KeyMint: more warnings around non-secure test impl
Make it clearer that the default implementation is non-secure in
various ways, most notably because the TA code is running in-process
in the HAL service.
Bug: 314513765
Test: VtsAidlKeyMintTargetTest
Change-Id: I83509110c32a4df8df6c0b288d14659e022442ff
diff --git a/security/keymint/aidl/default/Android.bp b/security/keymint/aidl/default/Android.bp
index 0cf53cf..fbb6140 100644
--- a/security/keymint/aidl/default/Android.bp
+++ b/security/keymint/aidl/default/Android.bp
@@ -7,6 +7,13 @@
default_applicable_licenses: ["hardware_interfaces_license"],
}
+// The following target has an insecure implementation of KeyMint where the
+// trusted application (TA) code runs in-process alongside the HAL service
+// code.
+//
+// A real device is required to run the TA code in a secure environment, as
+// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
+// isolated execution environment."
cc_binary {
name: "android.hardware.security.keymint-service",
relative_install_path: "hw",
@@ -46,6 +53,13 @@
],
}
+// The following target has an insecure implementation of KeyMint where the
+// trusted application (TA) code runs in-process alongside the HAL service
+// code.
+//
+// A real device is required to run the TA code in a secure environment, as
+// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
+// isolated execution environment."
rust_binary {
name: "android.hardware.security.keymint-service.nonsecure",
relative_install_path: "hw",
diff --git a/security/keymint/aidl/default/main.rs b/security/keymint/aidl/default/main.rs
index 055c698..47143f4 100644
--- a/security/keymint/aidl/default/main.rs
+++ b/security/keymint/aidl/default/main.rs
@@ -17,11 +17,15 @@
//! Default implementation of the KeyMint HAL and related HALs.
//!
//! This implementation of the HAL is only intended to allow testing and policy compliance. A real
-//! implementation **must be implemented in a secure environment**.
+//! implementation **must implement the TA in a secure environment**, as per CDD 9.11 [C-1-1]:
+//! "MUST back up the keystore implementation with an isolated execution environment."
+//!
+//! The additional device-specific components that are required for a real implementation of KeyMint
+//! that is based on the Rust reference implementation are described in system/keymint/README.md.
use kmr_hal::SerializedChannel;
use kmr_hal_nonsecure::{attestation_id_info, get_boot_info};
-use log::{debug, error, info};
+use log::{debug, error, info, warn};
use std::ops::DerefMut;
use std::sync::{mpsc, Arc, Mutex};
@@ -62,7 +66,7 @@
error!("{}", panic_info);
}));
- info!("Insecure KeyMint HAL service is starting.");
+ warn!("Insecure KeyMint HAL service is starting.");
info!("Starting thread pool now.");
binder::ProcessState::start_thread_pool();