diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp index 5a1e4202d..8ebfc1aeb 100644 --- a/trusty/keymaster/Android.bp +++ b/trusty/keymaster/Android.bp @@ -106,11 +106,11 @@ cc_binary { "keymint/service.cpp", ], shared_libs: [ - "android.hardware.security.keymint-V3-ndk", + "android.hardware.security.keymint-V4-ndk", "android.hardware.security.rkp-V3-ndk", "android.hardware.security.secureclock-V1-ndk", "android.hardware.security.sharedsecret-V1-ndk", - "lib_android_keymaster_keymint_utils_V3", + "lib_android_keymaster_keymint_utils", "libbase", "libbinder_ndk", "libhardware", @@ -120,9 +120,10 @@ cc_binary { "libtrusty", "libutils", ], - required: [ - "android.hardware.hardware_keystore_V3.xml", - ], + required: select(release_flag("RELEASE_AIDL_USE_UNFROZEN"), { + true: ["android.hardware.hardware_keystore.xml"], + default: ["android.hardware.hardware_keystore_V3.xml"], + }), } prebuilt_etc { diff --git a/trusty/keymaster/TrustyKeymaster.cpp b/trusty/keymaster/TrustyKeymaster.cpp index b118a2001..723229d03 100644 --- a/trusty/keymaster/TrustyKeymaster.cpp +++ b/trusty/keymaster/TrustyKeymaster.cpp @@ -295,6 +295,13 @@ GetRootOfTrustResponse TrustyKeymaster::GetRootOfTrust(const GetRootOfTrustReque return response; } +SetAdditionalAttestationInfoResponse TrustyKeymaster::SetAdditionalAttestationInfo( + const SetAdditionalAttestationInfoRequest& request) { + SetAdditionalAttestationInfoResponse response(message_version()); + ForwardCommand(KM_SET_ADDITIONAL_ATTESTATION_INFO, request, &response); + return response; +} + GetHwInfoResponse TrustyKeymaster::GetHwInfo() { GetHwInfoResponse response(message_version()); ForwardCommand(KM_GET_HW_INFO, GetHwInfoRequest(message_version()), &response); diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h index c8d8932c4..5e876d3d3 100644 --- a/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h +++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h @@ -85,6 +85,7 @@ class TrustyKeyMintDevice : public BnKeyMintDevice { ScopedAStatus getRootOfTrust(const array& challenge, vector* rootOfTrust) override; ScopedAStatus sendRootOfTrust(const vector& rootOfTrust) override; + ScopedAStatus setAdditionalAttestationInfo(const vector& info) override; protected: std::shared_ptr impl_; diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h index c50178bcf..65d7217e0 100644 --- a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h +++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h @@ -70,6 +70,8 @@ class TrustyKeymaster { ConfigureVendorPatchlevelResponse ConfigureVendorPatchlevel( const ConfigureVendorPatchlevelRequest& request); GetRootOfTrustResponse GetRootOfTrust(const GetRootOfTrustRequest& request); + SetAdditionalAttestationInfoResponse SetAdditionalAttestationInfo( + const SetAdditionalAttestationInfoRequest& request); GetHwInfoResponse GetHwInfo(); uint32_t message_version() const { return message_version_; } diff --git a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h index 822e93334..721315d6f 100644 --- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h +++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h @@ -62,6 +62,7 @@ enum keymaster_command : uint32_t { KM_GET_ROOT_OF_TRUST = (34 << KEYMASTER_REQ_SHIFT), KM_GET_HW_INFO = (35 << KEYMASTER_REQ_SHIFT), KM_GENERATE_CSR_V2 = (36 << KEYMASTER_REQ_SHIFT), + KM_SET_ADDITIONAL_ATTESTATION_INFO = (37 << KEYMASTER_REQ_SHIFT), // Bootloader/provisioning calls. KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT), diff --git a/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp index fec4c60fe..154597f99 100644 --- a/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp +++ b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp @@ -349,4 +349,18 @@ ScopedAStatus TrustyKeyMintDevice::sendRootOfTrust(const vector& /* roo return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED); } +ScopedAStatus TrustyKeyMintDevice::setAdditionalAttestationInfo(const vector& info) { + keymaster::SetAdditionalAttestationInfoRequest request(impl_->message_version()); + request.info.Reinitialize(KmParamSet(info)); + + keymaster::SetAdditionalAttestationInfoResponse response = + impl_->SetAdditionalAttestationInfo(request); + + if (response.error != KM_ERROR_OK) { + return kmError2ScopedAStatus(response.error); + } else { + return ScopedAStatus::ok(); + } +} + } // namespace aidl::android::hardware::security::keymint::trusty diff --git a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml index 3dc9c88ea..f74d21285 100644 --- a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml +++ b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml @@ -1,7 +1,7 @@ android.hardware.security.keymint - 3 + 4 IKeyMintDevice/default