Move Trusty C++ KeyMint to v4

- Declare v4 HAL. - Declare version 400 in Package Manager (when unfrozen). - Link to current (V4 when unfrozen) versions of support libraries. - Add `setAdditionalAttestationInfo()` method to HAL service. - Add `SetAdditionalAttestationInfo()` method to implementation, using the common message types. - Add Trusty-specific message code for the `SET_ADDITIONAL_ATTESTATION_INFO` message exchange. Test: VtsAidlKeyMintTargetTest (new test fails until TA updated too) Bug: 369375199 Change-Id: I4699aea3ab8a0723a5c2bc1493f7bbb69cdfd6df
2024-11-25 12:38:54 +00:00 · 2024-11-25 12:38:54 +00:00 · 487584da23
commit 487584da23
parent 91b97d7362
7 changed files with 32 additions and 6 deletions
--- a/trusty/keymaster/Android.bp
+++ b/trusty/keymaster/Android.bp
@ -106,11 +106,11 @@ cc_binary {
        "keymint/service.cpp",
    ],
    shared_libs: [
-        "android.hardware.security.keymint-V3-ndk",
+        "android.hardware.security.keymint-V4-ndk",
        "android.hardware.security.rkp-V3-ndk",
        "android.hardware.security.secureclock-V1-ndk",
        "android.hardware.security.sharedsecret-V1-ndk",
-        "lib_android_keymaster_keymint_utils_V3",
+        "lib_android_keymaster_keymint_utils",
        "libbase",
        "libbinder_ndk",
        "libhardware",
@ -120,9 +120,10 @@ cc_binary {
        "libtrusty",
        "libutils",
    ],
-    required: [
-        "android.hardware.hardware_keystore_V3.xml",
-    ],
+    required: select(release_flag("RELEASE_AIDL_USE_UNFROZEN"), {
+        true: ["android.hardware.hardware_keystore.xml"],
+        default: ["android.hardware.hardware_keystore_V3.xml"],
+    }),
 }

 prebuilt_etc {
--- a/trusty/keymaster/TrustyKeymaster.cpp
+++ b/trusty/keymaster/TrustyKeymaster.cpp
@ -295,6 +295,13 @@ GetRootOfTrustResponse TrustyKeymaster::GetRootOfTrust(const GetRootOfTrustReque
    return response;
 }

+SetAdditionalAttestationInfoResponse TrustyKeymaster::SetAdditionalAttestationInfo(
+        const SetAdditionalAttestationInfoRequest& request) {
+    SetAdditionalAttestationInfoResponse response(message_version());
+    ForwardCommand(KM_SET_ADDITIONAL_ATTESTATION_INFO, request, &response);
+    return response;
+}
+
 GetHwInfoResponse TrustyKeymaster::GetHwInfo() {
    GetHwInfoResponse response(message_version());
    ForwardCommand(KM_GET_HW_INFO, GetHwInfoRequest(message_version()), &response);
--- a/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h
@ -85,6 +85,7 @@ class TrustyKeyMintDevice : public BnKeyMintDevice {
    ScopedAStatus getRootOfTrust(const array<uint8_t, 16>& challenge,
                                 vector<uint8_t>* rootOfTrust) override;
    ScopedAStatus sendRootOfTrust(const vector<uint8_t>& rootOfTrust) override;
+    ScopedAStatus setAdditionalAttestationInfo(const vector<KeyParameter>& info) override;

  protected:
    std::shared_ptr<TrustyKeymaster> impl_;
--- a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
@ -70,6 +70,8 @@ class TrustyKeymaster {
    ConfigureVendorPatchlevelResponse ConfigureVendorPatchlevel(
            const ConfigureVendorPatchlevelRequest& request);
    GetRootOfTrustResponse GetRootOfTrust(const GetRootOfTrustRequest& request);
+    SetAdditionalAttestationInfoResponse SetAdditionalAttestationInfo(
+            const SetAdditionalAttestationInfoRequest& request);
    GetHwInfoResponse GetHwInfo();

    uint32_t message_version() const { return message_version_; }
--- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
@ -62,6 +62,7 @@ enum keymaster_command : uint32_t {
    KM_GET_ROOT_OF_TRUST            = (34 << KEYMASTER_REQ_SHIFT),
    KM_GET_HW_INFO                  = (35 << KEYMASTER_REQ_SHIFT),
    KM_GENERATE_CSR_V2              = (36 << KEYMASTER_REQ_SHIFT),
+    KM_SET_ADDITIONAL_ATTESTATION_INFO = (37 << KEYMASTER_REQ_SHIFT),

    // Bootloader/provisioning calls.
    KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),
--- a/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
+++ b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
@ -349,4 +349,18 @@ ScopedAStatus TrustyKeyMintDevice::sendRootOfTrust(const vector<uint8_t>& /* roo
    return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED);
 }

+ScopedAStatus TrustyKeyMintDevice::setAdditionalAttestationInfo(const vector<KeyParameter>& info) {
+    keymaster::SetAdditionalAttestationInfoRequest request(impl_->message_version());
+    request.info.Reinitialize(KmParamSet(info));
+
+    keymaster::SetAdditionalAttestationInfoResponse response =
+            impl_->SetAdditionalAttestationInfo(request);
+
+    if (response.error != KM_ERROR_OK) {
+        return kmError2ScopedAStatus(response.error);
+    } else {
+        return ScopedAStatus::ok();
+    }
+}
+
 }  // namespace aidl::android::hardware::security::keymint::trusty
--- a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
+++ b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
@ -1,7 +1,7 @@
 <manifest version="1.0" type="device">
    <hal format="aidl">
        <name>android.hardware.security.keymint</name>
-        <version>3</version>
+        <version>4</version>
        <fqname>IKeyMintDevice/default</fqname>
    </hal>
    <hal format="aidl">