| commit | 223a7468ccda020f125551f39c081d399073b3a2 | [log] [tgz] |
|---|---|---|
| author | Alan Stokes <alanstokes@google.com> | Thu Jan 20 14:12:24 2022 +0000 |
| committer | Alan Stokes <alanstokes@google.com> | Mon Jan 24 14:08:47 2022 +0000 |
| tree | bb188fa9f8ee6afbaf236aaabfeb970dbad2856d | |
| parent | c33d2921c3e6e8afc008b9970696687c74c42041 [diff] |
Migrate off keystore Implement our own keypair generation and signing (using BoringSSL) and our own private key blob protection (using Ring). This includes replacing the old compos_key_service with the new signing_key. Use DICE as the source of the VM secret used to protect the private key instead of assuming keystore has one. Changed compsvc to return the RSAPublicKey directly. Previously we returned the self-signed cert from Keystore, and composd then extracted the public key. As a result composd no longer needs any native helper code to call BoringSSL; however now compsvc does. Removed similarly redundant key-extraction code from compos_key_cmd. Create SystemRandom when we need it rather than having it as a field; it's stateless anyway. Bug: 214233409 Test: atest ComposKeyTestCase compsvc_device_tests Change-Id: I8b14fe2acdf43f49d45e2d32d4b6f482bd420eee
This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.