commit f37af14e447472ff8df5a1faabb732d4e84c9e5e
author Paul Crowley <paulcrowley@google.com> Wed Oct 20 18:14:09 2021 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Wed Oct 20 18:14:09 2021 +0000
tree 267d4fe30c2253876eb04366783ac576a1ae35ac
parent 5147e3b0aa0e55069894fe8e6a3755d328962038
parent fceb7e53a2be7083d3f0aef8967ea0974badb903

Test CannotCreateEarlyBootKeys only if metadata encryption is on am: fceb7e53a2

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1518363

Change-Id: I80a928d3db5c419293228bc22d6edf2613a5a9e2

keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp

diff --git a/keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp b/keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp
index a26c688..6d44150 100644
--- a/keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp
+++ b/keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp
@@ -18,6 +18,8 @@
 
 #include <keymasterV4_1/authorization_set.h>
 
+#include <android-base/properties.h>
+
 namespace android::hardware::keymaster::V4_1::test {
 
 using std::string;
@@ -30,6 +32,8 @@
 // creates/uses early boot keys during boot.  It should fail to boot if the early boot key usage
 // fails.
 TEST_P(EarlyBootKeyTest, CannotCreateEarlyBootKeys) {
+    // In R, this works only on devices with metadata encryption.
+    if (!android::base::GetBoolProperty("ro.crypto.metadata.enabled", false)) return;
     auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] =
             CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::EARLY_BOOT_ENDED);