From fceb7e53a2be7083d3f0aef8967ea0974badb903 Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Tue, 1 Dec 2020 12:19:58 -0800 Subject: [PATCH] Test CannotCreateEarlyBootKeys only if metadata encryption is on In R, earlyBootEnded is called only when metadata encryption is being set up, and thus is not called if metadata encryption is not enabled. So don't test it under those circumstances. Bug: 170875742 Test: Cherry-pick aosp/1515419 so that this test can fail. Test passes with metadata encryption enabled or disabled, but does not pass if metadata encryption is enabled and earlyBootEnded is commented out. (Cuttlefish) Change-Id: I4f1704ca6235d47a1b47902ebbcc1720d016e8dd --- keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp b/keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp index a26c688be9..6d4415003f 100644 --- a/keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp +++ b/keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp @@ -18,6 +18,8 @@ #include +#include + namespace android::hardware::keymaster::V4_1::test { using std::string; @@ -30,6 +32,8 @@ using EarlyBootKeyTest = Keymaster4_1HidlTest; // creates/uses early boot keys during boot. It should fail to boot if the early boot key usage // fails. TEST_P(EarlyBootKeyTest, CannotCreateEarlyBootKeys) { + // In R, this works only on devices with metadata encryption. + if (!android::base::GetBoolProperty("ro.crypto.metadata.enabled", false)) return; auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::EARLY_BOOT_ENDED);