Flag control for enabling Secretkeeper is done in the device-specific
makefiles, triggering whether they set SECRETKEEPER_ENABLED:=true
Test: none, comment change
Change-Id: I399d1840519864687aca6c53697317d449eed325
Make the makefile safer by requiring a specific value for the
environment variable that turns on Secretkeeper
Bug: 306364873
Test: TreeHugger
Change-Id: Ic5bb5e7411a19941f58ec8c973104c1e53f3834f
Disabled by default; enable with `export SECRETKEEPER_ENABLED=y` before
building.
Also needs the Secretkeeper TA to be present in Trusty; if the TA is
absent, the HAL service will (repeatedly) fail to connect.
Test: build, VtsSecretkeeperTargetTest
Bug: 306364873
Change-Id: I529013395d0e3afbff4a24b663088adce2a23805
Replaced HIDL spec implementation with AIDL spec in gatekeeper
module. Based on the changes in aosp/2161796.
Bug: 268342724
Test: VtsHalGatekeeperTargetTest, CtsVerifier
Change-Id: Ic322e5c5a7d0577df28410a546cbad88549158bc
By default, the existing C++ implementation of KeyMint will continue to
be used. However, this can be overridden at build time to force use of
the Rust implementation by setting
export TRUSTY_KEYMINT_IMPL=rust
Note that this requires a concomitant change to the bootloader prebuilts
that include the Trusty prebuilts, to include the corresponding Rust
version of the KeyMint TA.
Bug: 197891150
Bug: 225036046
Test: VtsAidlKeyMintTargetTest
Change-Id: I05b4b7d49cea0ac1c10b3a2e8fa5c49374aa1675
This is effectively a no-op change; both packages are installed.
However, removing required and moving it to PRODUCT_PACKAGES cuts the
dependency from vendor modules to system-ext modules. This is needed for
vendor-only build test.
Test: build and see both packages are installed
Change-Id: I6620020a1eccfab08594c9be3b298611bd237f1d
This patch replaces the legacy libhardware based gatekeeper HAL with a
true HIDL based implementation.
Test: Workes with trusty gatekeeper
Change-Id: I072b0c3fc74523400132aacd34e2f2cac9cf261b
Merged-In: I072b0c3fc74523400132aacd34e2f2cac9cf261b
Adds support for proxying V4.0 commands to Trusty and makes 4.0 the
default when including trusty-base.mk.
Bug: 128851722
Test: Keymaster VTS 4.0 + Trusty
Change-Id: I2e2220963996fcb88d6953ee1a58af1b947b857d
Previously we only installed the gatekeeper.trusty.so library, which is
insufficient to actually start Gatekeeper. We now also install the -impl
and -service wrappers.
Bug: 127700127
Test: Gatekeeper 1.0 VTS with Trusty running
Change-Id: Idd8d6a4e1e409c2a712dddfd92d5f9cf6b16b50c
The trusty-base.mk should be included by devices that use
Trusty TEE to pull in the baseline set of Trusty specific modules.
Change-Id: I47c2095a21f47a40d390c9d5426380ad9507a708
