We only need a single binder thread to receive notifications, so we
should set the thread pool max to 0 rather than 1. startThreadPool()
starts one thread + the max count.
Test: m storageproxyd
Bug: 281951047
Fixes: 292030372
Change-Id: I53a90eaa2aa69469fd3a00b6da0d7061318c8ba9
The Trusty storage proxy requires that the suspend service is started to
acquire a wakelock for UFS RPMB operations. Without the binder thread
pool running, starting this service results in at least a 1s polling
delay. This change ensures that we start the thread pool before handling
any RPMB operations, so acquiring the wakelock will complete as soon as
the service is ready without needing to poll once per second.
Test: m storageproxyd
Test: Artificially delay suspend_service to check if we poll
Bug: 281951047
Change-Id: I1a4cdd48d57201b0cf9c24523d22e5bdbcea376a
Borrow the code from AttestKeyTest.cpp (in KeyMint VTS) for determining
the devices IMEI value(s), and use that as default value.
Also update to use the newer provisioning message if the second IMEI is
set.
Test: provision a test device
Change-Id: Ie8e183dc50ac9107c2c2c2966c591e8b6022fd20
Add android.trusty.stats.nw.setter.IStatsSetter interface
for sending an IStats interface from Android to Trusty.
Bug: 259517277
Test: /data/nativetest64/vendor/trusty_stats_test/trusty_stats_test
Change-Id: Ie3976cdf069dd47b51477a70eb597c76de79f522
This ensures that full integration testing is done when changes are made
to the KM/IRPC client HAL service for Trusty.
Test: The tests are run.
Change-Id: Id22bbac119f76653a5b2338e97f28032822741f0
* This command is needed to support provisioning KeyMintv3 attestation IDs
Bug: 265381212
Test: Ran KM Vts
Change-Id: I9b9bf3753b90c58096fa85a4e7303b47eaafe31f
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
Trusty Benchmarks need to be evaluated in ABL which is much more
controlled than linux. However fastboot prints evry atomic message from
trusty/abl on its own line starting with "(bootloader)"
Bug: 263454481
Test: - "fastboot oem trusty runtest trusty.hwrng.bench"
Change-Id: I99847a8cc54457c8ec809e219736325dce0ac891
Replaced HIDL spec implementation with AIDL spec in gatekeeper
module. Based on the changes in aosp/2161796.
Bug: 268342724
Test: VtsHalGatekeeperTargetTest, CtsVerifier
Change-Id: Ic322e5c5a7d0577df28410a546cbad88549158bc
Adds a background watchdog thread to the Trusty storageproxy to monitor
and log any requests that are delayed for too long. This is intended to
assist in recognizing and debugging any sources of hangs related to
servicing Trusty storage requests in Android.
Test: Add sleep() and run trusty storage tests
Bug: 266595872
Change-Id: I98dfaff0dff04f97d5c657ee131e746f63b39739
RemoteProvsioner is deprecated, and already disabled/non-functional
on some builds. Turn off the tests because they are causing spurious
presubmit failures.
Test: n/a
Bug: 266181756
Change-Id: I9b8d3e742ef2b2448a798b1e96b6f3e02695e2be
Useful for testing on unprovisioned devices, so that IDs match those
expected by the VTS tests.
Note that any attestation involving the values set as attestation IDs
will only be signed by a fake key, and so will not be a valid
attestation of anything.
Bug: 258602662
Test: VtsAidlKeyMintTargetTest --gtest_filter="*NewKeyGenerationTest.EcdsaAttestationIdTags*default"
Change-Id: Ic31e4f28ec3a2830ae12a794b2fa063944df2614
This CL adds the capability to the HAL to process reponses from the TA
that are larger than the capacity of the channel from HAL to TA.
Bug: 253501976
Test: with Trusty KM which has a smaller limit than some responses
Change-Id: I2fe056143f18718eb10bdd2d0559f3d171b14c96
This handles the STORAGE_FILE_GET_MAX_SIZE. The new behavior will
return a max size of 0x10000000000 (former default value in Trusty)
for a regular file and the partition size for a block device.
Test: N/A
Bug: 247003431
Change-Id: Ib8b8504b63496d64487cf2f96a1c0758bfafdd97
Signed-off-by: Jay Monkman <jtmjtmjtmjtmjtmjtmjtm@gmail.com>
Added SPDX-license-identifier-Apache-2.0 to:
trusty/keymint/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: I70d332c63bd3a02e1d00a87579d1c16054167845
To match what the implementation returns.
Bug: 244732345
Test: atest android.keystore.cts.DeviceOwnerKeyManagementTest
Change-Id: I48b4c6694d938d3d61a1524319e1d8b1da19e0b5
By default, the existing C++ implementation of KeyMint will continue to
be used. However, this can be overridden at build time to force use of
the Rust implementation by setting
export TRUSTY_KEYMINT_IMPL=rust
Note that this requires a concomitant change to the bootloader prebuilts
that include the Trusty prebuilts, to include the corresponding Rust
version of the KeyMint TA.
Bug: 197891150
Bug: 225036046
Test: VtsAidlKeyMintTargetTest
Change-Id: I05b4b7d49cea0ac1c10b3a2e8fa5c49374aa1675
Implementation of the KeyMint HAL service based on the Rust reference
implementation.
This CL adds the code and associated metadata, but does not included it
into the overall build.
Bug: 197891150
Bug: 225036046
Test: VtsAidlKeyMintTargetTest
Change-Id: I9d95b9d8be645b6299a06d40973b38b66dcf3c07
Part of the change to support 2nd IMEI attestation.
Bug: 244732345
Test: atest keystore2_test android.keystore.cts.DeviceOwnerKeyManagementTest
Change-Id: I59544e1e8019869cadeb7b46800c9b519048934c
These TEST_MAPPING definitions ensure that the VTS tests for the
respective HAL services will be executed upon any changes committed to
the HAL services.
Test: hopefully this is the test
Change-Id: Icfaf3621f2c7b9608deb998ba4b5cfd6621a7310
Adds a system vendor property (ro.vendor.trusty.storage.fs_ready) to
indicate when backing storage on the Android filesystem (e.g. /data) is
ready for use. Before this property is set, the Trusty storage proxy may
restart causing connections in Trusty to the storage service to be
disconnected. All Trusty operations that may require storage and can
wait until the device filesystems are ready should wait on this
property.
Bug: 258018785
Test: manual
Change-Id: I9b1408b72df34a0d0cbcc1b99e9617f15bc47558
status after registering it with `CHECK_EQ` macro.
Bug: b/205760172
Test: atest VtsHalConfirmationUITargetTest
Change-Id: I00f5a09ca525e3abb63a5d1f404fb6f3daed9442
Bug: b/205760172
Test: Run android.hardware.confirmationui-service.trusty_fuzzer, confirmation UI test using CTS Verifier and atest VtsHalConfirmationUITargetTest
Change-Id: If0e97c9ae5f89fbbfa994c12ece53d3996e17a33
Replaced HIDL spec implementation with AIDL spec in confirmationui
module.
Ignore-AOSP-First: Dependent on internal change.
Bug: b/205760172
Test: Run confirmation UI test using CTS Verifier, atest VtsHalConfirmationUITargetTest
Change-Id: I49b9cb6d93fa35fd611003f7545d2ce4976eec7c
The new 6.0 kernel headers changed all variable length
structures from [0] to []. This causes a clang warning to
trigger, so rewrite the mmc data structures using a union
to avoid having a variable sized array in the middle of the
structure.
Test: Builds.
Change-Id: Ib1ac92c4f76af386d934f51a3c73cb8914e97624
This is the Android-side companion change to go/oag/2241573,
adding the interface for STORAGE_FILE_GET_MAX_SIZE (implementation
sold separately).
Bug: 247003431
Test: None
Change-Id: Ie834c91a085b2e4a668e0d9d22ec0f6b1e4e6c1c
This is effectively a no-op change; both packages are installed.
However, removing required and moving it to PRODUCT_PACKAGES cuts the
dependency from vendor modules to system-ext modules. This is needed for
vendor-only build test.
Test: build and see both packages are installed
Change-Id: I6620020a1eccfab08594c9be3b298611bd237f1d
The boringssl ACVP config has grown, so we need to increase the size of
our memory allocation that we share with the Trusty test TA.
Test: acvptool -wrapper trusty_acvp_modulewrapper -regcap
Bug: None
Change-Id: Ia90f4972d0d2ac420b09110f5647355a44175267
Add a specific error message to the Android CLI tool for the case
where the apploader rejected an attempt to load an application
which requested encryption of its ELF image via its manifest while
containing an unencrypted ELF image.
Bug: 241824652
Change-Id: Ib2a3c881015700492b8166be38c41753bf51b3b2
Fsync failures are special because they may indicate a failure of an
operation before the current operation. Report these cases as a new,
distinct error.
Test: Cause fsync failure and check error response
Bug: 239105007
Change-Id: Ie9d4a1949586e90006256c975786e21ced655e66
Previously we did not support STORAGE_MSG_FLAG_POST_COMMIT for anything
but RPMB operations (in which case it was a no-op). We need to support
this flag in order to store a superblock in non-secure storage, as we
need that write to commit atomically wrt all other writes.
Test: com.android.storage-unittest.nsp
Bug: 228793975
Change-Id: Ia453c1916970e0b65a91e42f18b920ac4e1f01db
Also add tighter checks to make sure we didn't drop events.
Bug: 240617890
Test: libtrusty_metrics_test
Change-Id: I0029d91ad0ff67eb97913b2316efca627b118616
These operations require excessive SELinux and UNIX permissions.
Instead of dropping privileges after starting we will start
storageproxyd as "system" user.
Bug: 205904330
Test: com.android.storage-unittest.td
Change-Id: I0b2503a746c52474c8cc2e1f7a2fbe17c98d6d8b
Boringssl added a new argument to the ACVP modulewrapper, so we need to
sync this change to the Trusty modulewrapper.
Test: m trusty_acvp_modulewrapper
Bug: 233873228
Change-Id: Ia79705d9fe32a07afc09cf8e0231db300073b504
* Add new `recv` method that takes a `Vec<u8>` and automatically
allocates extra buffer space and retries the read call if the buffer
does not have enough capacity.
* Rename the existing `recv` method to `recv_no_alloc`, and update docs
to clarify the behaviors of both methods.
* Add tests for the new `recv` method and update existing tests to use
`recv_no_alloc` instead.
Test: tipc-test-rs -m 1024 -t echo
Bug: 226659377
Change-Id: Ic437b617751e865da119fe0c4ef8aa456a63bf3c
Test logic is based on the tests in the original tipc-test C binary,
but adapted to use the Rust unit test infrastructure to make running
tests easier.
Test: Ran the tests
Bug: 226659377
Change-Id: I998013b2f8b304299acb09d58beb49330747802a
Add a specific error message to the Android CLI tool for the
case where the policy engine (http://go/aog/2051516) disallows
loading.
Test: Load a signed app that violates the policy
Bug: 208968719
Change-Id: I2aaa218ab3a7297ea62448de49baa0bfd6b1ee52
TRUSTY_SEND_SECURE operation was added to Trusty Linux driver by
aosp/1930989.
Bug: 224563842
Test: m libtrusty
Change-Id: Ic922ec177a8d35dba351415ab429216a1931a64d
On some devices it is infeasible to provision the KeyMint RoT bits in
the Android Bootloader. This provides an alternate path to provision
them from the TEE during early boot.
Bug: 219076736
Test: VtsAidlKeyMintTargetTest
Change-Id: Ibae9050b9a102dad3710f9495d3dfa43fa1d1b3f
Merged-In: Ibae9050b9a102dad3710f9495d3dfa43fa1d1b3f
This CL bumps the reported version for Trusty's
IRemotelyProvisionedComponent HAL interface for KeyMint. It also adds
the uniqueId field added to the RpcHardwareInfo in version 2.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I336ec7cd12ca2ea3b836601ebe0ca400524b8ca4
Switches to syncing the parent directory immediately when creating a new
file rather than lazily waiting for a sync request. Because we only
create a new file when the userdata partition is cleared, this operation
doesn't need to be fast in the normal case. This avoids needing to track
the parent directory for each file for lazy syncing later, since storage
backing files may be in a subdirectory of the root.
Test: m storageproxyd, boot using new service binary
Bug: None
Change-Id: Ibcafae7da493864515c099bd81d48c95b0e5d8c3
Adds a check for a DSU mode boot in storageproxyd. Changes path handling
so that storageproxyd will not allow opening a file in the root data
path in DSU mode. Instead, storageproxyd creates an "alternate/"
directory in the data directory and the TA must use this directory to
store its backing file.
Re-landing reverted change: Iad68872dc6915f64eaf26cd3c92c04d9071ef169
Test: Boot into DSU and inspect logs for "Cannot open root data file"
Test: Test that TD writes in DSU mode don't corrupt host image storage
when using a compatible storage TA that supports alternate data mode.
Bug: 203719297
Change-Id: I1d07e7c3d15dc1beba2d340181d1b11a7988f869
This reverts commit 7c5658b5fd.
Reason for revert: selinux test errors in some branches
Bug: 215630608
Change-Id: I2a9c9d914b6c1d1248b4f11bd69484ae6b0ba8d1
