Merge "Revert "audio: Do not use StreamSwitcher for StreamRemoteSubmix"" into main
diff --git a/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp b/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp
index fcf1649..4d90058 100644
--- a/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp
+++ b/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp
@@ -72,11 +72,9 @@
static constexpr uint8_t kMinLeResolvingListForBt5 = 8;
static constexpr size_t kNumHciCommandsBandwidth = 100;
-static constexpr size_t kNumScoPacketsBandwidth = 100;
static constexpr size_t kNumAclPacketsBandwidth = 100;
static constexpr std::chrono::milliseconds kWaitForInitTimeout(2000);
static constexpr std::chrono::milliseconds kWaitForHciEventTimeout(2000);
-static constexpr std::chrono::milliseconds kWaitForScoDataTimeout(1000);
static constexpr std::chrono::milliseconds kWaitForAclDataTimeout(1000);
static constexpr std::chrono::milliseconds kInterfaceCloseDelayMs(200);
@@ -216,7 +214,6 @@
// Functions called from within tests in loopback mode
void sendAndCheckHci(int num_packets);
- void sendAndCheckSco(int num_packets, size_t size, uint16_t handle);
void sendAndCheckAcl(int num_packets, size_t size, uint16_t handle);
// Helper functions to try to get a handle on verbosity
@@ -563,38 +560,6 @@
logger.setTotalBytes(command_size * num_packets * 2);
}
-// Send a SCO data packet (in Loopback mode) and check the response.
-void BluetoothAidlTest::sendAndCheckSco(int num_packets, size_t size,
- uint16_t handle) {
- ThroughputLogger logger{__func__};
- for (int n = 0; n < num_packets; n++) {
- // Send a SCO packet
- std::vector<uint8_t> sco_packet;
- std::vector<uint8_t> payload;
- for (size_t i = 0; i < size; i++) {
- payload.push_back(static_cast<uint8_t>(i + n));
- }
- ::bluetooth::packet::BitInserter bi{sco_packet};
- ::bluetooth::hci::ScoBuilder::Create(
- handle, ::bluetooth::hci::PacketStatusFlag::CORRECTLY_RECEIVED, payload)
- ->Serialize(bi);
- hci->sendScoData(sco_packet);
-
- // Check the loopback of the SCO packet
- std::vector<uint8_t> sco_loopback;
- ASSERT_TRUE(
- sco_queue.tryPopWithTimeout(sco_loopback, kWaitForScoDataTimeout));
-
- if (sco_loopback.size() < size) {
- // The packets may have been split for USB. Reassemble before checking.
- reassemble_sco_loopback_pkt(sco_loopback, size);
- }
-
- ASSERT_EQ(sco_packet, sco_loopback);
- }
- logger.setTotalBytes(num_packets * size * 2);
-}
-
// Send an ACL data packet (in Loopback mode) and check the response.
void BluetoothAidlTest::sendAndCheckAcl(int num_packets, size_t size,
uint16_t handle) {
@@ -724,22 +689,6 @@
wait_for_command_complete_event(view.GetOpCode(), cmd_complete));
}
-// Handle the loopback packet.
-void BluetoothAidlTest::reassemble_sco_loopback_pkt(std::vector<uint8_t>& scoPackets,
- size_t size) {
- std::vector<uint8_t> sco_packet_whole;
- sco_packet_whole.assign(scoPackets.begin(), scoPackets.end());
- while (size + 3 > sco_packet_whole.size()) {
- std::vector<uint8_t> sco_packets;
- ASSERT_TRUE(
- sco_queue.tryPopWithTimeout(sco_packets, kWaitForScoDataTimeout));
- sco_packet_whole.insert(sco_packet_whole.end(), sco_packets.begin() + 3,
- sco_packets.end());
- }
- scoPackets.assign(sco_packet_whole.begin(), sco_packet_whole.end());
- scoPackets[2] = size;
-}
-
// Empty test: Initialize()/Close() are called in SetUp()/TearDown().
TEST_P(BluetoothAidlTest, InitializeAndClose) {}
@@ -829,26 +778,6 @@
sendAndCheckHci(1);
}
-// Enter loopback mode and send a single SCO packet.
-TEST_P(BluetoothAidlTest, LoopbackModeSingleSco) {
- setBufferSizes();
- setSynchronousFlowControlEnable();
-
- enterLoopbackMode();
-
- if (!sco_connection_handles.empty()) {
- ASSERT_LT(0, max_sco_data_packet_length);
- sendAndCheckSco(1, max_sco_data_packet_length, sco_connection_handles[0]);
- int sco_packets_sent = 1;
- int completed_packets =
- wait_for_completed_packets_event(sco_connection_handles[0]);
- if (sco_packets_sent != completed_packets) {
- ALOGW("%s: packets_sent (%d) != completed_packets (%d)", __func__,
- sco_packets_sent, completed_packets);
- }
- }
-}
-
// Enter loopback mode and send a single ACL packet.
TEST_P(BluetoothAidlTest, LoopbackModeSingleAcl) {
setBufferSizes();
@@ -879,27 +808,6 @@
sendAndCheckHci(kNumHciCommandsBandwidth);
}
-// Enter loopback mode and send SCO packets for bandwidth measurements.
-TEST_P(BluetoothAidlTest, LoopbackModeScoBandwidth) {
- setBufferSizes();
- setSynchronousFlowControlEnable();
-
- enterLoopbackMode();
-
- if (!sco_connection_handles.empty()) {
- ASSERT_LT(0, max_sco_data_packet_length);
- sendAndCheckSco(kNumScoPacketsBandwidth, max_sco_data_packet_length,
- sco_connection_handles[0]);
- int sco_packets_sent = kNumScoPacketsBandwidth;
- int completed_packets =
- wait_for_completed_packets_event(sco_connection_handles[0]);
- if (sco_packets_sent != completed_packets) {
- ALOGW("%s: packets_sent (%d) != completed_packets (%d)", __func__,
- sco_packets_sent, completed_packets);
- }
- }
-}
-
// Enter loopback mode and send packets for ACL bandwidth measurements.
TEST_P(BluetoothAidlTest, LoopbackModeAclBandwidth) {
setBufferSizes();
diff --git a/compatibility_matrices/Android.bp b/compatibility_matrices/Android.bp
index df5e5b1..825c931 100644
--- a/compatibility_matrices/Android.bp
+++ b/compatibility_matrices/Android.bp
@@ -147,6 +147,6 @@
stem: "compatibility_matrix.202504.xml",
srcs: ["compatibility_matrix.202504.xml"],
kernel_configs: [
- "kernel_config_w_6.next",
+ "kernel_config_w_6.12",
],
}
diff --git a/drm/1.0/vts/functional/Android.bp b/drm/1.0/vts/functional/Android.bp
index e0c6fa5..73612df 100644
--- a/drm/1.0/vts/functional/Android.bp
+++ b/drm/1.0/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_media_drm",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/drm/1.1/vts/functional/Android.bp b/drm/1.1/vts/functional/Android.bp
index b539fa2..aeb0443 100644
--- a/drm/1.1/vts/functional/Android.bp
+++ b/drm/1.1/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_media_drm",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/drm/1.2/vts/functional/Android.bp b/drm/1.2/vts/functional/Android.bp
index 9ceb1a3..f6fb528 100644
--- a/drm/1.2/vts/functional/Android.bp
+++ b/drm/1.2/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_media_drm",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/drm/1.3/vts/functional/Android.bp b/drm/1.3/vts/functional/Android.bp
index 3db23e3..a9ebd80 100644
--- a/drm/1.3/vts/functional/Android.bp
+++ b/drm/1.3/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_media_drm",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/drm/1.4/vts/functional/Android.bp b/drm/1.4/vts/functional/Android.bp
index 89edab7..0662a0f 100644
--- a/drm/1.4/vts/functional/Android.bp
+++ b/drm/1.4/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_media_drm",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/drm/aidl/vts/Android.bp b/drm/aidl/vts/Android.bp
index 5139036..e813bd1 100644
--- a/drm/aidl/vts/Android.bp
+++ b/drm/aidl/vts/Android.bp
@@ -14,6 +14,7 @@
// limitations under the License.
//
package {
+ default_team: "trendy_team_android_media_drm",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/gnss/1.0/vts/functional/Android.bp b/gnss/1.0/vts/functional/Android.bp
index f27732a..b1093a6 100644
--- a/gnss/1.0/vts/functional/Android.bp
+++ b/gnss/1.0/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_location_time",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/gnss/1.1/vts/functional/Android.bp b/gnss/1.1/vts/functional/Android.bp
index f9fcbf1..65c752c 100644
--- a/gnss/1.1/vts/functional/Android.bp
+++ b/gnss/1.1/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_location_time",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/gnss/2.0/vts/functional/Android.bp b/gnss/2.0/vts/functional/Android.bp
index 0b54308..4ca3063 100644
--- a/gnss/2.0/vts/functional/Android.bp
+++ b/gnss/2.0/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_location_time",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/gnss/2.1/vts/functional/Android.bp b/gnss/2.1/vts/functional/Android.bp
index 9906b27..af66037 100644
--- a/gnss/2.1/vts/functional/Android.bp
+++ b/gnss/2.1/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_location_time",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/gnss/aidl/vts/Android.bp b/gnss/aidl/vts/Android.bp
index fd1d853..2bd6f07 100644
--- a/gnss/aidl/vts/Android.bp
+++ b/gnss/aidl/vts/Android.bp
@@ -13,6 +13,7 @@
// limitations under the License.
package {
+ default_team: "trendy_team_location_time",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/graphics/common/aidl/Android.bp b/graphics/common/aidl/Android.bp
index c28da4c..3c75d7b 100644
--- a/graphics/common/aidl/Android.bp
+++ b/graphics/common/aidl/Android.bp
@@ -43,7 +43,7 @@
enabled: true,
},
},
- frozen: true,
+ frozen: false,
versions_with_info: [
{
version: "1",
diff --git a/graphics/common/aidl/aidl_api/android.hardware.graphics.common/current/android/hardware/graphics/common/PixelFormat.aidl b/graphics/common/aidl/aidl_api/android.hardware.graphics.common/current/android/hardware/graphics/common/PixelFormat.aidl
index ed84a44..54a9d8d 100644
--- a/graphics/common/aidl/aidl_api/android.hardware.graphics.common/current/android/hardware/graphics/common/PixelFormat.aidl
+++ b/graphics/common/aidl/aidl_api/android.hardware.graphics.common/current/android/hardware/graphics/common/PixelFormat.aidl
@@ -68,4 +68,5 @@
R_16_UINT = 0x39,
RG_1616_UINT = 0x3a,
RGBA_10101010 = 0x3b,
+ YCBCR_P210 = 0x3c,
}
diff --git a/graphics/common/aidl/android/hardware/graphics/common/PixelFormat.aidl b/graphics/common/aidl/android/hardware/graphics/common/PixelFormat.aidl
index 1117504..55be4d2 100644
--- a/graphics/common/aidl/android/hardware/graphics/common/PixelFormat.aidl
+++ b/graphics/common/aidl/android/hardware/graphics/common/PixelFormat.aidl
@@ -531,4 +531,26 @@
* interpretation is defined by the dataspace.
*/
RGBA_10101010 = 0x3b,
+
+ /**
+ * YCBCR_P210 is a 4:2:2 YCbCr semiplanar format comprised of a WxH Y plane
+ * followed by a WxH CbCr plane. Each sample is represented by a 16-bit
+ * little-endian value, with the lower 6 bits set to zero.
+ *
+ * This format must be accepted by the allocator when used with the
+ * following usage flags:
+ *
+ * - BufferUsage::VIDEO_*
+ * - BufferUsage::CPU_*
+ * - BufferUsage::GPU_TEXTURE
+ *
+ * The component values are unsigned normalized to the range [0, 1], whose
+ * interpretation is defined by the dataspace.
+ *
+ * This format is appropriate for 10bit video content.
+ *
+ * Buffers with this format must be locked with IMapper::lockYCbCr
+ * or with IMapper::lock.
+ */
+ YCBCR_P210 = 0x3c,
}
diff --git a/secure_element/1.0/vts/functional/Android.bp b/secure_element/1.0/vts/functional/Android.bp
index 735d7c9..25ce050 100644
--- a/secure_element/1.0/vts/functional/Android.bp
+++ b/secure_element/1.0/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_pixel_connectivity_nfc",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/secure_element/1.1/vts/functional/Android.bp b/secure_element/1.1/vts/functional/Android.bp
index d63e7c4..ad7f97c 100644
--- a/secure_element/1.1/vts/functional/Android.bp
+++ b/secure_element/1.1/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_pixel_connectivity_nfc",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/secure_element/1.2/vts/functional/Android.bp b/secure_element/1.2/vts/functional/Android.bp
index 63a0a19..5a01851 100644
--- a/secure_element/1.2/vts/functional/Android.bp
+++ b/secure_element/1.2/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_pixel_connectivity_nfc",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/secure_element/aidl/Android.bp b/secure_element/aidl/Android.bp
index 655487d..1145305 100644
--- a/secure_element/aidl/Android.bp
+++ b/secure_element/aidl/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_pixel_connectivity_nfc",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/security/keymint/support/fuzzer/keymint_remote_prov_fuzzer.cpp b/security/keymint/support/fuzzer/keymint_remote_prov_fuzzer.cpp
index 6bd986c..9b74fbb 100644
--- a/security/keymint/support/fuzzer/keymint_remote_prov_fuzzer.cpp
+++ b/security/keymint/support/fuzzer/keymint_remote_prov_fuzzer.cpp
@@ -79,9 +79,13 @@
while (mFdp.remaining_bytes()) {
auto invokeProvAPI = mFdp.PickValueInArray<const std::function<void()>>({
- [&]() { verifyFactoryCsr(cborKeysToSign, csr, gRPC.get(), challenge); },
- [&]() { verifyProductionCsr(cborKeysToSign, csr, gRPC.get(), challenge); },
- [&]() { isCsrWithProperDiceChain(csr); },
+ [&]() {
+ verifyFactoryCsr(cborKeysToSign, csr, gRPC.get(), kServiceName, challenge);
+ },
+ [&]() {
+ verifyProductionCsr(cborKeysToSign, csr, gRPC.get(), kServiceName, challenge);
+ },
+ [&]() { isCsrWithProperDiceChain(csr, kServiceName); },
});
invokeProvAPI();
}
diff --git a/security/keymint/support/include/remote_prov/remote_prov_utils.h b/security/keymint/support/include/remote_prov/remote_prov_utils.h
index 141f243..b56c90a 100644
--- a/security/keymint/support/include/remote_prov/remote_prov_utils.h
+++ b/security/keymint/support/include/remote_prov/remote_prov_utils.h
@@ -89,6 +89,11 @@
*/
bytevec randomBytes(size_t numBytes);
+const std::string DEFAULT_INSTANCE_NAME =
+ "android.hardware.security.keymint.IRemotelyProvisionedComponent/default";
+const std::string RKPVM_INSTANCE_NAME =
+ "android.hardware.security.keymint.IRemotelyProvisionedComponent/avf";
+
struct EekChain {
bytevec chain;
bytevec last_pubkey;
@@ -160,7 +165,8 @@
const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge);
+ IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+ const std::vector<uint8_t>& challenge);
/**
* Verify the protected data as if the device is a final production sample.
*/
@@ -168,8 +174,8 @@
const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
- bool allowAnyMode = false);
+ IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+ const std::vector<uint8_t>& challenge, bool allowAnyMode = false);
/**
* Verify the CSR as if the device is still early in the factory process and may not
@@ -177,22 +183,24 @@
*/
ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyFactoryCsr(
const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
- bool allowDegenerate = true);
+ IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+ const std::vector<uint8_t>& challenge, bool allowDegenerate = true);
/**
* Verify the CSR as if the device is a final production sample.
*/
ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyProductionCsr(
const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
- bool allowAnyMode = false);
+ IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+ const std::vector<uint8_t>& challenge, bool allowAnyMode = false);
/** Checks whether the CSR has a proper DICE chain. */
-ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& csr);
+ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& csr,
+ const std::string& instanceName);
/** Verify the DICE chain. */
ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc,
hwtrust::DiceChain::Kind kind, bool allowAnyMode,
- bool allowDegenerate);
+ bool allowDegenerate,
+ const std::string& instanceName);
} // namespace aidl::android::hardware::security::keymint::remote_prov
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index a679340..497f478 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -52,6 +52,14 @@
using X509_Ptr = bssl::UniquePtr<X509>;
using CRYPTO_BUFFER_Ptr = bssl::UniquePtr<CRYPTO_BUFFER>;
+std::string device_suffix(const std::string& name) {
+ size_t pos = name.find('/');
+ if (pos == std::string::npos) {
+ return name;
+ }
+ return name.substr(pos + 1);
+}
+
ErrMsgOr<bytevec> ecKeyGetPrivateKey(const EC_KEY* ecKey) {
// Extract private key.
const BIGNUM* bignum = EC_KEY_get0_private_key(ecKey);
@@ -325,7 +333,8 @@
ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc,
hwtrust::DiceChain::Kind kind, bool allowAnyMode,
- bool allowDegenerate) {
+ bool allowDegenerate,
+ const std::string& instanceName) {
auto encodedBcc = bcc->encode();
// Use ro.build.type instead of ro.debuggable because ro.debuggable=1 for VTS testing
@@ -334,7 +343,8 @@
allowAnyMode = true;
}
- auto chain = hwtrust::DiceChain::Verify(encodedBcc, kind, allowAnyMode);
+ auto chain =
+ hwtrust::DiceChain::Verify(encodedBcc, kind, allowAnyMode, device_suffix(instanceName));
if (!chain.ok()) return chain.error().message();
if (!allowDegenerate && !chain->IsProper()) {
@@ -649,8 +659,8 @@
const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
- bool isFactory, bool allowAnyMode = false) {
+ IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+ const std::vector<uint8_t>& challenge, bool isFactory, bool allowAnyMode = false) {
auto [parsedProtectedData, _, protDataErrMsg] = cppbor::parse(protectedData.protectedData);
if (!parsedProtectedData) {
return protDataErrMsg;
@@ -707,7 +717,7 @@
// BCC is [ pubkey, + BccEntry]
auto bccContents = validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kVsr13, allowAnyMode,
- /*allowDegenerate=*/true);
+ /*allowDegenerate=*/true, instanceName);
if (!bccContents) {
return bccContents.message() + "\n" + prettyPrint(bcc.get());
}
@@ -750,9 +760,10 @@
const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge) {
+ IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+ const std::vector<uint8_t>& challenge) {
return verifyProtectedData(deviceInfo, keysToSign, keysToSignMac, protectedData, eekChain,
- eekId, supportedEekCurve, provisionable, challenge,
+ eekId, supportedEekCurve, provisionable, instanceName, challenge,
/*isFactory=*/true);
}
@@ -760,10 +771,10 @@
const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
- bool allowAnyMode) {
+ IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+ const std::vector<uint8_t>& challenge, bool allowAnyMode) {
return verifyProtectedData(deviceInfo, keysToSign, keysToSignMac, protectedData, eekChain,
- eekId, supportedEekCurve, provisionable, challenge,
+ eekId, supportedEekCurve, provisionable, instanceName, challenge,
/*isFactory=*/false, allowAnyMode);
}
@@ -1003,6 +1014,7 @@
ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequest(const std::vector<uint8_t>& request,
const std::vector<uint8_t>& challenge,
+ const std::string& instanceName,
bool allowAnyMode = false,
bool allowDegenerate = true) {
auto [parsedRequest, _, csrErrMsg] = cppbor::parse(request);
@@ -1042,7 +1054,8 @@
return diceChainKind.message();
}
- auto diceContents = validateBcc(diceCertChain, *diceChainKind, allowAnyMode, allowDegenerate);
+ auto diceContents =
+ validateBcc(diceCertChain, *diceChainKind, allowAnyMode, allowDegenerate, instanceName);
if (!diceContents) {
return diceContents.message() + "\n" + prettyPrint(diceCertChain);
}
@@ -1071,6 +1084,7 @@
ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyCsr(const cppbor::Array& keysToSign,
const std::vector<uint8_t>& csr,
IRemotelyProvisionedComponent* provisionable,
+ const std::string& instanceName,
const std::vector<uint8_t>& challenge,
bool isFactory, bool allowAnyMode = false,
bool allowDegenerate = true) {
@@ -1081,8 +1095,8 @@
") does not match expected version (3).";
}
- auto csrPayload =
- parseAndValidateAuthenticatedRequest(csr, challenge, allowAnyMode, allowDegenerate);
+ auto csrPayload = parseAndValidateAuthenticatedRequest(csr, challenge, instanceName,
+ allowAnyMode, allowDegenerate);
if (!csrPayload) {
return csrPayload.message();
}
@@ -1092,20 +1106,22 @@
ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyFactoryCsr(
const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
- bool allowDegenerate) {
- return verifyCsr(keysToSign, csr, provisionable, challenge, /*isFactory=*/true,
+ IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+ const std::vector<uint8_t>& challenge, bool allowDegenerate) {
+ return verifyCsr(keysToSign, csr, provisionable, instanceName, challenge, /*isFactory=*/true,
/*allowAnyMode=*/false, allowDegenerate);
}
ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyProductionCsr(
const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
- bool allowAnyMode) {
- return verifyCsr(keysToSign, csr, provisionable, challenge, /*isFactory=*/false, allowAnyMode);
+ IRemotelyProvisionedComponent* provisionable, const std::string& instanceName,
+ const std::vector<uint8_t>& challenge, bool allowAnyMode) {
+ return verifyCsr(keysToSign, csr, provisionable, instanceName, challenge, /*isFactory=*/false,
+ allowAnyMode);
}
-ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& csr) {
+ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& csr,
+ const std::string& instanceName) {
auto [parsedRequest, _, csrErrMsg] = cppbor::parse(csr);
if (!parsedRequest) {
return csrErrMsg;
@@ -1136,8 +1152,8 @@
}
auto encodedDiceChain = diceCertChain->encode();
- auto chain =
- hwtrust::DiceChain::Verify(encodedDiceChain, *diceChainKind, /*allowAnyMode=*/false);
+ auto chain = hwtrust::DiceChain::Verify(encodedDiceChain, *diceChainKind,
+ /*allowAnyMode=*/false, device_suffix(instanceName));
if (!chain.ok()) return chain.error().message();
return chain->IsProper();
}
diff --git a/security/keymint/support/remote_prov_utils_test.cpp b/security/keymint/support/remote_prov_utils_test.cpp
index 82121cb..8b18b29 100644
--- a/security/keymint/support/remote_prov_utils_test.cpp
+++ b/security/keymint/support/remote_prov_utils_test.cpp
@@ -298,9 +298,11 @@
ASSERT_TRUE(bcc) << "Error: " << errMsg;
EXPECT_TRUE(validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kVsr16,
- /*allowAnyMode=*/false, /*allowDegenerate=*/true));
+ /*allowAnyMode=*/false, /*allowDegenerate=*/true,
+ DEFAULT_INSTANCE_NAME));
EXPECT_FALSE(validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kVsr16,
- /*allowAnyMode=*/false, /*allowDegenerate=*/false));
+ /*allowAnyMode=*/false, /*allowDegenerate=*/false,
+ DEFAULT_INSTANCE_NAME));
}
} // namespace
} // namespace aidl::android::hardware::security::keymint::remote_prov
diff --git a/security/rkp/README.md b/security/rkp/README.md
index 67cf72e..43a00fb 100644
--- a/security/rkp/README.md
+++ b/security/rkp/README.md
@@ -31,12 +31,13 @@
1. (Preferred, recommended) The device OEM extracts the UDS\_pub from each
device they manufacture and uploads the public keys to a backend server.
-1. The device OEM signs the UDS\_pub and stores the certificates on the device
- rather than uploading a UDS\_pub for every device immediately. However,
- there are many disadvantages and costs associated with this option as the
- OEM will need to pass a security audit of their factory's physical security,
- CA and HSM configuration, and incident response processes before the OEM's
- public key is registered with the provisioning server.
+1. The device OEM certifies the UDS\_pub using an x.509 certificate chain
+ then stores the chain on the device rather than uploading a UDS\_pub for
+ every device immediately. However, there are many disadvantages and costs
+ associated with this option as the OEM will need to pass a security audit
+ of their factory's physical security, CA and HSM configuration, and
+ incident response processes before the OEM's public key is registered with
+ the provisioning server.
Note that in the full elaboration of this plan, UDS\_pub is not the key used to
sign certificate requests. Instead, UDS\_pub is just the first public key in a
@@ -124,6 +125,53 @@
choice for algorithm implies the implementor should also choose the P256 public
key group further down in the COSE structure.
+## UDS certificates
+
+As noted in the section [General approach](#general-approach), the UDS\_pub may
+be authenticated by an OEM using an x.509 certificate chain. Additionally,
+[RKP Phase 3](#phases) depends on the chip vendor signing the UDS\_pub and
+issuing an x.509 certificate chain. This section describes the requirements for
+both the signing keys and the resulting certificate chain.
+
+### X.509 Certificates
+
+X.509v3 public key certificates are the only supported mechanism for
+authenticating a UDS\_pub. Certificates must be formatted according to
+[RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280), and certificate
+chains must satisfy the certificate path validation described in the RFC. RFC
+5280 covers most requirements for the chain, but this specification has some
+additional requirements that must be met for the certificates:
+
+* [`BasicConstraints`](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9)
+ * All CA certificates must include this as a critical extension.
+ * `pathLenConstraint` must be set correctly in each CA certificate to
+ limit the maximum chain length.
+ * `cA` must be set to true for all certificates except the leaf
+ certificate.
+ * `BasicConstraints` must be absent for the leaf/UDS certificate.
+ * Consider the chain `root -> intermediate -> UDS_pub`. In such a chain,
+ `BasicConstraints` must be:
+ * `{ cA: TRUE, pathLenConstraint: 1}` for the root certificate
+ * `{ cA: TRUE, pathLenConstraint: 0}` for the intermediate certificate
+ * Absent for the UDS certificate
+* [`KeyUsage`](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3)
+ * All certificates in a UDS certificate chain must include this as a
+ critical extension.
+ * CA certificates must set `KeyUsage` to only `keyCertSign`.
+ * The UDS certificate must set `KeyUsage` to only `digitalSignature`.
+
+### Supported Algorithms
+
+UDS certificates must be signed using one of the following allowed algorithms:
+
+* `ecdsa-with-SHA256`
+ ([RFC 5758](https://www.rfc-editor.org/rfc/rfc5758#section-3.2))
+ * Note: this algorithm is only usable with ECDSA P-256 keys
+* `ecdsa-with-SHA384`
+ ([RFC 5758](https://www.rfc-editor.org/rfc/rfc5758#section-3.2))
+ * Note: this algorithm is only usable with ECDSA P-384 keys
+* `id-Ed25519` ([RFC 8410](https://www.rfc-editor.org/rfc/rfc8410#section-3))
+
## Design
### Certificate provisioning flow
diff --git a/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl b/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
index 7a02ff5..c519086 100644
--- a/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
+++ b/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
@@ -52,7 +52,8 @@
; example, this could be provided by the hardware vendor, who certifies all of their chips.
; The SignerName is a free-form string describing who generated the signature. The root
; certificate will need to be communicated to the verifier out of band, along with the
-; SignerName that is expected for the given root certificate.
+; SignerName that is expected for the given root certificate. UDS certificate
+; requirements are defined in https://android.googlesource.com/platform/hardware/interfaces/+/main/security/rkp/README.md#uds-certificates.
UdsCerts = {
* SignerName => UdsCertChain
}
diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index f68ff91..8f918af 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -55,10 +55,7 @@
constexpr uint8_t MIN_CHALLENGE_SIZE = 0;
constexpr uint8_t MAX_CHALLENGE_SIZE = 64;
-const string DEFAULT_INSTANCE_NAME =
- "android.hardware.security.keymint.IRemotelyProvisionedComponent/default";
-const string RKP_VM_INSTANCE_NAME =
- "android.hardware.security.keymint.IRemotelyProvisionedComponent/avf";
+
const string KEYMINT_STRONGBOX_INSTANCE_NAME =
"android.hardware.security.keymint.IKeyMintDevice/strongbox";
@@ -188,7 +185,7 @@
}
ASSERT_NE(provisionable_, nullptr);
auto status = provisionable_->getHardwareInfo(&rpcHardwareInfo);
- isRkpVmInstance_ = GetParam() == RKP_VM_INSTANCE_NAME;
+ isRkpVmInstance_ = GetParam() == RKPVM_INSTANCE_NAME;
if (isRkpVmInstance_) {
if (status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) {
GTEST_SKIP() << "The RKP VM is not supported on this system.";
@@ -227,7 +224,7 @@
RpcHardwareInfo hwInfo;
auto status = rpc->getHardwareInfo(&hwInfo);
- if (hal == RKP_VM_INSTANCE_NAME && status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) {
+ if (hal == RKPVM_INSTANCE_NAME && status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) {
GTEST_SKIP() << "The RKP VM is not supported on this system.";
}
ASSERT_TRUE(status.isOk());
@@ -268,7 +265,7 @@
auto status = rpc->generateCertificateRequestV2({} /* keysToSign */, challenge, &csr);
EXPECT_TRUE(status.isOk()) << status.getDescription();
- auto result = isCsrWithProperDiceChain(csr);
+ auto result = isCsrWithProperDiceChain(csr, DEFAULT_INSTANCE_NAME);
ASSERT_TRUE(result) << result.message();
ASSERT_TRUE(*result);
}
@@ -494,7 +491,7 @@
auto result = verifyProductionProtectedData(
deviceInfo, cppbor::Array(), keysToSignMac, protectedData, testEekChain_, eekId_,
- rpcHardwareInfo.supportedEekCurve, provisionable_.get(), challenge_);
+ rpcHardwareInfo.supportedEekCurve, provisionable_.get(), GetParam(), challenge_);
ASSERT_TRUE(result) << result.message();
}
}
@@ -517,9 +514,10 @@
&protectedData, &keysToSignMac);
ASSERT_TRUE(status.isOk()) << status.getDescription();
- auto firstBcc = verifyProductionProtectedData(
- deviceInfo, /*keysToSign=*/cppbor::Array(), keysToSignMac, protectedData, testEekChain_,
- eekId_, rpcHardwareInfo.supportedEekCurve, provisionable_.get(), challenge_);
+ auto firstBcc = verifyProductionProtectedData(deviceInfo, /*keysToSign=*/cppbor::Array(),
+ keysToSignMac, protectedData, testEekChain_,
+ eekId_, rpcHardwareInfo.supportedEekCurve,
+ provisionable_.get(), GetParam(), challenge_);
ASSERT_TRUE(firstBcc) << firstBcc.message();
status = provisionable_->generateCertificateRequest(
@@ -527,9 +525,10 @@
&protectedData, &keysToSignMac);
ASSERT_TRUE(status.isOk()) << status.getDescription();
- auto secondBcc = verifyProductionProtectedData(
- deviceInfo, /*keysToSign=*/cppbor::Array(), keysToSignMac, protectedData, testEekChain_,
- eekId_, rpcHardwareInfo.supportedEekCurve, provisionable_.get(), challenge_);
+ auto secondBcc = verifyProductionProtectedData(deviceInfo, /*keysToSign=*/cppbor::Array(),
+ keysToSignMac, protectedData, testEekChain_,
+ eekId_, rpcHardwareInfo.supportedEekCurve,
+ provisionable_.get(), GetParam(), challenge_);
ASSERT_TRUE(secondBcc) << secondBcc.message();
// Verify that none of the keys in the first BCC are repeated in the second one.
@@ -579,7 +578,7 @@
auto result = verifyProductionProtectedData(
deviceInfo, cborKeysToSign_, keysToSignMac, protectedData, testEekChain_, eekId_,
- rpcHardwareInfo.supportedEekCurve, provisionable_.get(), challenge_);
+ rpcHardwareInfo.supportedEekCurve, provisionable_.get(), GetParam(), challenge_);
ASSERT_TRUE(result) << result.message();
}
}
@@ -767,8 +766,8 @@
provisionable_->generateCertificateRequestV2({} /* keysToSign */, challenge, &csr);
ASSERT_TRUE(status.isOk()) << status.getDescription();
- auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), challenge,
- isRkpVmInstance_);
+ auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), GetParam(),
+ challenge, isRkpVmInstance_);
ASSERT_TRUE(result) << result.message();
}
}
@@ -789,8 +788,8 @@
auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge, &csr);
ASSERT_TRUE(status.isOk()) << status.getDescription();
- auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge,
- isRkpVmInstance_);
+ auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), GetParam(),
+ challenge, isRkpVmInstance_);
ASSERT_TRUE(result) << result.message();
}
}
@@ -820,15 +819,15 @@
auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
ASSERT_TRUE(status.isOk()) << status.getDescription();
- auto firstCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_,
- isRkpVmInstance_);
+ auto firstCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), GetParam(),
+ challenge_, isRkpVmInstance_);
ASSERT_TRUE(firstCsr) << firstCsr.message();
status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
ASSERT_TRUE(status.isOk()) << status.getDescription();
- auto secondCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_,
- isRkpVmInstance_);
+ auto secondCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), GetParam(),
+ challenge_, isRkpVmInstance_);
ASSERT_TRUE(secondCsr) << secondCsr.message();
ASSERT_EQ(**firstCsr, **secondCsr);
@@ -846,8 +845,8 @@
auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
ASSERT_TRUE(status.isOk()) << status.getDescription();
- auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_,
- isRkpVmInstance_);
+ auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), GetParam(),
+ challenge_, isRkpVmInstance_);
ASSERT_TRUE(result) << result.message();
}
@@ -977,7 +976,8 @@
provisionable_->generateCertificateRequestV2({} /* keysToSign */, challenge_, &csr);
ASSERT_TRUE(irpcStatus.isOk()) << irpcStatus.getDescription();
- auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), challenge_);
+ auto result =
+ verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), GetParam(), challenge_);
ASSERT_TRUE(result) << result.message();
std::unique_ptr<cppbor::Array> csrPayload = std::move(*result);
diff --git a/soundtrigger/2.0/vts/functional/Android.bp b/soundtrigger/2.0/vts/functional/Android.bp
index 403fa9b..dde1aa1 100644
--- a/soundtrigger/2.0/vts/functional/Android.bp
+++ b/soundtrigger/2.0/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_media_audio_framework",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/soundtrigger/2.1/vts/functional/Android.bp b/soundtrigger/2.1/vts/functional/Android.bp
index b013350..3e475e6 100644
--- a/soundtrigger/2.1/vts/functional/Android.bp
+++ b/soundtrigger/2.1/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_media_audio_framework",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/soundtrigger/2.2/vts/functional/Android.bp b/soundtrigger/2.2/vts/functional/Android.bp
index faf6d58..3502545 100644
--- a/soundtrigger/2.2/vts/functional/Android.bp
+++ b/soundtrigger/2.2/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_media_audio_framework",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/soundtrigger/2.3/vts/functional/Android.bp b/soundtrigger/2.3/vts/functional/Android.bp
index e613db5..23cbe85 100644
--- a/soundtrigger/2.3/vts/functional/Android.bp
+++ b/soundtrigger/2.3/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_media_audio_framework",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"