From 29e37e27ccba3e077f09c4452c91b6a946465b20 Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Mon, 22 Jun 2020 10:26:45 -0700 Subject: [PATCH] RebootEscrow HAL: testing with secure implementations To test implementations that use TEE keymaster with EARLY_BOOT_ONLY keys, it is required that the "earlyBootEnded" call in vold should be removed before they will pass. Mark those tests as DISABLED_... and include a comment and README indicating what needs to be done. Bug: 159513354 Bug: 158964050 Test: atest VtsHalRebootEscrowTargetTest Change-Id: Ie12969c0353ff42202b3dfcfa0be87ba3442e5d3 --- rebootescrow/aidl/vts/functional/README.md | 7 +++++ .../VtsHalRebootEscrowTargetTest.cpp | 26 ++++++++++++++++--- 2 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 rebootescrow/aidl/vts/functional/README.md diff --git a/rebootescrow/aidl/vts/functional/README.md b/rebootescrow/aidl/vts/functional/README.md new file mode 100644 index 0000000000..9ae5caffad --- /dev/null +++ b/rebootescrow/aidl/vts/functional/README.md @@ -0,0 +1,7 @@ +Many of the tests in this directory may require that TEE Keymaster +"EARLY_BOOT_ONLY" keys be usable when this test runs. In order to accomplish +this, a build of "vold" that omits the call to "earlyBootEnded()" function +should be made. Then these DISABLED tests may be run successfully. + +The CTS test ResumeOnRebootHostTests will test the functionality without a +special build. diff --git a/rebootescrow/aidl/vts/functional/VtsHalRebootEscrowTargetTest.cpp b/rebootescrow/aidl/vts/functional/VtsHalRebootEscrowTargetTest.cpp index cd8cc3eaa1..809a3b502a 100644 --- a/rebootescrow/aidl/vts/functional/VtsHalRebootEscrowTargetTest.cpp +++ b/rebootescrow/aidl/vts/functional/VtsHalRebootEscrowTargetTest.cpp @@ -60,7 +60,10 @@ class RebootEscrowAidlTest : public testing::TestWithParam { }; }; -TEST_P(RebootEscrowAidlTest, StoreAndRetrieve_Success) { +// This test assumes that it can retrieve keys immediately, but some +// implementations use the TEE's EARLY_BOOT_ONLY keys. This means that the +// earlyBootEnded() calls will need to be disabled to test this correctly. +TEST_P(RebootEscrowAidlTest, DISABLED_StoreAndRetrieve_Success) { SKIP_UNSUPPORTED; ASSERT_TRUE(rebootescrow->storeKey(KEY_1).isOk()); @@ -70,7 +73,10 @@ TEST_P(RebootEscrowAidlTest, StoreAndRetrieve_Success) { EXPECT_EQ(actualKey, KEY_1); } -TEST_P(RebootEscrowAidlTest, StoreAndRetrieve_SecondRetrieveSucceeds) { +// This test assumes that it can retrieve keys immediately, but some +// implementations use the TEE's EARLY_BOOT_ONLY keys. This means that the +// earlyBootEnded() calls will need to be disabled to test this correctly. +TEST_P(RebootEscrowAidlTest, DISABLED_StoreAndRetrieve_SecondRetrieveSucceeds) { SKIP_UNSUPPORTED; ASSERT_TRUE(rebootescrow->storeKey(KEY_1).isOk()); @@ -83,7 +89,10 @@ TEST_P(RebootEscrowAidlTest, StoreAndRetrieve_SecondRetrieveSucceeds) { EXPECT_EQ(actualKey, KEY_1); } -TEST_P(RebootEscrowAidlTest, StoreTwiceOverwrites_Success) { +// This test assumes that it can retrieve keys immediately, but some +// implementations use the TEE's EARLY_BOOT_ONLY keys. This means that the +// earlyBootEnded() calls will need to be disabled to test this correctly. +TEST_P(RebootEscrowAidlTest, DISABLED_StoreTwiceOverwrites_Success) { SKIP_UNSUPPORTED; ASSERT_TRUE(rebootescrow->storeKey(KEY_1).isOk()); @@ -94,7 +103,10 @@ TEST_P(RebootEscrowAidlTest, StoreTwiceOverwrites_Success) { EXPECT_EQ(actualKey, KEY_2); } -TEST_P(RebootEscrowAidlTest, StoreEmpty_AfterGetEmptyKey_Success) { +// This test assumes that it can retrieve keys immediately, but some +// implementations use the TEE's EARLY_BOOT_ONLY keys. This means that the +// earlyBootEnded() calls will need to be disabled to test this correctly. +TEST_P(RebootEscrowAidlTest, DISABLED_StoreEmpty_AfterGetEmptyKey_Success) { SKIP_UNSUPPORTED; rebootescrow->storeKey(KEY_1); @@ -105,6 +117,12 @@ TEST_P(RebootEscrowAidlTest, StoreEmpty_AfterGetEmptyKey_Success) { EXPECT_EQ(actualKey, EMPTY_KEY); } +TEST_P(RebootEscrowAidlTest, Store_Success) { + SKIP_UNSUPPORTED; + + rebootescrow->storeKey(KEY_1); +} + INSTANTIATE_TEST_SUITE_P( RebootEscrow, RebootEscrowAidlTest, testing::ValuesIn(android::getAidlHalInstanceNames(IRebootEscrow::descriptor)),