On some devices it is infeasible to provision the KeyMint RoT bits in
the Android Bootloader. This provides an alternate path to provision
them from the TEE during early boot.
Bug: 219076736
Test: VtsAidlKeyMintTargetTest
Change-Id: Ibae9050b9a102dad3710f9495d3dfa43fa1d1b3f
Merged-In: Ibae9050b9a102dad3710f9495d3dfa43fa1d1b3f
This CL bumps the reported version for Trusty's
IRemotelyProvisionedComponent HAL interface for KeyMint. It also adds
the uniqueId field added to the RpcHardwareInfo in version 2.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I336ec7cd12ca2ea3b836601ebe0ca400524b8ca4
This allows for easier bumping of the KeyMint version level.
At the moment this change should have no effect: the same dependency
is used, just reached via a default rather than explicitly.
However, when the KeyMint version increases in the near future, using
this default should mean that no change is needed here: the default
definition will change to -V2 and this will be referenced here.
Test: TreeHugger
Change-Id: Ic250e5b91ee2b48cd7a05783ce21af16ae330ed1
This change adds the RPK apk back into the image for Trusty Keymint
devices, though the functionality will still be disabled by the
server check-in for now.
Ignore-AOSP-First: Will be CP'ed to AOSP
Bug: 194509629
Test: atest RemoteProvisionerUnitTests
Change-Id: Ic20ca119bd9c0614f7559b24ad60718c813a0cca
The KeyMint TA may send responses that are longer thant the 8K buffer
that the KeyMint HAL holds. This patch introduces
trusty_keymaster_call_2 which can grow the receive buffer on demand.
Bug: 195622501
Test: VTS and CTS test for regression testing.
Change-Id: Ia06e590e547e649ca81cda9a71851f334970788f
Merged-In: Ia06e590e547e649ca81cda9a71851f334970788f
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.
Bug: 161456198
Test: m
Change-Id: I7e60ee840fd64f9e36bafa8baea19daab9c15cea
This allows the relevant IPC code to be included in the provisioner tool
easily as it's shuffled over into a non-AOSP component due to
chip specific requirements in provisioning Device IDs.
Bug: 178796950
Test: Stuff builds
Merged-In: I57482e89035e8648544f87291ec14c6aece09bd0
Change-Id: I57482e89035e8648544f87291ec14c6aece09bd0
This change includes the code necessary to communicate to the
IRemotelyProvisionedComponent backend implementation running in Trusty.
It also makes the relevant changes to the manifest XML file to add the
IRemotelyProvisionedComponent HAL.
Bug: 192228022
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I32c30ce2dc44e95ff91574ce405f10e3b5dc9699
Merged-In: I32c30ce2dc44e95ff91574ce405f10e3b5dc9699
The Trusty KeyMint HAL did not forward auth tokens and confirmation
tokens to the TA. This broke all per-op-bound key operations.
Test: CtsVerifier biometrics tests.
Bug: 192201272
Merged-In: Ifb2b08514acab78ff3d4fec4bc928260820d4ce0
Change-Id: Ifb2b08514acab78ff3d4fec4bc928260820d4ce0
Bug: 177729159
Test: Not testable until more CLs land
Merged-In: Iea4e70bb5b4ce051492f2e42d2e0d219d088388e
Change-Id: Iea4e70bb5b4ce051492f2e42d2e0d219d088388e
Add an initial corpus for the keymaster fuzzer derived from running the
keystore2 unittests.
Test: adb shell "cd /data/fuzz/arm64/trusty_keymaster_fuzzer/ && ./trusty_keymaster_fuzzer corpus"
Bug: 175918322
Change-Id: I839bb9bacee1800cf2da25aedbb4ce3eccf16cba
Trusty Keymaster will currently disconnect the client on an invalid
message. This includes the newly introduced GET_VERSION2 message.
While in the future we could change this behavior, this is a backcompat
path and so we can't assume a changed Trusty. Reconnect on failed
GET_VERSION2 before attempting version negotiation.
Bug: 177843218
Test: Set PIN on device using older Trusty
Change-Id: Ie60e4aaafa43e375797e6288b97834cac42413f4
Adds a simple libfuzzer-based coverage guided fuzzer for keymaster.
Current coverage is low, so we'll need to improve this with an initial
corpus or a more sophisticated protocol aware fuzzer.
Bug: 175918322
Test: make trusty_keymaster_fuzzer
Test: adb shell /data/fuzz/arm64/trusty_keymaster_fuzzer/trusty_keymaster_fuzzer
Change-Id: Iad1713e1a73cc5a6a3ec742cc433d1337aca9bc3
Remove WrappedPrivateKey and select wrapped vs plaintext key command
based on format instead.
Bug: 154033394
Test: send wrapped test key. Not yet accepted by trusty
Change-Id: I3b0a29be78f2a8e84ebd990713f66788256d8e3f
The newer way of specifying the interface is using <fqname> and it also
has the handy side-effect of not causing conflicts when we add the
strongbox implementation to devices.
Test: make # check $OUT for the correct manifest
Change-Id: If8333814723261c4f3de375861ee19a6d922d55f
Library based HALs have been deprecated for several years now, and
Keymaster 2 based testing is woefully out of date compared to running
VTS against the modern 3.0 and 4.0 implementations.
Purging these modules and their resulting dependencies will make it
easier for the central system/keymaster repository to move forwards.
Test: mm
Bug: 150239636
Change-Id: Ic2ddbe685a50e65f9db25f682ad33105195efa8a
This makes it easier to add or remove the Trusty keymaster service from
a device by providing a manifest fragment to add whenever it is enabled.
Test: Keymaster VTS, Keystore CTS (sans attestation)
Change-Id: Ib0f5fd7c016c0c18d77c9d2623c89f3b35ba7ad7
The reference keymaster at system/keymaster still expects to receive its
auth tokens in the tags, rather than as a separate parameter. This
change injects the separate parameter passed to the KM4 HAL as a legacy
tag in the request.
Longer term, system/keymaster should support a separate authToken
parameter, and it should be serialized and sent to Trusty separately.
Test: Keymaster VTS + Keystore CTS (sans attestation)
Change-Id: Ie69cbd358504bb7612f7d55158509043cdad4e4e
