Marked as required for TRUSTED_ENVIRONMENT impls but not STRONGBOX.
Bump keymint HAL version 1->2 in defaults and in current compatibility
matrix.
Bug: 194358913
Test: build
Change-Id: Ibf2325329f0656a2d1fc416c2f9a74d505d0bf20
The KeyMint spec requires that all generated keys include the
BOOT_PATCHLEVEL for the device.
However, the VTS test sometimes gets run in an environment where this
is not possible; specifically the Trusty QEMU tests don't have the
bootloader -> KeyMint communication that is needed to populate this
information.
Add a command line flag that disables checks for BOOT_PATCHLEVEL to
cope with these scenarios, making sure that it defaults to having the
checks enabled.
Test: VtsAidlKeyMintTargetTest
Change-Id: I215c8a18afbd68af199d49f74b977ad7cac6b805
Transfer the fix in http://aosp/1745035 from the KeyMint VTS test back
into the keymaster VTS test.
Bug: 189261752
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5f0a69255cfe980dd6e71fa29ff06a84cb668f6d
The KeyMint HAL will soon be updated for a new version. To make this
process easier, add a cc_defaults and rust_defaults that references
the "current" version, and use this elsewhere. This should hopefully
mean that a future version bump only needs to happen in the defaults.
Test: TreeHugger
Change-Id: If7dd0c5778acb92177e16fd4fb4a04dcb837ad06
Added invalid AES key sizes to be tested for Default and TEE based
Keymint implementations.
Bug: 205679497
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: Id9044cdc0324258c15f1daa81487c7819a780fe8
Test that specifying RESET_SINCE_ID_ROTATION results in a different
unique ID value.
Test: VtsAidlKeyMintTargetTest
Bug: 202487002
Change-Id: I2aed96514bf9e4802f0ef756f880cac79fa09554
Update the VTS tests so that attestation keys are not created with
another purpose.
Bug: 197096139
Test: VtsAidlKeyMintTargetTest
Change-Id: Ib6e4ad98cbe5c3015138854679b11fa0e683ade9
This support function is supposed to be useable by vendor in treble.
Add "vendor_available" to reflect that.
Bug: 203481954
Test: Link by vendor successfully
Change-Id: I9709ac0ab79405c336ed8a1bc44b2ef643dd5b2d
Future addition of extra curves means that key size is not enough to
identify the particular EC curve required. Use the EcCurve enum instead.
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ia6b7d86a387cfc06db05e4ba6ff8f331e9c6345f
Existing comment is incorrect: the ATTESTATION_ID_* values that the test
provided are rejected because they do not match the device values, not
because the tags are specific to device-unique attestation.
Fix the test comment (and make the values more obviously wrong), and
add a separate test that includes correct values of ATTESTATION_ID_*
values.
Test: VtsAidlKeyMintTargetTest
Change-Id: I5c5f5ef6a228990c9e46f90727e0f135dfc2c528
When a KeyMint VTS exercises optional functionality, where possible
use GTEST_SKIP() when that functionality is absent, so the test
summary includes information about what is present and what isn't.
This should not affect the overall test result.
Test: VtsAidlKeyMintTargetTest
Change-Id: I62d244d2e4ecc67737906009575e64b50450d4c4
If vendor/boot patchlevel is shorter than the expected YYYYMMDD format,
fail properly rather than crashing the VTS test process.
Bug: 201946955
Test: VtsAidlKeyMintTargetTest
Change-Id: Icf3541e1b76675871672edec8590ec1821770acf
Believe that all KeyMint implementations are now in compliance with
the HAL specification and so we can enable the checks that all
generated keys include vendor and boot patchlevel.
Test: VtsAidlKeyMintTargetTest
Change-Id: I99741af308023fe12268e9875e252470fbaaaf9e
There are multiple ways this predicate can fail, so add some logging
statements when errors occur so that tests are easier to debug.
Test: VtsAidlKeyMintTargetTest
Change-Id: I49ec12271bdebeab3aa6b9c7ae5d491075b3b649
This alters the HAL documentation to specify that StrongBox must ONLY
support AES 128 and 256 keys.
Bug: 191736606
Test: Read the documentation and confirm that it is clear.
Change-Id: I484d51700df28eb073b7928b6dc7a3b52c59caee
This makes sure that when developers add a new version of an interface,
or when interfaces are being frozen, the runtime/buildtime situation of
clients depending on those interfaces remains the same. This is required
for AIDL to continue working at scale.
Bug: 188871598
Test: build
Change-Id: I358c19c91e8b20d47967aa3b26a8aa5dd6a97ab6
This reverts commit eb8b0577e8.
Reason for revert: Broke a different TEE implementation
Bug: 196922051
Change-Id: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
Merged-In: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
Test was producing an invalid set of parameters in a different way than
intended.
Bug: 197222749
Test: VtsAidlKeyMintTargetTest
Change-Id: I07f706fec81d91e8eee9c0561428142559c54f12
Test failed to set default key validity, which caused keygen to fail.
Wasn't noticed because this test is typically disarmed.
Note: This test will destroy all user data on the device (which is
why it is typically disarmed).
Bug: 187105270
Test: VtsAidlKeyMintTargetTest --arm_deleteAllKeys
Change-Id: I67e317fdfca15c95c6420918948d1416e97de482
Merged-In: I67e317fdfca15c95c6420918948d1416e97de482
This change clarifies the language to specify that StrongBox devices
must only support key sizes of 128 and 256. Additionally, it changes the
new AesInvalidKeySize test to only enforce against StrongBox instances
on devices that launch on S or later, not previously launched devices.
Ignore-AOSP-First: CP to AOSP
Bug: 191736606
Test: Test passes on a StrongBox enabled device
Change-Id: I1a27a0d61e5247ad90c8f5b1423f2a1567016bac
