1. allow_any_mode is set as true when the VM RKP instance is being
tested (since the bootloader is unlocked for VTS tests and therefore
the VM DICE chain will necessarily have at least one non-normal
mode.)
2. allow_any_mode is set as true for non-user type builds.
Bug: 318483637
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I15ec3ad32f08eecd8478df14f8efa71fdb0b5d08
If a decice provides a StrongBox KeyMint instance then the default IRPC
instance is required to use a proper, non-degenerate DICE chain.
Expose a function to check whether the CSR contains a proper DICE chain
and use that from VTS to implement the test.
Bug: 302204396
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I90cf070bc2279fc52e0a8e7fd0039d3fdb68c1d7
NewApi is a lint check that you don't call framework methods that were
introduced in versions later than your min_sdk_version. We want to
make this an error, so we're baselineing all existing issues.
This cl was generated automatically, by taking all the NewApi issues
from the reference baselines, and all the non-NewApi issues from the
existing checked in baselines.
Bug: 268261262
Test: Presubmits
Change-Id: I3e4bcd76bad422513d48712303ce5c857511d9be
The RKP VM is part of the Android Virtualization Framework. It will be
uniquely authenticated by the RKP server, and therefore needs its own
certificate type.
Bug: 300624493
Change-Id: Ice586ad85ae43235dd80a5d220603e7394c1c49b
Revert submission 2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK
Reason for revert: Relands the original topic:
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22
PS2 is the same as the original cl: aosp/2796032
Reverted changes: /q/submissionid:2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK
Test: atest MicrodroidHostTests librkp_support_test
Change-Id: I7200599131c01908db7fa3bb4a6f989418a89288
getMessage is often empty. getDescription will always include at least
the status code.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Id401184a3c3642188e26fa2ec03f19515f89ae4f
Revert submission 2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ
Reason for revert: This change relands the topic
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22
This SELinux denial has been fixed in system/sepolicy
Reverted changes: /q/submissionid:2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ
Change-Id: Ia1aed212bf8de4b81239997cc1d1ca665cc456eb
This cl adjusts IRPC VTS tests so that it can handle the IRPC AVF
impl in an environment where the IRPC operations are not supported.
Bug: 299257581
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Iae96076c20e360e6a4aca5518ca8df21920f6978
Check the VSR of the device to select the DICE validation rules that
will be appropriate to use for VTS.
Test: TH
Change-Id: Iff19debd1e442a0b318da1a4d8a08d470efba0ae
Extract CDDL from MacedPublicKey.aidl and DeviceInfo.aidl.
Make -70000 optional in `PublicKey`.
Make CDDL compliant with RFC8610:
- Move `bstr` contents for generated data (e.g. `ECDSA(..)`) to comments.
- Fix alternatives in CBOR-encoded bstr instances.
Add more RFC references and unify reference style.
Try to use a standard format to indicate that external files are needed
for the complete CDDL schema. (Hopefully in the future we might have
tooling that uses these to check the schemas.)
Test: Compile with docs.rs/cddl-cat and https://cddl.anweiss.tech/
Change-Id: Ie1d6c39f1cc0314e312df9205b570b89178ebd16
Move CDDL out of comments and into files, per-method
generateCertificateRequest.cddl
generateCertificateRequestV2.cddl
This makes it easier to read and it means tools can parse it.
Test: Treehugger
Change-Id: I9b71b094d128a5a4566a4d352aaa11d1c9b595ff
Remove the inline definition of the Android Profile for DICE and instead
reference the definition that exists alongside the Open Profile for DICE
and is now the source of truth for the profile.
Test: n/a
Change-Id: Ia71a674234be13542ad0ce4db0b764e8ee0c7a62
Specify that DICE-based RKP implementations may also allow a ROM
extension to manage the UDS public key.
Test: The words are semantically parseable
Change-Id: I8f9c6efb01fc76318220cf1bc4a0eb3a3ad42f87
Update the RKP readme to match contemporary philosophy about the design.
This includes replacing discussion if the obsolete term `BCC` with a
description of the Android Profile for DICE.
The privacy concerns are relaxed to match updates to the HAL which
remove the superencryption of the DICE chain.
Test: n/a
Fix: 281755202
Change-Id: I3a6fd2cd12599c5843b5dce0044eb16c2afbffa2
Align with the Open Profile for DICE by requiring that the configuration
hash be included because the configuration input is a hash of the
specified configuration desscriptor.
Test: n/a
Change-Id: I9d2ef560dc8e6f567b5b8d1a244f5138c45ae420
Introduce a field to the configuration descriptor that provides a
standard semantically-defined version number rather than the
vendor-defined component version which acts more like a build ID.
Test: n/a
Bug: 282205139
Change-Id: Idb0c991ab12ae75687236f2489e639e4422a0225
Only specify the requirements for `normal` DICE mode and allow vendors
to choose the non-normal mode that fits their need per the ope-dice
specification.
Add a note that RKP required `normal` mode in the DICE chain in order to
trust the device.
Test: n/a
Bug: 263144485
Change-Id: Iaaa3799c53234de61a51ebc855822b93ab3e5bb8
The Open Profile for DICE give possible guidelines on the requirements
for the DICE mode but Android needs those to be strictly specified.
Fix: 263144485
Test: n/a
Change-Id: Ia5fc937654504199cabf4709f1c15484242e0161
