Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / dbbbe2ea6d1397a9b675f5260efbff2a9ba2b9ea^! / . / security / keymint
commitdbbbe2ea6d1397a9b675f5260efbff2a9ba2b9ea[log] [tgz]
authorDavid Drysdale <drysdale@google.com>Thu Dec 02 07:44:23 2021 +0000
committerDavid Drysdale <drysdale@google.com>Thu Dec 02 07:52:33 2021 +0000
tree025079961076e5fd125e5a4042aecb7ad384d92b
parent2edfc467f11543d76fd37f7a7716c8a658c01fce [diff]
KeyMint VTS: option to skip BOOT_PATCHLEVEL check

The KeyMint spec requires that all generated keys include the
BOOT_PATCHLEVEL for the device.

However, the VTS test sometimes gets run in an environment where this
is not possible; specifically the Trusty QEMU tests don't have the
bootloader -> KeyMint communication that is needed to populate this
information.

Add a command line flag that disables checks for BOOT_PATCHLEVEL to
cope with these scenarios, making sure that it defaults to having the
checks enabled.

Test: VtsAidlKeyMintTargetTest
Change-Id: I215c8a18afbd68af199d49f74b977ad7cac6b805

diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 92aa2ac..e795661 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp

@@ -69,6 +69,9 @@
 
 namespace {
 
+// Whether to check that BOOT_PATCHLEVEL is populated.
+bool check_boot_pl = true;
+
 // The maximum number of times we'll attempt to verify that corruption
 // of an ecrypted blob results in an error. Retries are necessary as there
 // is a small (roughly 1/256) chance that corrupting ciphertext still results
@@ -527,12 +530,17 @@
         EXPECT_TRUE(os_pl);
         EXPECT_EQ(*os_pl, os_patch_level());
 
-        // Should include vendor and boot patchlevels.
+        // Should include vendor patchlevel.
         auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL);
         EXPECT_TRUE(vendor_pl);
         EXPECT_EQ(*vendor_pl, vendor_patch_level());
-        auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);
-        EXPECT_TRUE(boot_pl);
+
+        // Should include boot patchlevel (but there are some test scenarios where this is not
+        // possible).
+        if (check_boot_pl) {
+            auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);
+            EXPECT_TRUE(boot_pl);
+        }
 
         return auths;
     }
@@ -6871,6 +6879,12 @@
             } else {
                 std::cout << "NOT dumping attestations" << std::endl;
             }
+            if (std::string(argv[i]) == "--skip_boot_pl_check") {
+                // Allow checks of BOOT_PATCHLEVEL to be disabled, so that the tests can
+                // be run in emulated environments that don't have the normal bootloader
+                // interactions.
+                aidl::android::hardware::security::keymint::test::check_boot_pl = false;
+            }
         }
     }
     return RUN_ALL_TESTS();