keymaster: Relax testing under GSI

GSI images do not have AVB verification enabled and therefore lack several properties the keymaster HAL test depended on. Selectively disable those parts of the test that would fail with AVB verification disabled. Also disable date format checks under GSI. When invoked from GSI the TEE-backed keymaster doesn't use the correct date format. Bug: 130843899 Test: VtsHalKeymasterV4_0TargetTest Exempt-From-Owner-Approval: change only affects VTS-on-GSI behavior Change-Id: Idaafb7b515c41290c766a8132f35d498ca15f48a
2026-02-01 16:50:18 +00:00 · 2019-06-28 11:43:45 -07:00
parent 33723f56b5
commit f18a8328a1
1 changed files with 43 additions and 30 deletions
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -309,6 +309,11 @@ std::string make_string(const uint8_t (&a)[N]) {
    return make_string(a, N);
 }

+bool avb_verification_enabled() {
+    char value[PROPERTY_VALUE_MAX];
+    return property_get("ro.boot.vbmeta.device_state", value, "") != 0;
+}
+
 }  // namespace

 bool verify_attestation_record(const string& challenge, const string& app_id,
@@ -359,26 +364,32 @@ bool verify_attestation_record(const string& challenge, const string& app_id,
    EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length()));

    char property_value[PROPERTY_VALUE_MAX] = {};
-    for (int i = 0; i < att_hw_enforced.size(); i++) {
-        if (att_hw_enforced[i].tag == TAG_BOOT_PATCHLEVEL ||
-            att_hw_enforced[i].tag == TAG_VENDOR_PATCHLEVEL) {
-            std::string date = std::to_string(att_hw_enforced[i].f.integer);
-            // strptime seems to require delimiters, but the tag value will be YYYYMMDD
-            date.insert(6, "-");
-            date.insert(4, "-");
-            EXPECT_EQ(date.size(), 10);
-            struct tm time;
-            strptime(date.c_str(), "%Y-%m-%d", &time);
+    // TODO(b/136282179): When running under VTS-on-GSI the TEE-backed
+    // keymaster implementation will report YYYYMM dates instead of YYYYMMDD
+    // for the BOOT_PATCH_LEVEL.
+    if (avb_verification_enabled()) {
+        for (int i = 0; i < att_hw_enforced.size(); i++) {
+            if (att_hw_enforced[i].tag == TAG_BOOT_PATCHLEVEL ||
+                att_hw_enforced[i].tag == TAG_VENDOR_PATCHLEVEL) {
+                std::string date = std::to_string(att_hw_enforced[i].f.integer);
+                // strptime seems to require delimiters, but the tag value will
+                // be YYYYMMDD
+                date.insert(6, "-");
+                date.insert(4, "-");
+                EXPECT_EQ(date.size(), 10);
+                struct tm time;
+                strptime(date.c_str(), "%Y-%m-%d", &time);

-            // Day of the month (0-31)
-            EXPECT_GE(time.tm_mday, 0);
-            EXPECT_LT(time.tm_mday, 32);
-            // Months since Jan (0-11)
-            EXPECT_GE(time.tm_mon, 0);
-            EXPECT_LT(time.tm_mon, 12);
-            // Years since 1900
-            EXPECT_GT(time.tm_year, 110);
-            EXPECT_LT(time.tm_year, 200);
+                // Day of the month (0-31)
+                EXPECT_GE(time.tm_mday, 0);
+                EXPECT_LT(time.tm_mday, 32);
+                // Months since Jan (0-11)
+                EXPECT_GE(time.tm_mon, 0);
+                EXPECT_LT(time.tm_mon, 12);
+                // Years since 1900
+                EXPECT_GT(time.tm_year, 110);
+                EXPECT_LT(time.tm_year, 200);
+            }
        }
    }

@@ -410,18 +421,20 @@ bool verify_attestation_record(const string& challenge, const string& app_id,
                                &verified_boot_state, &device_locked, &verified_boot_hash);
    EXPECT_EQ(ErrorCode::OK, error);

-    property_get("ro.boot.vbmeta.digest", property_value, "nogood");
-    EXPECT_NE(strcmp(property_value, "nogood"), 0);
-    string prop_string(property_value);
-    EXPECT_EQ(prop_string.size(), 64);
-    EXPECT_EQ(prop_string, bin2hex(verified_boot_hash));
+    if (avb_verification_enabled()) {
+        property_get("ro.boot.vbmeta.digest", property_value, "nogood");
+        EXPECT_NE(strcmp(property_value, "nogood"), 0);
+        string prop_string(property_value);
+        EXPECT_EQ(prop_string.size(), 64);
+        EXPECT_EQ(prop_string, bin2hex(verified_boot_hash));

-    property_get("ro.boot.vbmeta.device_state", property_value, "nogood");
-    EXPECT_NE(property_value, "nogood");
-    if (!strcmp(property_value, "unlocked")) {
-        EXPECT_FALSE(device_locked);
-    } else {
-        EXPECT_TRUE(device_locked);
+        property_get("ro.boot.vbmeta.device_state", property_value, "nogood");
+        EXPECT_NE(strcmp(property_value, "nogood"), 0);
+        if (!strcmp(property_value, "unlocked")) {
+            EXPECT_FALSE(device_locked);
+        } else {
+            EXPECT_TRUE(device_locked);
+        }
    }

    // Verified boot key should be all 0's if the boot state is not verified or self signed