Test CannotCreateEarlyBootKeys only if metadata encryption is on
In R, earlyBootEnded is called only when metadata encryption is being
set up, and thus is not called if metadata encryption is not enabled.
So don't test it under those circumstances.
Bug: 170875742
Test: Cherry-pick aosp/1515419 so that this test can fail. Test passes
with metadata encryption enabled or disabled, but does not pass
if metadata encryption is enabled and earlyBootEnded is
commented out. (Cuttlefish)
Change-Id: I4f1704ca6235d47a1b47902ebbcc1720d016e8dd
diff --git a/keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp b/keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp
index a26c688..6d44150 100644
--- a/keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp
+++ b/keymaster/4.1/vts/functional/EarlyBootKeyTest.cpp
@@ -18,6 +18,8 @@
#include <keymasterV4_1/authorization_set.h>
+#include <android-base/properties.h>
+
namespace android::hardware::keymaster::V4_1::test {
using std::string;
@@ -30,6 +32,8 @@
// creates/uses early boot keys during boot. It should fail to boot if the early boot key usage
// fails.
TEST_P(EarlyBootKeyTest, CannotCreateEarlyBootKeys) {
+ // In R, this works only on devices with metadata encryption.
+ if (!android::base::GetBoolProperty("ro.crypto.metadata.enabled", false)) return;
auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] =
CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::EARLY_BOOT_ENDED);