The dice HAL provides access to the Dice artifacts of the running Android
instance.
Bug: 198197213
Test: VTS test comming in two ...
Change-Id: I6e84f9a9c7153e7a96c06d1d451e658b3f222586
For the time being, allow the version number in the attestation record
to be 100 even if the AIDL version is 2, so that implementations don't
have to update both versions simultaneously.
Bug: 194358913
Test: TreeHugger, VtsAidlKeyMintTargetTest
Change-Id: I9aae69327a62014e286ce30ca2a4d91c4c280714
Revert "Bump keystore2 AIDL API version 1->2"
Revert "Advertise support of KeyMint V2"
Revert submission 1900930-version-bump
Reason for revert: Broken build on sc-qpr1-dev-plus-aosp, b/210450339
Reverted Changes:
I42a9b854f:keystore2: cope with new curve25519 enum
I167d568d6:Bump keystore2 AIDL API version 1->2
I3a16d072e:Advertise support of KeyMint V2
Ibf2325329:KeyMint HAL: add curve 25519, bump version
Change-Id: I78d4b07c41aa6bfeb367b56a58deeac6adb6ec46
Marked as required for TRUSTED_ENVIRONMENT impls but not STRONGBOX.
Bump keymint HAL version 1->2 in defaults and in current compatibility
matrix.
Bug: 194358913
Test: build
Change-Id: Ibf2325329f0656a2d1fc416c2f9a74d505d0bf20
A VTS test case to verify HMAC signature verification fails if data or
signature is currupted.
Bug: 209452930
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: I2177fd99cfab4ef4a347d50461db0d2e3ad8c612
The KeyMint spec requires that all generated keys include the
BOOT_PATCHLEVEL for the device.
However, the VTS test sometimes gets run in an environment where this
is not possible; specifically the Trusty QEMU tests don't have the
bootloader -> KeyMint communication that is needed to populate this
information.
Add a command line flag that disables checks for BOOT_PATCHLEVEL to
cope with these scenarios, making sure that it defaults to having the
checks enabled.
Test: VtsAidlKeyMintTargetTest
Change-Id: I215c8a18afbd68af199d49f74b977ad7cac6b805
Transfer the fix in http://aosp/1745035 from the KeyMint VTS test back
into the keymaster VTS test.
Bug: 189261752
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5f0a69255cfe980dd6e71fa29ff06a84cb668f6d
The KeyMint HAL will soon be updated for a new version. To make this
process easier, add a cc_defaults and rust_defaults that references
the "current" version, and use this elsewhere. This should hopefully
mean that a future version bump only needs to happen in the defaults.
Test: TreeHugger
Change-Id: If7dd0c5778acb92177e16fd4fb4a04dcb837ad06
Added invalid AES key sizes to be tested for Default and TEE based
Keymint implementations.
Bug: 205679497
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: Id9044cdc0324258c15f1daa81487c7819a780fe8
Test that specifying RESET_SINCE_ID_ROTATION results in a different
unique ID value.
Test: VtsAidlKeyMintTargetTest
Bug: 202487002
Change-Id: I2aed96514bf9e4802f0ef756f880cac79fa09554
The KeyMint spec has always required that keys with the ATTEST_KEY
purpose "must not have any other purpose".
Add explicit tests for combined-purpose keys to be rejected.
Also expand the spec text to require a specific error code, and to
explain the rationale for single-purpose ATTEST_KEY keys.
Bug: 197096139
Test: VtsAidlKeyMintTargetTest
Change-Id: I2a2014f0ddc497128ba51bb3f43671f759789912
Update the VTS tests so that attestation keys are not created with
another purpose.
Bug: 197096139
Test: VtsAidlKeyMintTargetTest
Change-Id: Ib6e4ad98cbe5c3015138854679b11fa0e683ade9
