Modify vold to check for hardware keymaster.

vold should only use hardware keymaster implementations to protect the
disk encryption key, because there's little value in using the software
implementation.  More importantly, if we allow vold to use softkeymaster
in the absence of a HW keymaster and (somehow) a HW keymaster is added
to a device, the HW version will be loaded, and will be unable to use
the softkeymaster key found in the crypto footer, forcing a factory
reset.

This CL will not break devices without HW keymaster, because
softkeymaster currently reports its keys as non-standalone (which isn't
correct).  After this CL is in, I will fix softkeymaster.

Bug: 17362157
Change-Id: I98b169e7a59ff7d44b72069b87743463ec823ea2
This commit is contained in:
Shawn Willden 2014-10-30 08:12:32 -06:00
parent 13c3a90b58
commit 7c49ab0a0b

View file

@ -138,7 +138,8 @@ static int keymaster_check_compatibility()
goto out;
}
if (keymaster_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE) {
if (!(keymaster_dev->flags & KEYMASTER_SOFTWARE_ONLY) &&
(keymaster_dev->flags & KEYMASTER_BLOBS_ARE_STANDALONE)) {
rc = 1;
}