[Description]
1.Add patch to modify rkp_factory_extraction_tool, so
that it can meet TV customer's factory product line.
2.Change the method for
rkp_factory_extraction_tool to get the serial number.
3.Introduce a new input parameter, serialno_prop,
to the function jsonEncodeCsrWithBuild.
4.Use the new property of serialno_prop if it is set,
otherwise defaults to "ro.serialno".
Test:
1.build pass
2.AC on/off pass
3.run "rkp_factory_extraction_tool
--output_format build+csr
--serialno_prop $(customer_prop) > csr.json" pass
4.run "rkp_factory_extraction_tool
--output_format build+csr > csr.json" pass
5.VtsHalRemotelyProvisionedComponentTargetTest pass
6.libkeymint_remote_prov_support_test pass
7.VtsAidlKeyMintTargetTest pass
Bug: 313811996
Change-Id: I8aa83bacab22f0a28bc54aea9e816f75a382ffde
Remove one of the DICE chain validation implementations and replace it
with a call to the libcert_request_validator library which has the most
complete validation and is planned to be the only implementation we
support.
VTS will now check both degenerate and proper DICE chain more completely
and will be consistent with other tools like `bcc_validator`. P-384 will
become a supported key type in the DICE chain.
The whole static library is included so that clients that statically
link remote_prov_utils don't need to be aware of the dependency.
Bug: 254510672
Bug: 265455904
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I067f7e8710e379a4b404ef9d2c04fe6410f73dc4
Conform to the latest CDDL changes. Organize parsing to observe the
AuthenticatedRequest structure.
Return the deserialized CSR payload rather than the DICE chain keys
because it simplified the return types. The return value is only used
by one VTS test that checks sequential CSRs consist of the same request.
The test was incomplete before and it now only looks as the CSR payload
whereas it previously only look at the DICE chain keys.
Bug: 250910137
Test: atest libkeymint_remote_prov_support_test librkp_factory_extraction_test
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I1ba2e0cec22e25312fb890923a4c93043e9046cd
This way, rkp_factory_extraction_tool can reuse the code to perform a
test on the factory line if a partner so chooses.
Test: rkp_factory_extraction_tool --self_test
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Bug: 239839050
Change-Id: I3989ba606750be77f1945a50fe2307a631d19d11
rkp_factory_extraction_tool now reuses the VTS logic for validating the
DeviceInfo. This way, partners doing RKP testing can see locally if they
are getting bad DeviceInfo before they try to upload the data to the
google service.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Test: rkp_factory_extraction_tool
Bug: 239838563
Change-Id: I80fba3e624e1f5ab6da7aac889a0168f7cb8dbe4
We need both the build fingerprint as well as the CSR when uploading
data to the APFE provisioning server. Add a utility function to format
the output as a JSON blob so that it may be easily collected in the
factory in a serialized data format, then later uploaded.
Test: libkeymint_remote_prov_support_test
Test: VtsAidlKeyMintTargetTest
Test: VtsHalRemotelyProvisionedComponentTargetTest
Bug: 191301285
Change-Id: I751c5461876d83251869539f1a395ba13cb5cf84
Include a unit test to verify the GEEK cert chain is valid.
Test: libkeymint_remote_prov_support_test
Bug: 191301285
Change-Id: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
Merged-In: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
This is the change that removes the functionality that has been shifted
over to appropriate classes and contexts in system/keymaster.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I491f4ef823868322ea6a804d88ca09662c099a44
