Previous commit was reverted as it removed wifi vintf fragment from
devices, which was caused by 'no_full_install' property from
vintf_fragment module. This change relands the change, with removing
no_full_install property from the vintf_fragment module
Bug: 322089980
Test: aosp_cf_x86_64_phone build succeeded
Test: mokey_go32 build contains
/vendor/etc/vintf/manifest/android.hardware.wifi.supplicant.xml file
Change-Id: I523ce570068b180805b65f984a0d6def0612db87
This reverts commit cf0a2dd5b0.
Reason for revert: b/363215494, breaks WiFi for at least some devices
Change-Id: I5137957087dde51c0049416404f410f53dd912f3
1. allow_any_mode is set as true when the VM RKP instance is being
tested (since the bootloader is unlocked for VTS tests and therefore
the VM DICE chain will necessarily have at least one non-normal
mode.)
2. allow_any_mode is set as true for non-user type builds.
Bug: 318483637
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I15ec3ad32f08eecd8478df14f8efa71fdb0b5d08
Define vintf_fragments as modules if the file is shared among multiple
modules to avoid any conflicts.
Bug: 322089980
Test: aosp_cf_x86_64_phone build succeeded
Change-Id: I1d00623e3e6da6bb787a152d81eb94822153388f
GSI replaces the values for remote_prov_prop properties (since they’re
system_internal_prop properties), so on GSI the properties are not
reliable indicators of whether StrongBox/TEE are RKP-only or not.
Also included is the removal of the helper skipAttestKeyTestIfNeeded()
so the skipping can happen in the tests directly.
Bug: 348159232
Test: VtsAidlKeyMintTargetTest
Change-Id: I2075e1f76ddd0f87620a212e1aa389803139a117
Should return when there's no content be parsed.
Bug: 330791928
Test: rkp_factory_extraction_tool64
Change-Id: I45302ec20a0a931d2f44a7e36f613858c10fe21e
The policy building library changes in aosp/3125493, accordingly change
the function call. This does not change the behaviour or test coverage
of VTS.
Test: atest VtsSecretkeeperTargetTest
Bug: 291245237
Change-Id: I21a7b0abe5bf186893ec9a68bb080b41778d3313
aosp/3106417 added extra tests with for device ID attestation, but
didn't include a version gate for attesting to the second IMEI value,
which is only present in KeyMint v3+.
Test: VtsAidlKeyMintTargetTest
Change-Id: I95f47942058781709efe96d38442e0518e39705d
Add a test that includes all of the device IDs for attestation, which
helps to check whether the emitted extension is including everything in
the correct order.
(This is already tested in CTS since aosp/2650044)
Also fix test of first API level to use `get_vsr_api_level` helper.
Test: VtsAidlKeyMintTargetTest
Test: with/without KeyMint hacked to emit tags in wrong order
Change-Id: Ic6e489aa99c773d794ad8cbddbe5153b1a145ea5
The Done flag of VtsAidlKeyMintTargetTest is false during running
the module with ‘--collect-tests-only’ because it uses standard
output to print logs.
Bug: 340576534
Test: run vts -m VtsAidlKeyMintTargetTest --collect-tests-only
Change-Id: I3d81f7e59b6189fab1b146320263509f2694c11e
Signed-off-by: Huang Rui <rui1.huang@intel.com>
Signed-off-by: Liu Kai <kai1.liu@intel.com>
Make it clearer that the default implementation is non-secure in
various ways, most notably because the TA code is running in-process
in the HAL service.
Bug: 314513765
Test: VtsAidlKeyMintTargetTest
Change-Id: I83509110c32a4df8df6c0b288d14659e022442ff
Because Keystore2 always requires valid auth tokens for user keys, this
copies and extends the existing in-guest GateKeeper implementation to
negotiate a shared secret key with Keymint in order to generate a
session key for signing auth tokens.
This implementation also uses AIDL rather than HIDL to interact with the
framework. It's also packaged in an APEX.
The files are cobbled together from a few sources:
- SoftGateKeeper.h is based on hardware/interfaces/gatekeeper/1.0/software/SoftGateKeeper.h
- GateKeeper.{cpp,h} are based on device/google/cuttlefish/guest/hals/gatekeeper/remote/remote_gatekeeper.{cpp,h}
- SharedSecret.{cpp,h} are based on device/google/cuttlefish/guest/hals/keymint/remote/remote_shared_secret.{cpp,h}
- Apex files are based on device/google/cuttlefish/guest/hals/keymint/rust/
Keymint modifications to use BOOT_TIME are lifted from
https://android-review.git.corp.google.com/c/platform/hardware/interfaces/+/2856649/6..8/security/keymint/aidl/default/ta/clock.rs#38
Bug: 332376454
Change-Id: I81845d5e6370bdddb1a24d67437964e03a5fb243
Test: Run with rust-nonsecure keymint on Cuttlefish
Add test paths for HALs that are RKP-only so that they may pass tests.
Fix up a few tests that were just being skipped for RKP-only HALs.
Test: ran VTS against cuttlefish with no factory key
Bug: 329409739
Change-Id: I5400874dd2f9885c061970a30ea44985353d23ed
error: field `0` is never read
--> hardware/interfaces/security/keymint/aidl/default/main.rs:38:24
|
38 | struct HalServiceError(String);
| --------------- ^^^^^^
| |
| field in this struct
|
= note: `HalServiceError` has derived impls for the traits `Clone` and `Debug`, but these are intentionally ignored during dead code analysis
= note: `-D dead-code` implied by `-D warnings`
= help: to override `-D warnings` add `#[allow(dead_code)]`
help: consider changing the field to be of unit type to suppress this warning while preserving the field numbering, or remove the field
|
38 | struct HalServiceError(());
| ~~
error: aborting due to 1 previous err
Bug: http://b/330185853
Test: ./test_compiler.py --prebuilt-path dist/rust-dev.tar.xz --target aosp_cf_x86_64_phone --image
Change-Id: I57f3bd1d702c97929f5fd34f909aa72aa2f2ba02
