Commit graph

387 commits

Author SHA1 Message Date
Stephen Crane
fb92cd3c22 storageproxyd: Start binder thread pool
The Trusty storage proxy requires that the suspend service is started to
acquire a wakelock for UFS RPMB operations. Without the binder thread
pool running, starting this service results in at least a 1s polling
delay. This change ensures that we start the thread pool before handling
any RPMB operations, so acquiring the wakelock will complete as soon as
the service is ready without needing to poll once per second.

Test: m storageproxyd
Test: Artificially delay suspend_service to check if we poll
Bug: 281951047
Change-Id: I1a4cdd48d57201b0cf9c24523d22e5bdbcea376a
2023-07-19 18:37:52 +00:00
David Drysdale
f009f927d0 Merge "Set IMEI in provisioning helper" 2023-05-18 06:24:32 +00:00
David Drysdale
e556021b52 Set IMEI in provisioning helper
Borrow the code from AttestKeyTest.cpp (in KeyMint VTS) for determining
the devices IMEI value(s), and use that as default value.

Also update to use the newer provisioning message if the second IMEI is
set.

Test: provision a test device
Change-Id: Ie8e183dc50ac9107c2c2c2966c591e8b6022fd20
2023-05-17 18:12:00 +01:00
Mike McTernan
4066926374 confirmationui:fuzzer: update contact details
Bug: None
Test: make trusty_confirmationui_tipc_fuzzer
Change-Id: Ie81bf916c41498abc226389f63b22b57da55d446
2023-05-16 09:05:29 +01:00
Armelle Laine
8185610aa4 trusty: Add trusty stats test
Test an Android Daemon consuming IStats.aidl vendor atoms
from Trusty.

Test: /data/nativetest64/vendor/trusty_stats_test/trusty_stats_test
Bug: 259517277
Change-Id: I7486db5494a8fd4a995ec8a1a865e6e5fa515dfc
2023-03-20 21:08:24 +00:00
Andrei Homescu
2de07e82f2 trusty: Add IStatsSetter interface
Add android.trusty.stats.nw.setter.IStatsSetter interface
for sending an IStats interface from Android to Trusty.

Bug: 259517277
Test: /data/nativetest64/vendor/trusty_stats_test/trusty_stats_test
Change-Id: Ie3976cdf069dd47b51477a70eb597c76de79f522
2023-03-17 20:14:55 +00:00
Tri Vo
3aa6c71d43 Merge "Remove RemoteProvisioner" 2023-03-14 03:54:17 +00:00
Tri Vo
ee45e23798 Remove RemoteProvisioner
RemoteProvisioner is deprecated in favor of RKPD

Bug: 273325840
Test: m
Change-Id: I71abe9e0173ef399f9bca65814995aa7e66f1ebe
2023-03-13 13:55:32 -07:00
Max Bires
fea7f85a4e Add RKPD unit tests to trusty keymaster changes.
This ensures that full integration testing is done when changes are made
to the KM/IRPC client HAL service for Trusty.

Test: The tests are run.
Change-Id: Id22bbac119f76653a5b2338e97f28032822741f0
2023-03-08 17:40:18 -08:00
Donnie Pollitz
dedd899baa Add KM_SET_ATTESTATION_IDS_KM3 to enum list
* This command is needed to support provisioning KeyMintv3 attestation IDs

Bug: 265381212
Test: Ran KM Vts
Change-Id: I9b9bf3753b90c58096fa85a4e7303b47eaafe31f
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
2023-02-16 10:59:47 +01:00
Treehugger Robot
368a908334 Merge "Fastboot: Add new TEXT message to protocol to handle long lines." 2023-02-15 11:49:24 +00:00
Raphael Herouart
99097cc020 Fastboot: Add new TEXT message to protocol to handle long lines.
Trusty Benchmarks need to be evaluated in ABL which is much more
controlled than linux. However fastboot prints evry atomic message from
trusty/abl on its own line starting with "(bootloader)"

Bug: 263454481
Test: - "fastboot oem trusty runtest trusty.hwrng.bench"
Change-Id: I99847a8cc54457c8ec809e219736325dce0ac891
2023-02-14 19:58:42 +00:00
Treehugger Robot
d14a7551d5 Merge "Convert Gatekeeper from HIDL to AIDL" 2023-02-14 17:48:17 +00:00
David Drysdale
d0149e8e9a Convert Gatekeeper from HIDL to AIDL
Replaced HIDL spec implementation with AIDL spec in gatekeeper
module. Based on the changes in aosp/2161796.

Bug: 268342724
Test: VtsHalGatekeeperTargetTest, CtsVerifier
Change-Id: Ic322e5c5a7d0577df28410a546cbad88549158bc
2023-02-08 18:41:56 +00:00
Stephen Crane
0255766d6b storageproxyd: Add watchdog to log stuck requests
Adds a background watchdog thread to the Trusty storageproxy to monitor
and log any requests that are delayed for too long. This is intended to
assist in recognizing and debugging any sources of hangs related to
servicing Trusty storage requests in Android.

Test: Add sleep() and run trusty storage tests
Bug: 266595872
Change-Id: I98dfaff0dff04f97d5c657ee131e746f63b39739
2023-02-06 21:39:19 +00:00
Dai Li
17ac2b6061 Add libtrusty to recovery image
Make libtrusty available to boot control

Bug: 232277507
Change-Id: Ie6a83fd37689c09c5f0542fa9bbead6c5326f309
2023-01-26 02:45:36 +00:00
Seth Moore
ac5638bdbb Remove RemoteProvsioner tests from presubmit
RemoteProvsioner is deprecated, and already disabled/non-functional
on some builds. Turn off the tests because they are causing spurious
presubmit failures.

Test: n/a
Bug: 266181756
Change-Id: I9b8d3e742ef2b2448a798b1e96b6f3e02695e2be
2023-01-25 08:14:16 -08:00
David Drysdale
2ac6aed466 Helper for setting attestation IDs
Useful for testing on unprovisioned devices, so that IDs match those
expected by the VTS tests.

Note that any attestation involving the values set as attestation IDs
will only be signed by a fake key, and so will not be a valid
attestation of anything.

Bug: 258602662
Test: VtsAidlKeyMintTargetTest --gtest_filter="*NewKeyGenerationTest.EcdsaAttestationIdTags*default"
Change-Id: Ic31e4f28ec3a2830ae12a794b2fa063944df2614
2023-01-10 06:30:06 +00:00
David Drysdale
bf6ac3534e Merge "Allow selection of Trusty KeyMint HAL implementation" 2023-01-05 06:23:29 +00:00
Hasini Gunasinghe
6dfeccf9c8 Merge "Process large messages from TA" 2022-12-14 16:33:24 +00:00
Eran Messeri
33937f432c Merge "Bump the KeyMint version to v3" 2022-12-13 17:58:17 +00:00
Hasini Gunasinghe
3606cec3c0 Process large messages from TA
This CL adds the capability to the HAL to process reponses from the TA
that are larger than the capacity of the channel from HAL to TA.

Bug: 253501976
Test: with Trusty KM which has a smaller limit than some responses
Change-Id: I2fe056143f18718eb10bdd2d0559f3d171b14c96
2022-12-10 00:41:31 +00:00
Jay Monkman
2ad61bf01b storageproxyd: Added support for getting max size of file
This handles the STORAGE_FILE_GET_MAX_SIZE. The new behavior will
return a max size of 0x10000000000 (former default value in Trusty)
for a regular file and the partition size for a block device.

Test: N/A
Bug: 247003431
Change-Id: Ib8b8504b63496d64487cf2f96a1c0758bfafdd97
Signed-off-by: Jay Monkman <jtmjtmjtmjtmjtmjtmjtm@gmail.com>
2022-12-08 20:53:08 -06:00
Bob Badour
bbe272be62 [LSC] Add LOCAL_LICENSE_KINDS to system/core
Added SPDX-license-identifier-Apache-2.0 to:
  trusty/keymint/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all
Change-Id: I70d332c63bd3a02e1d00a87579d1c16054167845
2022-12-08 05:36:04 -08:00
Eran Messeri
b8c8f2df6e Bump the KeyMint version to v3
To match what the implementation returns.

Bug: 244732345
Test: atest android.keystore.cts.DeviceOwnerKeyManagementTest
Change-Id: I48b4c6694d938d3d61a1524319e1d8b1da19e0b5
2022-12-07 13:05:57 +00:00
David Drysdale
719d4a8bde Allow selection of Trusty KeyMint HAL implementation
By default, the existing C++ implementation of KeyMint will continue to
be used.  However, this can be overridden at build time to force use of
the Rust implementation by setting

    export TRUSTY_KEYMINT_IMPL=rust

Note that this requires a concomitant change to the bootloader prebuilts
that include the Trusty prebuilts, to include the corresponding Rust
version of the KeyMint TA.

Bug: 197891150
Bug: 225036046
Test: VtsAidlKeyMintTargetTest
Change-Id: I05b4b7d49cea0ac1c10b3a2e8fa5c49374aa1675
2022-12-06 13:51:35 +00:00
Hasini Gunasinghe
bf839f7b9f KeyMint HAL in Rust for Trusty
Implementation of the KeyMint HAL service based on the Rust reference
implementation.

This CL adds the code and associated metadata, but does not included it
into the overall build.

Bug: 197891150
Bug: 225036046
Test: VtsAidlKeyMintTargetTest
Change-Id: I9d95b9d8be645b6299a06d40973b38b66dcf3c07
2022-12-06 13:51:35 +00:00
Eran Messeri
633b9ba26b Merge "Update the KeyMint version to 3" 2022-12-05 17:16:16 +00:00
Armelle Laine
c4108e917b Merge "trusty/test/binder: Add package support for modules that have AIDL interfaces" 2022-12-02 23:22:39 +00:00
David Anekstein
d12c75f531 trusty/test/binder: Add package support for modules that have AIDL interfaces
Bug: 240461931
Change-Id: Ia88303a4b806be860cac5a324d55d0ab87dce189
2022-12-02 20:27:28 +00:00
Eran Messeri
e345066058 Update the KeyMint version to 3
Part of the change to support 2nd IMEI attestation.

Bug: 244732345
Test: atest keystore2_test android.keystore.cts.DeviceOwnerKeyManagementTest
Change-Id: I59544e1e8019869cadeb7b46800c9b519048934c
2022-12-01 11:00:16 +00:00
Treehugger Robot
a3e605486d Merge "trusty/storage: Add property indicating when fs is ready" 2022-11-30 21:06:13 +00:00
Max Bires
065a7207a2 Add TEST_MAPPING files.
These TEST_MAPPING definitions ensure that the VTS tests for the
respective HAL services will be executed upon any changes committed to
the HAL services.

Test: hopefully this is the test
Change-Id: Icfaf3621f2c7b9608deb998ba4b5cfd6621a7310
2022-11-29 02:50:45 -08:00
Stephen Crane
319f4618a7 trusty/storage: Add property indicating when fs is ready
Adds a system vendor property (ro.vendor.trusty.storage.fs_ready) to
indicate when backing storage on the Android filesystem (e.g. /data) is
ready for use. Before this property is set, the Trusty storage proxy may
restart causing connections in Trusty to the storage service to be
disconnected. All Trusty operations that may require storage and can
wait until the device filesystems are ready should wait on this
property.

Bug: 258018785
Test: manual
Change-Id: I9b1408b72df34a0d0cbcc1b99e9617f15bc47558
2022-11-23 17:55:12 +00:00
Tri Vo
ed1f13f62b trusty: IRPC supportedNumKeysInCsr support
Bug: 254137722
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ic76c27b8c65274f76adca6b83614eac73964ea20
2022-11-17 17:15:21 -08:00
Seth Moore
8fbbf06f0c Add dependency on split out RKP HAL
Bug: 254112961
Test: vts_treble_vintf_vendor_test
Merged-In: I9dcb9b94b0e22466cd42592f4921eec3e4fcb13d
Change-Id: I9dcb9b94b0e22466cd42592f4921eec3e4fcb13d
2022-11-09 10:54:51 -08:00
Christopher Ferris
9d8576d701 Merge "Modify the mmc data structure." 2022-11-03 01:20:03 +00:00
Steven Moreland
b41a7e382f Merge "Adding fuzzer for trusty-confirmationui service." 2022-11-01 17:04:47 +00:00
Rajesh Nyamagoud
4092a77774 Replaced -1 with EXIT_FAILURE and validated confirmationui service
status after registering it with `CHECK_EQ` macro.

Bug: b/205760172
Test: atest VtsHalConfirmationUITargetTest
Change-Id: I00f5a09ca525e3abb63a5d1f404fb6f3daed9442
2022-10-24 19:25:35 +00:00
Rajesh Nyamagoud
ec4df1d547 Adding fuzzer for trusty-confirmationui service.
Bug: b/205760172
Test: Run android.hardware.confirmationui-service.trusty_fuzzer, confirmation UI test using CTS Verifier and atest VtsHalConfirmationUITargetTest
Change-Id: If0e97c9ae5f89fbbfa994c12ece53d3996e17a33
2022-10-24 19:22:07 +00:00
Tri Vo
7014fa9fa3 Merge "Changes to adapt confirmationui AIDL spec." 2022-10-20 16:51:56 +00:00
Tri Vo
a693071690 Merge "Trusty IRemotelyProvisionedComponent v3 HAL implementation" 2022-10-20 02:43:12 +00:00
Tri Vo
ce223a5c6f Trusty IRemotelyProvisionedComponent v3 HAL implementation
Bug: 235265072
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: If0ea94710d0d0e18020a0a4b9c05ef915bbf61fa
2022-10-13 13:40:38 -07:00
Rajesh Nyamagoud
9f22d4f8cf Changes to adapt confirmationui AIDL spec.
Replaced HIDL spec implementation with AIDL spec in confirmationui
module.

Ignore-AOSP-First: Dependent on internal change.
Bug: b/205760172
Test: Run confirmation UI test using CTS Verifier, atest VtsHalConfirmationUITargetTest
Change-Id: I49b9cb6d93fa35fd611003f7545d2ce4976eec7c
2022-10-13 15:17:34 +00:00
Tri Vo
ad4ecd962c Merge "Implement getHardwareInfo() in Trusty KM TA" 2022-10-12 22:53:43 +00:00
Tri Vo
025b7f3cd8 Implement getHardwareInfo() in Trusty KM TA
Bug: 253109915
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I579d563759a3af97100da95dab6a99ca52d0b384
2022-10-12 10:35:49 -07:00
Christopher Ferris
4fb3712462 Modify the mmc data structure.
The new 6.0 kernel headers changed all variable length
structures from [0] to []. This causes a clang warning to
trigger, so rewrite the mmc data structures using a union
to avoid having a variable sized array in the middle of the
structure.

Test: Builds.
Change-Id: Ib1ac92c4f76af386d934f51a3c73cb8914e97624
2022-10-10 15:26:10 -07:00
Thurston Dang
8ae1c1db42 storageproxyd: Add STORAGE_FILE_GET_MAX_SIZE API on Android side
This is the Android-side companion change to go/oag/2241573,
adding the interface for STORAGE_FILE_GET_MAX_SIZE (implementation
sold separately).

Bug: 247003431
Test: None
Change-Id: Ie834c91a085b2e4a668e0d9d22ec0f6b1e4e6c1c
2022-10-06 00:12:00 +00:00
Inseob Kim
ed673496c2 Explicitly install RemoteProvisioner for keymint
This is effectively a no-op change; both packages are installed.
However, removing required and moving it to PRODUCT_PACKAGES cuts the
dependency from vendor modules to system-ext modules. This is needed for
vendor-only build test.

Test: build and see both packages are installed
Change-Id: I6620020a1eccfab08594c9be3b298611bd237f1d
2022-09-16 20:54:03 +09:00
Stephen Crane
54020821f6 trusty: Increase size of ACVP shared memory
The boringssl ACVP config has grown, so we need to increase the size of
our memory allocation that we share with the Trusty test TA.

Test: acvptool -wrapper trusty_acvp_modulewrapper -regcap
Bug: None
Change-Id: Ia90f4972d0d2ac420b09110f5647355a44175267
2022-08-22 19:43:54 -07:00