GSI replaces the values for remote_prov_prop properties (since they’re
system_internal_prop properties), so on GSI the properties are not
reliable indicators of whether StrongBox/TEE are RKP-only or not.
Also included is the removal of the helper skipAttestKeyTestIfNeeded()
so the skipping can happen in the tests directly.
Bug: 348159232
Test: VtsAidlKeyMintTargetTest
Change-Id: I2075e1f76ddd0f87620a212e1aa389803139a117
Should return when there's no content be parsed.
Bug: 330791928
Test: rkp_factory_extraction_tool64
Change-Id: I45302ec20a0a931d2f44a7e36f613858c10fe21e
The policy building library changes in aosp/3125493, accordingly change
the function call. This does not change the behaviour or test coverage
of VTS.
Test: atest VtsSecretkeeperTargetTest
Bug: 291245237
Change-Id: I21a7b0abe5bf186893ec9a68bb080b41778d3313
aosp/3106417 added extra tests with for device ID attestation, but
didn't include a version gate for attesting to the second IMEI value,
which is only present in KeyMint v3+.
Test: VtsAidlKeyMintTargetTest
Change-Id: I95f47942058781709efe96d38442e0518e39705d
Add a test that includes all of the device IDs for attestation, which
helps to check whether the emitted extension is including everything in
the correct order.
(This is already tested in CTS since aosp/2650044)
Also fix test of first API level to use `get_vsr_api_level` helper.
Test: VtsAidlKeyMintTargetTest
Test: with/without KeyMint hacked to emit tags in wrong order
Change-Id: Ic6e489aa99c773d794ad8cbddbe5153b1a145ea5
The Done flag of VtsAidlKeyMintTargetTest is false during running
the module with ‘--collect-tests-only’ because it uses standard
output to print logs.
Bug: 340576534
Test: run vts -m VtsAidlKeyMintTargetTest --collect-tests-only
Change-Id: I3d81f7e59b6189fab1b146320263509f2694c11e
Signed-off-by: Huang Rui <rui1.huang@intel.com>
Signed-off-by: Liu Kai <kai1.liu@intel.com>
Make it clearer that the default implementation is non-secure in
various ways, most notably because the TA code is running in-process
in the HAL service.
Bug: 314513765
Test: VtsAidlKeyMintTargetTest
Change-Id: I83509110c32a4df8df6c0b288d14659e022442ff
Because Keystore2 always requires valid auth tokens for user keys, this
copies and extends the existing in-guest GateKeeper implementation to
negotiate a shared secret key with Keymint in order to generate a
session key for signing auth tokens.
This implementation also uses AIDL rather than HIDL to interact with the
framework. It's also packaged in an APEX.
The files are cobbled together from a few sources:
- SoftGateKeeper.h is based on hardware/interfaces/gatekeeper/1.0/software/SoftGateKeeper.h
- GateKeeper.{cpp,h} are based on device/google/cuttlefish/guest/hals/gatekeeper/remote/remote_gatekeeper.{cpp,h}
- SharedSecret.{cpp,h} are based on device/google/cuttlefish/guest/hals/keymint/remote/remote_shared_secret.{cpp,h}
- Apex files are based on device/google/cuttlefish/guest/hals/keymint/rust/
Keymint modifications to use BOOT_TIME are lifted from
https://android-review.git.corp.google.com/c/platform/hardware/interfaces/+/2856649/6..8/security/keymint/aidl/default/ta/clock.rs#38
Bug: 332376454
Change-Id: I81845d5e6370bdddb1a24d67437964e03a5fb243
Test: Run with rust-nonsecure keymint on Cuttlefish
Add test paths for HALs that are RKP-only so that they may pass tests.
Fix up a few tests that were just being skipped for RKP-only HALs.
Test: ran VTS against cuttlefish with no factory key
Bug: 329409739
Change-Id: I5400874dd2f9885c061970a30ea44985353d23ed
error: field `0` is never read
--> hardware/interfaces/security/keymint/aidl/default/main.rs:38:24
|
38 | struct HalServiceError(String);
| --------------- ^^^^^^
| |
| field in this struct
|
= note: `HalServiceError` has derived impls for the traits `Clone` and `Debug`, but these are intentionally ignored during dead code analysis
= note: `-D dead-code` implied by `-D warnings`
= help: to override `-D warnings` add `#[allow(dead_code)]`
help: consider changing the field to be of unit type to suppress this warning while preserving the field numbering, or remove the field
|
38 | struct HalServiceError(());
| ~~
error: aborting due to 1 previous err
Bug: http://b/330185853
Test: ./test_compiler.py --prebuilt-path dist/rust-dev.tar.xz --target aosp_cf_x86_64_phone --image
Change-Id: I57f3bd1d702c97929f5fd34f909aa72aa2f2ba02
This will make it easier to swap in and out with the Cuttlefish remote
implementation.
Bug: 331474817
Test: m com.android.hardware.keymint.rust_nonsecure
Change-Id: I0e9a350b62a90ef6126db109195e19b4181d0cf8
The ISharedSecret.aidl description of the pre-shared secret K
mentioned that K was set up during factory reset. While that could be
done, it is almost never done; most OEMs inject K in the factory.
Removed the reference to setup in factory reset to reduce confusion.
Test: N/A, comment-only change
Change-Id: Idbbd5a8d64197ef4713a75075a9730d06162ad05
error: field `0` is never read
--> hardware/interfaces/security/authgraph/default/src/main.rs:34:24
|
34 | struct HalServiceError(String);
| --------------- ^^^^^^
| |
| field in this struct
|
= note: `HalServiceError` has derived impls for the traits `Clone` and `Debug`, but these are intenti
onally ignored during dead code analysis
= note: `-D dead-code` implied by `-D warnings`
= help: to override `-D warnings` add `#[allow(dead_code)]`
help: consider changing the field to be of unit type to suppress this warning while preserving the field
numbering, or remove the field
|
34 | struct HalServiceError(());
| ~~
error: aborting due to 1 previous error
Test: ./build.py --lto thin
bug: http://b/330185853
Change-Id: I08b79176fb5edea9e24990e4884e521c24660d68
Bug: 324321147
Test: Manual -- trigger factory reset, confirm ISecretKeeper.deleteAll()
is being called in Trusty logs.
Change-Id: I0f033b53e83ff549f80271ba4a6ebeabac3db922
This target was using the same `.rc` as the keymint-service target,
though it had a different name.
Bug: 331474817
Test: LOCAL_KEYMINT_PRODUCT_PACKAGE=android.hardware.security.keymint-service.nonsecure m && launch_cvd --noresume --secure_hals=keymint,oemlock
Change-Id: I0f744b75e451f6780d8f6c9bddbd5ea80c579a20
If a decice provides a StrongBox KeyMint instance then the default IRPC
instance is required to use a proper, non-degenerate DICE chain.
Expose a function to check whether the CSR contains a proper DICE chain
and use that from VTS to implement the test.
Bug: 302204396
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I90cf070bc2279fc52e0a8e7fd0039d3fdb68c1d7
Add tests for:
- large number of session creations
- also use a bigger identity, to better simulate real use
- attempt to retrieve a secret with an incorrect identity
Test: VtsSecretkeeperTargetTest (shiba)
Bug: 327526008
Change-Id: I8dddf643d03a8fb679511564cb03c2248477c116
Only applies for devices on VSR API level 35 and above, so that existing
devices which previously passed VTS should not need to pass the new
tests.
Bug: 292534977
Test: VtsAidlKeyMintTargetTest
Change-Id: I8281c3cebf05795e3f9a1ed2b112fc149d8a104c
