Explain the rationale for not using StrongBox in vold.

Bug: 77338527
Test:  Comment-only change.
Change-Id: I9f87e34854eabcc4c183553cf56a033970bb867e
This commit is contained in:
Shawn Willden 2018-05-17 15:24:56 -06:00
parent f5b085c13a
commit e763ed2aa3

View file

@ -49,9 +49,6 @@ bool KeymasterOperation::updateCompletely(const char* input, size_t inputLen,
size_t toRead = static_cast<size_t>(inputLen - inputConsumed); size_t toRead = static_cast<size_t>(inputLen - inputConsumed);
auto inputBlob = km::support::blob2hidlVec( auto inputBlob = km::support::blob2hidlVec(
reinterpret_cast<const uint8_t*>(&input[inputConsumed]), toRead); reinterpret_cast<const uint8_t*>(&input[inputConsumed]), toRead);
// TODO(swillden): Need to handle getting a VerificationToken from the TEE if mDevice is
// StrongBox, so we can provide it here. The VerificationToken will need to be
// requested/retrieved during Keymaster::begin().
auto error = mDevice->update(mOpHandle, hidl_vec<km::KeyParameter>(), inputBlob, auto error = mDevice->update(mOpHandle, hidl_vec<km::KeyParameter>(), inputBlob,
km::HardwareAuthToken(), km::VerificationToken(), hidlCB); km::HardwareAuthToken(), km::VerificationToken(), hidlCB);
if (!error.isOk()) { if (!error.isOk()) {
@ -105,8 +102,9 @@ Keymaster::Keymaster() {
hmacKeyGenerated = true; hmacKeyGenerated = true;
} }
for (auto& dev : devices) { for (auto& dev : devices) {
// Explicitly avoid using STRONGBOX for now. // Do not use StrongBox for device encryption / credential encryption. If a security chip
// TODO: Re-enable STRONGBOX, since it's what we really want. b/77338527 // is present it will have Weaver, which already strengthens CE. We get no additional
// benefit from using StrongBox here, so skip it.
if (dev->halVersion().securityLevel != SecurityLevel::STRONGBOX) { if (dev->halVersion().securityLevel != SecurityLevel::STRONGBOX) {
mDevice = std::move(dev); mDevice = std::move(dev);
break; break;