Merge "Register bluetooth.audio in the audioservice AIDL example" into main
diff --git a/audio/aidl/default/XsdcConversion.cpp b/audio/aidl/default/XsdcConversion.cpp
index 9e30347..1720949 100644
--- a/audio/aidl/default/XsdcConversion.cpp
+++ b/audio/aidl/default/XsdcConversion.cpp
@@ -205,24 +205,28 @@
ConversionResult<AudioIoFlags> convertIoFlagsToAidl(
const std::vector<ap_xsd::AudioInOutFlag>& flags, const ap_xsd::Role role,
bool flagsForMixPort) {
- int flagMask = 0;
+ int legacyFlagMask = 0;
if ((role == ap_xsd::Role::sink && flagsForMixPort) ||
(role == ap_xsd::Role::source && !flagsForMixPort)) {
for (const ap_xsd::AudioInOutFlag& flag : flags) {
audio_input_flags_t legacyFlag;
if (::android::InputFlagConverter::fromString(ap_xsd::toString(flag), legacyFlag)) {
- flagMask |= static_cast<int>(legacyFlag);
+ legacyFlagMask |= static_cast<int>(legacyFlag);
}
}
- return AudioIoFlags::make<AudioIoFlags::Tag::input>(flagMask);
+ return AudioIoFlags::make<AudioIoFlags::Tag::input>(
+ VALUE_OR_FATAL(legacy2aidl_audio_input_flags_t_int32_t_mask(
+ static_cast<audio_input_flags_t>(legacyFlagMask))));
} else {
for (const ap_xsd::AudioInOutFlag& flag : flags) {
audio_output_flags_t legacyFlag;
if (::android::OutputFlagConverter::fromString(ap_xsd::toString(flag), legacyFlag)) {
- flagMask |= static_cast<int>(legacyFlag);
+ legacyFlagMask |= static_cast<int>(legacyFlag);
}
}
- return AudioIoFlags::make<AudioIoFlags::Tag::output>(flagMask);
+ return AudioIoFlags::make<AudioIoFlags::Tag::output>(
+ VALUE_OR_FATAL(legacy2aidl_audio_output_flags_t_int32_t_mask(
+ static_cast<audio_output_flags_t>(legacyFlagMask))));
}
}
diff --git a/audio/aidl/default/acousticEchoCanceler/AcousticEchoCancelerSw.cpp b/audio/aidl/default/acousticEchoCanceler/AcousticEchoCancelerSw.cpp
index 8727232..5e18f1b 100644
--- a/audio/aidl/default/acousticEchoCanceler/AcousticEchoCancelerSw.cpp
+++ b/audio/aidl/default/acousticEchoCanceler/AcousticEchoCancelerSw.cpp
@@ -76,7 +76,7 @@
.proxy = std::nullopt},
.flags = {.type = Flags::Type::PRE_PROC,
.insert = Flags::Insert::FIRST,
- .volume = Flags::Volume::CTRL},
+ .volume = Flags::Volume::NONE},
.name = AcousticEchoCancelerSw::kEffectName,
.implementor = "The Android Open Source Project"},
.capability = AcousticEchoCancelerSw::kCapability};
diff --git a/audio/aidl/default/include/core-impl/StreamPrimary.h b/audio/aidl/default/include/core-impl/StreamPrimary.h
index abc119c..145c3c4 100644
--- a/audio/aidl/default/include/core-impl/StreamPrimary.h
+++ b/audio/aidl/default/include/core-impl/StreamPrimary.h
@@ -27,13 +27,18 @@
public:
StreamPrimary(StreamContext* context, const Metadata& metadata);
+ ::android::status_t start() override;
::android::status_t transfer(void* buffer, size_t frameCount, size_t* actualFrameCount,
int32_t* latencyMs) override;
+ ::android::status_t refinePosition(StreamDescriptor::Position* position) override;
protected:
std::vector<alsa::DeviceProfile> getDeviceProfiles() override;
const bool mIsAsynchronous;
+ long mStartTimeNs = 0;
+ long mFramesSinceStart = 0;
+ bool mSkipNextTransfer = false;
};
class StreamInPrimary final : public StreamIn, public StreamSwitcher, public StreamInHwGainHelper {
diff --git a/audio/aidl/default/noiseSuppression/NoiseSuppressionSw.cpp b/audio/aidl/default/noiseSuppression/NoiseSuppressionSw.cpp
index 99f2caf..a3208df 100644
--- a/audio/aidl/default/noiseSuppression/NoiseSuppressionSw.cpp
+++ b/audio/aidl/default/noiseSuppression/NoiseSuppressionSw.cpp
@@ -67,7 +67,7 @@
.proxy = std::nullopt},
.flags = {.type = Flags::Type::PRE_PROC,
.insert = Flags::Insert::FIRST,
- .volume = Flags::Volume::CTRL},
+ .volume = Flags::Volume::NONE},
.name = NoiseSuppressionSw::kEffectName,
.implementor = "The Android Open Source Project"}};
diff --git a/audio/aidl/default/primary/StreamPrimary.cpp b/audio/aidl/default/primary/StreamPrimary.cpp
index 7e3bdd4..b22ef32 100644
--- a/audio/aidl/default/primary/StreamPrimary.cpp
+++ b/audio/aidl/default/primary/StreamPrimary.cpp
@@ -14,12 +14,11 @@
* limitations under the License.
*/
-#include <chrono>
-
#define LOG_TAG "AHAL_StreamPrimary"
#include <android-base/logging.h>
#include <android-base/properties.h>
#include <audio_utils/clock.h>
+#include <error/Result.h>
#include <error/expected_utils.h>
#include "PrimaryMixer.h"
@@ -43,26 +42,52 @@
context->startStreamDataProcessor();
}
+::android::status_t StreamPrimary::start() {
+ RETURN_STATUS_IF_ERROR(StreamAlsa::start());
+ mStartTimeNs = ::android::uptimeNanos();
+ mFramesSinceStart = 0;
+ mSkipNextTransfer = false;
+ return ::android::OK;
+}
+
::android::status_t StreamPrimary::transfer(void* buffer, size_t frameCount,
size_t* actualFrameCount, int32_t* latencyMs) {
- auto start = std::chrono::steady_clock::now();
- if (auto status = StreamAlsa::transfer(buffer, frameCount, actualFrameCount, latencyMs);
- status != ::android::OK) {
- return status;
- }
// This is a workaround for the emulator implementation which has a host-side buffer
- // and this can result in reading faster than real time.
- if (mIsInput && !mIsAsynchronous) {
- auto recordDurationUs = std::chrono::duration_cast<std::chrono::microseconds>(
- std::chrono::steady_clock::now() - start);
- const long projectedVsObservedOffsetUs =
- *actualFrameCount * MICROS_PER_SECOND / mContext.getSampleRate() -
- recordDurationUs.count();
- if (projectedVsObservedOffsetUs > 0) {
- LOG(VERBOSE) << __func__ << ": sleeping for " << projectedVsObservedOffsetUs << " us";
- usleep(projectedVsObservedOffsetUs);
- }
+ // and is not being able to achieve real-time behavior similar to ADSPs (b/302587331).
+ if (!mSkipNextTransfer) {
+ RETURN_STATUS_IF_ERROR(
+ StreamAlsa::transfer(buffer, frameCount, actualFrameCount, latencyMs));
+ } else {
+ LOG(DEBUG) << __func__ << ": skipping transfer (" << frameCount << " frames)";
+ *actualFrameCount = frameCount;
+ if (mIsInput) memset(buffer, 0, frameCount * mFrameSizeBytes);
+ mSkipNextTransfer = false;
}
+ if (!mIsAsynchronous) {
+ const long bufferDurationUs =
+ (*actualFrameCount) * MICROS_PER_SECOND / mContext.getSampleRate();
+ const auto totalDurationUs =
+ (::android::uptimeNanos() - mStartTimeNs) / NANOS_PER_MICROSECOND;
+ mFramesSinceStart += *actualFrameCount;
+ const long totalOffsetUs =
+ mFramesSinceStart * MICROS_PER_SECOND / mContext.getSampleRate() - totalDurationUs;
+ LOG(VERBOSE) << __func__ << ": totalOffsetUs " << totalOffsetUs;
+ if (totalOffsetUs > 0) {
+ const long sleepTimeUs = std::min(totalOffsetUs, bufferDurationUs);
+ LOG(VERBOSE) << __func__ << ": sleeping for " << sleepTimeUs << " us";
+ usleep(sleepTimeUs);
+ } else {
+ mSkipNextTransfer = true;
+ }
+ } else {
+ LOG(VERBOSE) << __func__ << ": asynchronous transfer";
+ }
+ return ::android::OK;
+}
+
+::android::status_t StreamPrimary::refinePosition(StreamDescriptor::Position*) {
+ // Since not all data is actually sent to the HAL, use the position maintained by Stream class
+ // which accounts for all frames passed from / to the client.
return ::android::OK;
}
diff --git a/audio/aidl/default/visualizer/VisualizerSw.cpp b/audio/aidl/default/visualizer/VisualizerSw.cpp
index 0909f25..285c102 100644
--- a/audio/aidl/default/visualizer/VisualizerSw.cpp
+++ b/audio/aidl/default/visualizer/VisualizerSw.cpp
@@ -73,7 +73,7 @@
.proxy = std::nullopt},
.flags = {.type = Flags::Type::INSERT,
.insert = Flags::Insert::FIRST,
- .volume = Flags::Volume::CTRL},
+ .volume = Flags::Volume::NONE},
.name = VisualizerSw::kEffectName,
.implementor = "The Android Open Source Project"},
.capability = VisualizerSw::kCapability};
diff --git a/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp b/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp
index ca1cea9..aaf9ad4 100644
--- a/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp
+++ b/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp
@@ -596,8 +596,14 @@
Parameter::Id id = Parameter::Id::make<Parameter::Id::commonTag>(Parameter::volumeStereo);
Parameter::VolumeStereo volume = {.left = 10.0, .right = 10.0};
- ASSERT_NO_FATAL_FAILURE(
- setAndGetParameter(id, Parameter::make<Parameter::volumeStereo>(volume)));
+ if (mDescriptor.common.flags.volume == Flags::Volume::CTRL) {
+ Parameter get;
+ EXPECT_IS_OK(mEffect->setParameter(volume));
+ EXPECT_IS_OK(mEffect->getParameter(id, &get));
+ } else {
+ ASSERT_NO_FATAL_FAILURE(
+ setAndGetParameter(id, Parameter::make<Parameter::volumeStereo>(volume)));
+ }
ASSERT_NO_FATAL_FAILURE(command(mEffect, CommandId::STOP));
ASSERT_NO_FATAL_FAILURE(expectState(mEffect, State::IDLE));
diff --git a/automotive/vehicle/aidl/impl/grpc/Android.bp b/automotive/vehicle/aidl/impl/grpc/Android.bp
index 06c9600..e5106f8 100644
--- a/automotive/vehicle/aidl/impl/grpc/Android.bp
+++ b/automotive/vehicle/aidl/impl/grpc/Android.bp
@@ -22,9 +22,11 @@
"aprotoc",
"protoc-gen-grpc-cpp-plugin",
],
- cmd: "$(location aprotoc) -I$$(dirname $(in)) -Ihardware/interfaces/automotive/vehicle/aidl/impl/proto -Iexternal/protobuf/src --plugin=protoc-gen-grpc=$(location protoc-gen-grpc-cpp-plugin) $(in) --grpc_out=$(genDir) --cpp_out=$(genDir)",
+ cmd: "$(location aprotoc) -I$$(dirname $(location proto/VehicleServer.proto)) -Ihardware/interfaces/automotive/vehicle/aidl/impl/proto -Iexternal/protobuf/src --plugin=protoc-gen-grpc=$(location protoc-gen-grpc-cpp-plugin) $(location proto/VehicleServer.proto) --grpc_out=$(genDir) --cpp_out=$(genDir)",
srcs: [
"proto/VehicleServer.proto",
+ ":libprotobuf-internal-protos",
+ ":VehicleHalProtoFiles",
],
out: [
"VehicleServer.pb.h",
@@ -39,9 +41,11 @@
"aprotoc",
"protoc-gen-grpc-cpp-plugin",
],
- cmd: "$(location aprotoc) -I$$(dirname $(in)) -Ihardware/interfaces/automotive/vehicle/aidl/impl/proto -Iexternal/protobuf/src --plugin=protoc-gen-grpc=$(location protoc-gen-grpc-cpp-plugin) $(in) --grpc_out=$(genDir) --cpp_out=$(genDir)",
+ cmd: "$(location aprotoc) -I$$(dirname $(location proto/VehicleServer.proto)) -Ihardware/interfaces/automotive/vehicle/aidl/impl/proto -Iexternal/protobuf/src --plugin=protoc-gen-grpc=$(location protoc-gen-grpc-cpp-plugin) $(location proto/VehicleServer.proto) --grpc_out=$(genDir) --cpp_out=$(genDir)",
srcs: [
"proto/VehicleServer.proto",
+ ":libprotobuf-internal-protos",
+ ":VehicleHalProtoFiles",
],
out: [
"VehicleServer.pb.cc",
diff --git a/compatibility_matrices/Android.bp b/compatibility_matrices/Android.bp
index 712f28a..b3ca293 100644
--- a/compatibility_matrices/Android.bp
+++ b/compatibility_matrices/Android.bp
@@ -31,7 +31,6 @@
"kernel_config_q_4.14",
"kernel_config_q_4.19",
],
- core_hals: "only",
}
vintf_compatibility_matrix {
@@ -45,7 +44,6 @@
"kernel_config_r_4.19",
"kernel_config_r_5.4",
],
- core_hals: "only",
}
vintf_compatibility_matrix {
@@ -59,7 +57,6 @@
"kernel_config_s_5.4",
"kernel_config_s_5.10",
],
- core_hals: "only",
}
vintf_compatibility_matrix {
@@ -72,7 +69,6 @@
"kernel_config_t_5.10",
"kernel_config_t_5.15",
],
- core_hals: "only",
}
vintf_compatibility_matrix {
@@ -85,7 +81,6 @@
"kernel_config_u_5.15",
"kernel_config_u_6.1",
],
- core_hals: "only",
}
vintf_compatibility_matrix {
@@ -98,5 +93,4 @@
"kernel_config_v_5.15",
"kernel_config_v_6.1",
],
- core_hals: "only",
}
diff --git a/compatibility_matrices/build/vintf_compatibility_matrix.go b/compatibility_matrices/build/vintf_compatibility_matrix.go
index 4f342b2..c72cbde 100644
--- a/compatibility_matrices/build/vintf_compatibility_matrix.go
+++ b/compatibility_matrices/build/vintf_compatibility_matrix.go
@@ -35,10 +35,10 @@
pctx = android.NewPackageContext("android/vintf")
assembleVintfRule = pctx.AndroidStaticRule("assemble_vintf", blueprint.RuleParams{
- Command: `${assembleVintfCmd} -i ${inputs} -o ${out} ${extraParams}`,
+ Command: `${assembleVintfCmd} -i ${inputs} -o ${out}`,
CommandDeps: []string{"${assembleVintfCmd}"},
Description: "assemble_vintf -i ${inputs}",
- }, "inputs", "extraParams")
+ }, "inputs")
xmllintXsd = pctx.AndroidStaticRule("xmllint-xsd", blueprint.RuleParams{
Command: `$XmlLintCmd --quiet --schema $xsd $in > /dev/null && touch -a $out`,
@@ -64,13 +64,6 @@
// list of kernel_config modules to be combined to final output
Kernel_configs []string
-
- // Default is "default" for compatibility matrices on /vendor
- // and /odm, and "disallow" for compatibility matrices on /system,
- // /product, and /system_ext.
- // If value is "only", only android.* HALs are allowed. If value
- // is "disallow", none of android.* HALs are allowed.
- Core_hals *string
}
type vintfCompatibilityMatrixRule struct {
@@ -173,8 +166,7 @@
Implicits: inputPaths,
Output: g.genFile,
Args: map[string]string{
- "inputs": strings.Join(inputPaths.Strings(), ":"),
- "extraParams": strings.Join(g.getExtraParams(), " "),
+ "inputs": strings.Join(inputPaths.Strings(), ":"),
},
})
g.generateValidateBuildAction(ctx, g.genFile, schema.Path())
@@ -199,23 +191,3 @@
},
}
}
-
-// Return extra parameters to assemble_vintf.
-func (g *vintfCompatibilityMatrixRule) getExtraParams() []string {
- var extraParams []string
-
- coreHalsStrategy := proptools.StringDefault(
- g.properties.Core_hals,
- g.defaultCoreHalsStrategy(),
- )
- extraParams = append(extraParams, "--core-hals", proptools.ShellEscape(coreHalsStrategy))
- return extraParams
-}
-
-func (g *vintfCompatibilityMatrixRule) defaultCoreHalsStrategy() string {
- // TODO(b/290408770): default to "disallow" for FCMs
-
- // For Device (vendor, odm) compatibility matrix, default is
- // to not check anything.
- return "default"
-}
diff --git a/media/c2/aidl/aidl_api/android.hardware.media.c2/current/android/hardware/media/c2/IGraphicBufferAllocator.aidl b/media/c2/aidl/aidl_api/android.hardware.media.c2/current/android/hardware/media/c2/IGraphicBufferAllocator.aidl
index 3e460dd..e13ba1f 100644
--- a/media/c2/aidl/aidl_api/android.hardware.media.c2/current/android/hardware/media/c2/IGraphicBufferAllocator.aidl
+++ b/media/c2/aidl/aidl_api/android.hardware.media.c2/current/android/hardware/media/c2/IGraphicBufferAllocator.aidl
@@ -39,7 +39,7 @@
ParcelFileDescriptor getWaitableFd();
parcelable Allocation {
android.hardware.HardwareBuffer buffer;
- ParcelFileDescriptor fence;
+ @nullable ParcelFileDescriptor fence;
}
parcelable Description {
int width;
diff --git a/media/c2/aidl/android/hardware/media/c2/IGraphicBufferAllocator.aidl b/media/c2/aidl/android/hardware/media/c2/IGraphicBufferAllocator.aidl
index 49c4ea4..1710242 100644
--- a/media/c2/aidl/android/hardware/media/c2/IGraphicBufferAllocator.aidl
+++ b/media/c2/aidl/android/hardware/media/c2/IGraphicBufferAllocator.aidl
@@ -35,7 +35,7 @@
*/
parcelable Allocation {
HardwareBuffer buffer;
- ParcelFileDescriptor fence;
+ @nullable ParcelFileDescriptor fence;
}
/**
diff --git a/renderscript/1.0/default/Android.bp b/renderscript/1.0/default/Android.bp
index c68e370..23fa252 100644
--- a/renderscript/1.0/default/Android.bp
+++ b/renderscript/1.0/default/Android.bp
@@ -27,6 +27,12 @@
"android.hardware.renderscript@1.0",
],
+ runtime_libs: [
+ "libRS_internal",
+ //TODO(b/313564579) Install libRSDriver as dependency of libRS_internal
+ "libRSDriver",
+ ],
+
product_variables: {
override_rs_driver: {
cflags: ["-DOVERRIDE_RS_DRIVER=%s"],
diff --git a/security/authgraph/default/Android.bp b/security/authgraph/default/Android.bp
index c481075..7894477 100644
--- a/security/authgraph/default/Android.bp
+++ b/security/authgraph/default/Android.bp
@@ -46,11 +46,11 @@
name: "android.hardware.security.authgraph-service.nonsecure",
relative_install_path: "hw",
vendor: true,
- init_rc: ["authgraph.rc"],
- vintf_fragments: ["authgraph.xml"],
+ installable: false, // install com.android.hardware.security.authgraph
defaults: [
"authgraph_use_latest_hal_aidl_rust",
],
+ prefer_rlib: true,
rustlibs: [
"libandroid_logger",
"libauthgraph_hal",
@@ -80,3 +80,34 @@
],
},
}
+
+prebuilt_etc {
+ name: "authgraph.xml",
+ src: "authgraph.xml",
+ sub_dir: "vintf",
+ installable: false,
+}
+
+prebuilt_etc {
+ name: "authgraph.rc",
+ src: "authgraph.rc",
+ installable: false,
+}
+
+apex {
+ name: "com.android.hardware.security.authgraph",
+ manifest: "apex_manifest.json",
+ file_contexts: "apex_file_contexts",
+ key: "com.android.hardware.key",
+ certificate: ":com.android.hardware.certificate",
+ vendor: true,
+ updatable: false,
+
+ binaries: [
+ "android.hardware.security.authgraph-service.nonsecure",
+ ],
+ prebuilts: [
+ "authgraph.rc",
+ "authgraph.xml",
+ ],
+}
diff --git a/security/authgraph/default/apex_file_contexts b/security/authgraph/default/apex_file_contexts
new file mode 100644
index 0000000..9a54613
--- /dev/null
+++ b/security/authgraph/default/apex_file_contexts
@@ -0,0 +1,3 @@
+(/.*)? u:object_r:vendor_file:s0
+/etc(/.*)? u:object_r:vendor_configs_file:s0
+/bin/hw/android\.hardware\.security\.authgraph-service\.nonsecure u:object_r:hal_authgraph_default_exec:s0
diff --git a/security/authgraph/default/apex_manifest.json b/security/authgraph/default/apex_manifest.json
new file mode 100644
index 0000000..0723846
--- /dev/null
+++ b/security/authgraph/default/apex_manifest.json
@@ -0,0 +1,4 @@
+{
+ "name": "com.android.hardware.security.authgraph",
+ "version": 1
+}
\ No newline at end of file
diff --git a/security/authgraph/default/authgraph.rc b/security/authgraph/default/authgraph.rc
index 0222994..2d07542 100644
--- a/security/authgraph/default/authgraph.rc
+++ b/security/authgraph/default/authgraph.rc
@@ -1,4 +1,4 @@
-service vendor.authgraph /vendor/bin/hw/android.hardware.security.authgraph-service.nonsecure
+service vendor.authgraph /apex/com.android.hardware.security.authgraph/bin/hw/android.hardware.security.authgraph-service.nonsecure
interface aidl android.hardware.security.authgraph.IAuthGraph/nonsecure
class hal
user nobody
diff --git a/security/authgraph/default/src/lib.rs b/security/authgraph/default/src/lib.rs
index 43d037c..14741aa 100644
--- a/security/authgraph/default/src/lib.rs
+++ b/security/authgraph/default/src/lib.rs
@@ -18,38 +18,11 @@
use authgraph_boringssl as boring;
use authgraph_core::{
- error,
- key::MillisecondsSinceEpoch,
- keyexchange,
+ error, keyexchange,
ta::{AuthGraphTa, Role},
- traits,
};
use authgraph_hal::channel::SerializedChannel;
use std::sync::{Arc, Mutex};
-use std::time::Instant;
-
-/// Monotonic clock with an epoch that starts at the point of construction.
-/// (This makes it unsuitable for use outside of testing, because the epoch
-/// will not match that of any other component.)
-pub struct StdClock(Instant);
-
-impl Default for StdClock {
- fn default() -> Self {
- Self(Instant::now())
- }
-}
-
-impl traits::MonotonicClock for StdClock {
- fn now(&self) -> MillisecondsSinceEpoch {
- let millis: i64 = self
- .0
- .elapsed()
- .as_millis()
- .try_into()
- .expect("failed to fit timestamp in i64");
- MillisecondsSinceEpoch(millis)
- }
-}
/// Implementation of the AuthGraph TA that runs locally in-process (and which is therefore
/// insecure).
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 822770d..d3f6ae3 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -1792,6 +1792,12 @@
std::string empty_boot_key(32, '\0');
std::string verified_boot_key_str((const char*)verified_boot_key.data(),
verified_boot_key.size());
+ if (get_vsr_api_level() >= __ANDROID_API_V__) {
+ // The attestation should contain the SHA-256 hash of the verified boot
+ // key. However, this was not checked for earlier versions of the KeyMint
+ // HAL so only be strict for VSR-V and above.
+ EXPECT_LE(verified_boot_key.size(), 32);
+ }
EXPECT_NE(property_get("ro.boot.verifiedbootstate", property_value, ""), 0);
if (!strcmp(property_value, "green")) {
EXPECT_EQ(verified_boot_state, VerifiedBoot::VERIFIED);
diff --git a/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp b/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
index c9a156d..9f7322a 100644
--- a/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
+++ b/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
@@ -114,6 +114,12 @@
const auto& vbKey = rot->asArray()->get(pos++);
ASSERT_TRUE(vbKey);
ASSERT_TRUE(vbKey->asBstr());
+ if (get_vsr_api_level() >= __ANDROID_API_V__) {
+ // The attestation should contain the SHA-256 hash of the verified boot
+ // key. However, this not was checked for earlier versions of the KeyMint
+ // HAL so only be strict for VSR-V and above.
+ ASSERT_LE(vbKey->asBstr()->value().size(), 32);
+ }
const auto& deviceLocked = rot->asArray()->get(pos++);
ASSERT_TRUE(deviceLocked);