From dbbbe2ea6d1397a9b675f5260efbff2a9ba2b9ea Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Thu, 2 Dec 2021 07:44:23 +0000 Subject: [PATCH] KeyMint VTS: option to skip BOOT_PATCHLEVEL check The KeyMint spec requires that all generated keys include the BOOT_PATCHLEVEL for the device. However, the VTS test sometimes gets run in an environment where this is not possible; specifically the Trusty QEMU tests don't have the bootloader -> KeyMint communication that is needed to populate this information. Add a command line flag that disables checks for BOOT_PATCHLEVEL to cope with these scenarios, making sure that it defaults to having the checks enabled. Test: VtsAidlKeyMintTargetTest Change-Id: I215c8a18afbd68af199d49f74b977ad7cac6b805 --- .../aidl/vts/functional/KeyMintTest.cpp | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index 92aa2ac64b..e7956616a4 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -69,6 +69,9 @@ namespace aidl::android::hardware::security::keymint::test { namespace { +// Whether to check that BOOT_PATCHLEVEL is populated. +bool check_boot_pl = true; + // The maximum number of times we'll attempt to verify that corruption // of an ecrypted blob results in an error. Retries are necessary as there // is a small (roughly 1/256) chance that corrupting ciphertext still results @@ -527,12 +530,17 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase { EXPECT_TRUE(os_pl); EXPECT_EQ(*os_pl, os_patch_level()); - // Should include vendor and boot patchlevels. + // Should include vendor patchlevel. auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL); EXPECT_TRUE(vendor_pl); EXPECT_EQ(*vendor_pl, vendor_patch_level()); - auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL); - EXPECT_TRUE(boot_pl); + + // Should include boot patchlevel (but there are some test scenarios where this is not + // possible). + if (check_boot_pl) { + auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL); + EXPECT_TRUE(boot_pl); + } return auths; } @@ -6871,6 +6879,12 @@ int main(int argc, char** argv) { } else { std::cout << "NOT dumping attestations" << std::endl; } + if (std::string(argv[i]) == "--skip_boot_pl_check") { + // Allow checks of BOOT_PATCHLEVEL to be disabled, so that the tests can + // be run in emulated environments that don't have the normal bootloader + // interactions. + aidl::android::hardware::security::keymint::test::check_boot_pl = false; + } } } return RUN_ALL_TESTS();