From 166d160b78c29527e2dc474f716faa8b31dded48 Mon Sep 17 00:00:00 2001 From: Seth Moore Date: Fri, 25 Aug 2023 11:09:05 -0700 Subject: [PATCH] Only require RKP on T+ chipsets It turns out we had a bug (b/263844771) in how RKP support was detected, and that was fixed. However, due to this bug, some S chipests shipped without RKP support which is now required by the tests. This change drops the RKP requirement from S chipsets. There should be no new S chipsets, so this effectively grandfathers in the previous ones that were skipped by the RKP VTS tests. T+ tests (both VTS and other suites) will verify that RKP support is there, so there is no gap introduced by this change. Bug: 297139913 Test: VtsAidlKeyMintTargetTest (cherry picked from https://android-review.googlesource.com/q/commit:8be875e0d0c18b8de67744c8b9629f2ff518dd60) Merged-In: I387e5f058ada698747aac103c1745682291f2d1c Change-Id: I387e5f058ada698747aac103c1745682291f2d1c --- .../aidl/vts/functional/KeyMintAidlTestBase.cpp | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index 79c6b12f03..433857c66a 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -1295,15 +1295,12 @@ std::pair> KeyMintAidlTestBase::UpgradeKey( } bool KeyMintAidlTestBase::IsRkpSupportRequired() const { - if (get_vsr_api_level() >= __ANDROID_API_T__) { - return true; - } - - if (get_vsr_api_level() >= __ANDROID_API_S__) { - return SecLevel() != SecurityLevel::STRONGBOX; - } - - return false; + // This is technically not a match to the requirements for S chipsets, + // however when S shipped there was a bug in the test that skipped the + // tests if KeyMint 2 was not on the system. So we allowed many chipests + // to ship without RKP support. In T we hardened the requirements around + // support for RKP, so relax the test to match. + return get_vsr_api_level() >= __ANDROID_API_T__; } vector KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) {