commit 71cc11ec296ab4ca5f33ccbcc322d7fee1f4dde4
author Alan Stokes <alanstokes@google.com> Mon Jan 17 10:39:05 2022 +0000
committer Alan Stokes <alanstokes@google.com> Mon Jan 17 16:03:58 2022 +0000
tree b9b3b7a646325aaf5a0b814514676bac1c01fd5c
parent 95042c8e569d931be87778eb53902e14feded24f

Get CompOS talking to diced

Create a module in compsvc to handle using DICE for signing. Initially
we just expose a method for returning our key's attestation
chain.

Add a method to composd, accessed via compos_cmd, to exercise this
functionality for testing purposes.

Bug: 214233409
Test: composd_cmd dice
Change-Id: I65ef19d0126862b800b6539ae1798b1a433085b8

compos/src/compsvc.rs

diff --git a/compos/src/compsvc.rs b/compos/src/compsvc.rs
index 5a2c3ca..28bf5d9 100644
--- a/compos/src/compsvc.rs
+++ b/compos/src/compsvc.rs
@@ -28,6 +28,7 @@
 
 use crate::compilation::{compile_cmd, odrefresh, CompilerOutput, OdrefreshContext};
 use crate::compos_key_service::{CompOsKeyService, Signer};
+use crate::dice::Dice;
 use crate::fsverity;
 use authfs_aidl_interface::aidl::com::android::virt::fs::IAuthFsService::IAuthFsService;
 use compos_aidl_interface::aidl::com::android::compos::{
@@ -79,6 +80,11 @@
             Ok(self.key_service.new_signer(key))
         }
     }
+
+    fn get_boot_certificate_chain(&self) -> Result<Vec<u8>> {
+        let dice = Dice::new()?;
+        dice.get_boot_certificate_chain()
+    }
 }
 
 impl Interface for CompOsService {}
@@ -164,6 +170,10 @@
             true
         })
     }
+
+    fn getBootCertificateChain(&self) -> BinderResult<Vec<u8>> {
+        to_binder_result(self.get_boot_certificate_chain())
+    }
 }
 
 fn get_authfs_service() -> BinderResult<Strong<dyn IAuthFsService>> {