ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "Move Trusty C++ KeyMint to v4" into main

Browse source
This commit is contained in:
David Drysdale 2024-11-27 07:18:20 +00:00 committed by Gerrit Code Review
commit bc6efddf79
7 changed files with 32 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
trusty/keymaster/Android.bp
View file

@ -106,11 +106,11 @@ cc_binary {
"keymint/service.cpp", "keymint/service.cpp",
], ],
shared_libs: [ shared_libs: [
"android.hardware.security.keymint-V3-ndk", "android.hardware.security.keymint-V4-ndk",
"android.hardware.security.rkp-V3-ndk", "android.hardware.security.rkp-V3-ndk",
"android.hardware.security.secureclock-V1-ndk", "android.hardware.security.secureclock-V1-ndk",
"android.hardware.security.sharedsecret-V1-ndk", "android.hardware.security.sharedsecret-V1-ndk",
"lib_android_keymaster_keymint_utils_V3", "lib_android_keymaster_keymint_utils",
"libbase", "libbase",
"libbinder_ndk", "libbinder_ndk",
"libhardware", "libhardware",
@ -120,9 +120,10 @@ cc_binary {
"libtrusty", "libtrusty",
"libutils", "libutils",
], ],
required: [ required: select(release_flag("RELEASE_AIDL_USE_UNFROZEN"), {
"android.hardware.hardware_keystore_V3.xml", true: ["android.hardware.hardware_keystore.xml"],
], default: ["android.hardware.hardware_keystore_V3.xml"],
}),
} }
prebuilt_etc { prebuilt_etc {

7
trusty/keymaster/TrustyKeymaster.cpp
View file

@ -295,6 +295,13 @@ GetRootOfTrustResponse TrustyKeymaster::GetRootOfTrust(const GetRootOfTrustReque
return response; return response;
} }
SetAdditionalAttestationInfoResponse TrustyKeymaster::SetAdditionalAttestationInfo(
const SetAdditionalAttestationInfoRequest& request) {
SetAdditionalAttestationInfoResponse response(message_version());
ForwardCommand(KM_SET_ADDITIONAL_ATTESTATION_INFO, request, &response);
return response;
}
GetHwInfoResponse TrustyKeymaster::GetHwInfo() { GetHwInfoResponse TrustyKeymaster::GetHwInfo() {
GetHwInfoResponse response(message_version()); GetHwInfoResponse response(message_version());
ForwardCommand(KM_GET_HW_INFO, GetHwInfoRequest(message_version()), &response); ForwardCommand(KM_GET_HW_INFO, GetHwInfoRequest(message_version()), &response);

1
trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h
View file

@ -85,6 +85,7 @@ class TrustyKeyMintDevice : public BnKeyMintDevice {
ScopedAStatus getRootOfTrust(const array<uint8_t, 16>& challenge, ScopedAStatus getRootOfTrust(const array<uint8_t, 16>& challenge,
vector<uint8_t>* rootOfTrust) override; vector<uint8_t>* rootOfTrust) override;
ScopedAStatus sendRootOfTrust(const vector<uint8_t>& rootOfTrust) override; ScopedAStatus sendRootOfTrust(const vector<uint8_t>& rootOfTrust) override;
ScopedAStatus setAdditionalAttestationInfo(const vector<KeyParameter>& info) override;
protected: protected:
std::shared_ptr<TrustyKeymaster> impl_; std::shared_ptr<TrustyKeymaster> impl_;

2
trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
View file

@ -70,6 +70,8 @@ class TrustyKeymaster {
ConfigureVendorPatchlevelResponse ConfigureVendorPatchlevel( ConfigureVendorPatchlevelResponse ConfigureVendorPatchlevel(
const ConfigureVendorPatchlevelRequest& request); const ConfigureVendorPatchlevelRequest& request);
GetRootOfTrustResponse GetRootOfTrust(const GetRootOfTrustRequest& request); GetRootOfTrustResponse GetRootOfTrust(const GetRootOfTrustRequest& request);
SetAdditionalAttestationInfoResponse SetAdditionalAttestationInfo(
const SetAdditionalAttestationInfoRequest& request);
GetHwInfoResponse GetHwInfo(); GetHwInfoResponse GetHwInfo();
uint32_t message_version() const { return message_version_; } uint32_t message_version() const { return message_version_; }

1
trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
View file

@ -62,6 +62,7 @@ enum keymaster_command : uint32_t {
KM_GET_ROOT_OF_TRUST = (34 << KEYMASTER_REQ_SHIFT), KM_GET_ROOT_OF_TRUST = (34 << KEYMASTER_REQ_SHIFT),
KM_GET_HW_INFO = (35 << KEYMASTER_REQ_SHIFT), KM_GET_HW_INFO = (35 << KEYMASTER_REQ_SHIFT),
KM_GENERATE_CSR_V2 = (36 << KEYMASTER_REQ_SHIFT), KM_GENERATE_CSR_V2 = (36 << KEYMASTER_REQ_SHIFT),
KM_SET_ADDITIONAL_ATTESTATION_INFO = (37 << KEYMASTER_REQ_SHIFT),
// Bootloader/provisioning calls. // Bootloader/provisioning calls.
KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT), KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),

14
trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
View file

@ -349,4 +349,18 @@ ScopedAStatus TrustyKeyMintDevice::sendRootOfTrust(const vector<uint8_t>& /* roo
return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED); return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED);
} }
ScopedAStatus TrustyKeyMintDevice::setAdditionalAttestationInfo(const vector<KeyParameter>& info) {
keymaster::SetAdditionalAttestationInfoRequest request(impl_->message_version());
request.info.Reinitialize(KmParamSet(info));
keymaster::SetAdditionalAttestationInfoResponse response =
impl_->SetAdditionalAttestationInfo(request);
if (response.error != KM_ERROR_OK) {
return kmError2ScopedAStatus(response.error);
} else {
return ScopedAStatus::ok();
}
}
} // namespace aidl::android::hardware::security::keymint::trusty } // namespace aidl::android::hardware::security::keymint::trusty

2
trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
View file

@ -1,7 +1,7 @@
<manifest version="1.0" type="device"> <manifest version="1.0" type="device">
<hal format="aidl"> <hal format="aidl">
<name>android.hardware.security.keymint</name> <name>android.hardware.security.keymint</name>
<version>3</version> <version>4</version>
<fqname>IKeyMintDevice/default</fqname> <fqname>IKeyMintDevice/default</fqname>
</hal> </hal>
<hal format="aidl"> <hal format="aidl">