL spec implementation with AIDL spec in confirmationui
module.
Ignore-AOSP-First: Dependent on internal change.
Bug: b/205760172
Test: Run confirmation UI test using CTS Verifier, atest VtsHalConfirmationUITargetTest
Change-Id: I49b9cb6d93fa35fd611003f7545d2ce4976eec7c
The new 6.0 kernel headers changed all variable length
structures from [0] to []. This causes a clang warning to
trigger, so rewrite the mmc data structures using a union
to avoid having a variable sized array in the middle of the
structure.
Test: Builds.
Change-Id: Ib1ac92c4f76af386d934f51a3c73cb8914e97624
This is the Android-side companion change to go/oag/2241573,
adding the interface for STORAGE_FILE_GET_MAX_SIZE (implementation
sold separately).
Bug: 247003431
Test: None
Change-Id: Ie834c91a085b2e4a668e0d9d22ec0f6b1e4e6c1c
This is effectively a no-op change; both packages are installed.
However, removing required and moving it to PRODUCT_PACKAGES cuts the
dependency from vendor modules to system-ext modules. This is needed for
vendor-only build test.
Test: build and see both packages are installed
Change-Id: I6620020a1eccfab08594c9be3b298611bd237f1d
The boringssl ACVP config has grown, so we need to increase the size of
our memory allocation that we share with the Trusty test TA.
Test: acvptool -wrapper trusty_acvp_modulewrapper -regcap
Bug: None
Change-Id: Ia90f4972d0d2ac420b09110f5647355a44175267