From 8be875e0d0c18b8de67744c8b9629f2ff518dd60 Mon Sep 17 00:00:00 2001 From: Seth Moore Date: Fri, 25 Aug 2023 11:09:05 -0700 Subject: [PATCH] Only require RKP on T+ chipsets It turns out we had a bug (b/263844771) in how RKP support was detected, and that was fixed. However, due to this bug, some S chipests shipped without RKP support which is now required by the tests. This change drops the RKP requirement from S chipsets. There should be no new S chipsets, so this effectively grandfathers in the previous ones that were skipped by the RKP VTS tests. T+ tests (both VTS and other suites) will verify that RKP support is there, so there is no gap introduced by this change. Bug: 297139913 Test: VtsAidlKeyMintTargetTest Change-Id: I387e5f058ada698747aac103c1745682291f2d1c --- .../aidl/vts/functional/KeyMintAidlTestBase.cpp | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index 9f8593cb64..5f8ec0e3f4 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -1300,15 +1300,12 @@ std::pair> KeyMintAidlTestBase::UpgradeKey( } bool KeyMintAidlTestBase::IsRkpSupportRequired() const { - if (get_vsr_api_level() >= __ANDROID_API_T__) { - return true; - } - - if (get_vsr_api_level() >= __ANDROID_API_S__) { - return SecLevel() != SecurityLevel::STRONGBOX; - } - - return false; + // This is technically not a match to the requirements for S chipsets, + // however when S shipped there was a bug in the test that skipped the + // tests if KeyMint 2 was not on the system. So we allowed many chipests + // to ship without RKP support. In T we hardened the requirements around + // support for RKP, so relax the test to match. + return get_vsr_api_level() >= __ANDROID_API_T__; } vector KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) {