Specialize the KM context to use encrypted key blobs These key blobs are intended to be exported outside the VM, without need for further encryption. This will allows a limited form of persistence for VMs between boots of the same code. The authorization set is left in plain text which reveals some metadata about the key but does not compromise its security. Bug: 190578423 Test: atest MicrodroidHostTestCases Change-Id: I47a0f80e2137e189634b77c0b4aafb32d002be50

commit: 9fadf34678bddb1333733336bcd0d88d8114896e [log] [tgz]
author: Andrew Scull <ascull@google.com> Thu Jun 03 08:38:47 2021 +0000
committer: Andrew Scull <ascull@google.com> Tue Jul 13 13:37:45 2021 +0000
tree: 3600ae9a91be3f667ab4b54df171f0a14cf45992
parent: 6f3e5fe3885437c0a88e52a7c34c24c41df52971 [diff] [blame]
diff --git a/microdroid/keymint/Android.bp b/microdroid/keymint/Android.bp
index 5a87145..6d651b9 100644
--- a/microdroid/keymint/Android.bp
+++ b/microdroid/keymint/Android.bp

@@ -25,6 +25,7 @@
         "libkeymint",
         "liblog",
         "libpuresoftkeymasterdevice",
+        "libsoft_attestation_cert",
         "libutils",
     ],
     local_include_dirs: [
@@ -32,6 +33,7 @@
     ],
     srcs: [
         "MicrodroidKeyMintDevice.cpp",
+        "MicrodroidKeymasterContext.cpp",
         "service.cpp",
     ],
 }
commit	9fadf34678bddb1333733336bcd0d88d8114896e	[log] [tgz]
author	Andrew Scull <ascull@google.com>	Thu Jun 03 08:38:47 2021 +0000
committer	Andrew Scull <ascull@google.com>	Tue Jul 13 13:37:45 2021 +0000
tree	3600ae9a91be3f667ab4b54df171f0a14cf45992
parent	6f3e5fe3885437c0a88e52a7c34c24c41df52971 [diff] [blame]