Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 11:36:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

KeyMint VTS: enable patchlevel checks

Browse Source 
Believe that all KeyMint implementations are now in compliance with
the HAL specification and so we can enable the checks that all
generated keys include vendor and boot patchlevel.

Test: VtsAidlKeyMintTargetTest
Change-Id: I99741af308023fe12268e9875e252470fbaaaf9e
This commit is contained in:
David Drysdale
2021-09-27 17:30:41 +01:00
parent e185fae205
commit f5bfa00996
1 changed files with 6 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
security/keymint/aidl/vts/functional/KeyMintTest.cpp
View File

@@ -69,8 +69,6 @@ namespace aidl::android::hardware::security::keymint::test {
namespace {
bool check_patchLevels = false;
// The maximum number of times we'll attempt to verify that corruption
// of an ecrypted blob results in an error. Retries are necessary as there
// is a small (roughly 1/256) chance that corrupting ciphertext still results
@@ -529,14 +527,12 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase {
EXPECT_TRUE(os_pl);
EXPECT_EQ(*os_pl, os_patch_level());
if (check_patchLevels) {
// Should include vendor and boot patchlevels.
auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL);
EXPECT_TRUE(vendor_pl);
EXPECT_EQ(*vendor_pl, vendor_patch_level());
auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);
EXPECT_TRUE(boot_pl);
}
// Should include vendor and boot patchlevels.
auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL);
EXPECT_TRUE(vendor_pl);
EXPECT_EQ(*vendor_pl, vendor_patch_level());
auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);
EXPECT_TRUE(boot_pl);
return auths;
}
@@ -6677,10 +6673,6 @@ int main(int argc, char** argv) {
} else {
std::cout << "NOT dumping attestations" << std::endl;
}
// TODO(drysdale): Remove this flag when available KeyMint devices comply with spec
if (std::string(argv[i]) == "--check_patchLevels") {
aidl::android::hardware::security::keymint::test::check_patchLevels = true;
}
}
}
return RUN_ALL_TESTS();