diff --git a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl index b0761bf828..586e6597a6 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl +++ b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl @@ -30,26 +30,22 @@ parcelable DeviceInfo { * DeviceInfo is a CBOR Map structure described by the following CDDL. * * DeviceInfo = { - * ? "brand" : tstr, - * ? "manufacturer" : tstr, - * ? "product" : tstr, - * ? "model" : tstr, - * ? "board" : tstr, - * ? "vb_state" : "green" / "yellow" / "orange", // Taken from the AVB values - * ? "bootloader_state" : "locked" / "unlocked", // Taken from the AVB values - * ? "vbmeta_digest": bstr, // Taken from the AVB values - * ? "os_version" : tstr, // Same as android.os.Build.VERSION.release - * ? "system_patch_level" : uint, // YYYYMMDD - * ? "boot_patch_level" : uint, // YYYYMMDD - * ? "vendor_patch_level" : uint, // YYYYMMDD - * "version" : 1, // The CDDL schema version. - * "security_level" : "tee" / "strongbox" - * "att_id_state": "locked" / "open", // Attestation IDs State. If "locked", this - * // indicates a device's attestable IDs are - * // factory-locked and immutable. If "open", - * // this indicates the device is still in a - * // provisionable state and the attestable IDs - * // are not yet frozen. + * "brand" : tstr, + * "manufacturer" : tstr, + * "product" : tstr, + * "model" : tstr, + * "device" : tstr, + * "vb_state" : "green" / "yellow" / "orange", // Taken from the AVB values + * "bootloader_state" : "locked" / "unlocked", // Taken from the AVB values + * "vbmeta_digest": bstr, // Taken from the AVB values + * "os_version" : tstr, // Same as android.os.Build.VERSION.release + * "system_patch_level" : uint, // YYYYMMDD + * "boot_patch_level" : uint, // YYYYMMDD + * "vendor_patch_level" : uint, // YYYYMMDD + * "version" : 2, // The CDDL schema version. + * "security_level" : "tee" / "strongbox", + * "fused": 1 / 0, // 1 if secure boot is enforced for the processor that the IRPC + * // implementation is contained in. 0 otherwise. * } */ byte[] deviceInfo; diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp index 829780d442..3a7e000450 100644 --- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp @@ -57,6 +57,22 @@ using testing::MatchesRegex; using namespace remote_prov; using namespace keymaster; +std::set getAllowedVbStates() { + return {"green", "yellow", "orange"}; +} + +std::set getAllowedBootloaderStates() { + return {"locked", "unlocked"}; +} + +std::set getAllowedSecurityLevels() { + return {"tee", "strongbox"}; +} + +std::set getAllowedAttIdStates() { + return {"locked", "open"}; +} + bytevec string_to_bytevec(const char* s) { const uint8_t* p = reinterpret_cast(s); return bytevec(p, p + strlen(s)); @@ -406,6 +422,8 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { ASSERT_TRUE(deviceInfoMap) << "Failed to parse deviceInfo: " << deviceInfoErrMsg; ASSERT_TRUE(deviceInfoMap->asMap()); + checkDeviceInfo(deviceInfoMap->asMap()); + auto& signingKey = bccContents->back().pubKey; auto macKey = verifyAndParseCoseSign1(signedMac->asArray(), signingKey, cppbor::Array() // SignedMacAad @@ -432,6 +450,76 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { } } + void checkType(const cppbor::Map* devInfo, uint8_t majorType, std::string entryName) { + const auto& val = devInfo->get(entryName); + ASSERT_TRUE(val) << entryName << " does not exist"; + ASSERT_EQ(val->type(), majorType) << entryName << " has the wrong type."; + switch (majorType) { + case cppbor::TSTR: + ASSERT_GT(val->asTstr()->value().size(), 0); + break; + case cppbor::BSTR: + ASSERT_GT(val->asBstr()->value().size(), 0); + break; + default: + break; + } + } + + void checkDeviceInfo(const cppbor::Map* deviceInfo) { + const auto& version = deviceInfo->get("version"); + ASSERT_TRUE(version); + ASSERT_TRUE(version->asUint()); + RpcHardwareInfo info; + provisionable_->getHardwareInfo(&info); + ASSERT_EQ(version->asUint()->value(), info.versionNumber); + std::set allowList; + switch (version->asUint()->value()) { + // These fields became mandated in version 2. + case 2: + checkType(deviceInfo, cppbor::TSTR, "brand"); + checkType(deviceInfo, cppbor::TSTR, "manufacturer"); + checkType(deviceInfo, cppbor::TSTR, "product"); + checkType(deviceInfo, cppbor::TSTR, "model"); + checkType(deviceInfo, cppbor::TSTR, "device"); + // TODO: Refactor the KeyMint code that validates these fields and include it here. + checkType(deviceInfo, cppbor::TSTR, "vb_state"); + allowList = getAllowedVbStates(); + ASSERT_NE(allowList.find(deviceInfo->get("vb_state")->asTstr()->value()), + allowList.end()); + checkType(deviceInfo, cppbor::TSTR, "bootloader_state"); + allowList = getAllowedBootloaderStates(); + ASSERT_NE(allowList.find(deviceInfo->get("bootloader_state")->asTstr()->value()), + allowList.end()); + checkType(deviceInfo, cppbor::BSTR, "vbmeta_digest"); + checkType(deviceInfo, cppbor::TSTR, "os_version"); + checkType(deviceInfo, cppbor::UINT, "system_patch_level"); + checkType(deviceInfo, cppbor::UINT, "boot_patch_level"); + checkType(deviceInfo, cppbor::UINT, "vendor_patch_level"); + checkType(deviceInfo, cppbor::UINT, "fused"); + ASSERT_LT(deviceInfo->get("fused")->asUint()->value(), 2); // Must be 0 or 1. + checkType(deviceInfo, cppbor::TSTR, "security_level"); + allowList = getAllowedSecurityLevels(); + ASSERT_NE(allowList.find(deviceInfo->get("security_level")->asTstr()->value()), + allowList.end()); + break; + case 1: + checkType(deviceInfo, cppbor::TSTR, "security_level"); + allowList = getAllowedSecurityLevels(); + ASSERT_NE(allowList.find(deviceInfo->get("security_level")->asTstr()->value()), + allowList.end()); + if (version->asUint()->value() == 1) { + checkType(deviceInfo, cppbor::TSTR, "att_id_state"); + allowList = getAllowedAttIdStates(); + ASSERT_NE(allowList.find(deviceInfo->get("att_id_state")->asTstr()->value()), + allowList.end()); + } + break; + default: + FAIL() << "Unrecognized version: " << version->asUint()->value(); + } + } + bytevec eekId_; size_t testEekLength_; EekChain testEekChain_;