Merge changes from topic "compos_keygen"
* changes:
Remove the ability to query CompOS BCC
Migrate off keystore
Key blob protection using AEAD
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 940094d..e078108 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -178,6 +178,7 @@
partition_name: "vendor",
use_avb: true,
deps: [
+ "android.hardware.security.dice-service.microdroid",
"android.hardware.security.keymint-service.microdroid",
"microdroid_fstab",
"microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
diff --git a/microdroid/dice/Android.bp b/microdroid/dice/Android.bp
new file mode 100644
index 0000000..1342a84
--- /dev/null
+++ b/microdroid/dice/Android.bp
@@ -0,0 +1,28 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_binary {
+ name: "android.hardware.security.dice-service.microdroid",
+ srcs: ["service.rs"],
+ relative_install_path: "hw",
+ vendor: true,
+ rustlibs: [
+ "android.hardware.security.dice-V1-rust",
+ "libandroid_logger",
+ "libanyhow",
+ "libbinder_rs",
+ "libbyteorder",
+ "libdiced_open_dice_cbor",
+ "libdiced_sample_inputs",
+ "libdiced_vendor",
+ "liblibc",
+ "liblog_rust",
+ "libserde",
+ ],
+ init_rc: ["android.hardware.security.dice-service.microdroid.rc"],
+ vintf_fragments: [
+ "android.hardware.security.dice-service.microdroid.xml",
+ ],
+ bootstrap: true,
+}
diff --git a/microdroid/dice/android.hardware.security.dice-service.microdroid.rc b/microdroid/dice/android.hardware.security.dice-service.microdroid.rc
new file mode 100644
index 0000000..162081e
--- /dev/null
+++ b/microdroid/dice/android.hardware.security.dice-service.microdroid.rc
@@ -0,0 +1,3 @@
+service vendor.dice-microdroid /vendor/bin/hw/android.hardware.security.dice-service.microdroid
+ class early_hal
+ user nobody
diff --git a/microdroid/dice/android.hardware.security.dice-service.microdroid.xml b/microdroid/dice/android.hardware.security.dice-service.microdroid.xml
new file mode 100644
index 0000000..cf6c482
--- /dev/null
+++ b/microdroid/dice/android.hardware.security.dice-service.microdroid.xml
@@ -0,0 +1,6 @@
+<manifest version="1.0" type="device">
+ <hal format="aidl">
+ <name>android.hardware.security.dice</name>
+ <fqname>IDiceDevice/default</fqname>
+ </hal>
+</manifest>
diff --git a/microdroid/dice/service.rs b/microdroid/dice/service.rs
new file mode 100644
index 0000000..3401654
--- /dev/null
+++ b/microdroid/dice/service.rs
@@ -0,0 +1,117 @@
+// Copyright 2022, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Main entry point for the microdroid IDiceDevice HAL implementation.
+
+use anyhow::Result;
+use diced::{
+ dice,
+ hal_node::{DiceArtifacts, DiceDevice, ResidentHal, UpdatableDiceArtifacts},
+};
+use serde::{Deserialize, Serialize};
+use std::panic;
+use std::sync::Arc;
+
+const DICE_HAL_SERVICE_NAME: &str = "android.hardware.security.dice.IDiceDevice/default";
+
+/// Artifacts that are kept in the process address space after the artifacts
+/// from the driver have been consumed.
+#[derive(Clone, Serialize, Deserialize)]
+struct RawArtifacts {
+ cdi_attest: [u8; dice::CDI_SIZE],
+ cdi_seal: [u8; dice::CDI_SIZE],
+ bcc: Vec<u8>,
+}
+
+impl DiceArtifacts for RawArtifacts {
+ fn cdi_attest(&self) -> &[u8; dice::CDI_SIZE] {
+ &self.cdi_attest
+ }
+ fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE] {
+ &self.cdi_seal
+ }
+ fn bcc(&self) -> Vec<u8> {
+ // The BCC only contains public information so it's fine to copy.
+ self.bcc.clone()
+ }
+}
+
+#[derive(Clone, Serialize, Deserialize)]
+enum DriverArtifactManager {
+ Updated(RawArtifacts),
+}
+
+impl DriverArtifactManager {
+ fn new() -> Self {
+ // TODO(214231981): replace with true values passed by bootloader
+ let (cdi_attest, cdi_seal, bcc) = diced_sample_inputs::make_sample_bcc_and_cdis()
+ .expect("Failed to create sample dice artifacts.");
+ Self::Updated(RawArtifacts {
+ cdi_attest: cdi_attest[..].try_into().unwrap(),
+ cdi_seal: cdi_seal[..].try_into().unwrap(),
+ bcc,
+ })
+ }
+}
+
+impl UpdatableDiceArtifacts for DriverArtifactManager {
+ fn with_artifacts<F, T>(&self, f: F) -> Result<T>
+ where
+ F: FnOnce(&dyn DiceArtifacts) -> Result<T>,
+ {
+ match self {
+ Self::Updated(raw_artifacts) => f(raw_artifacts),
+ }
+ }
+ fn update(self, new_artifacts: &impl DiceArtifacts) -> Result<Self> {
+ Ok(Self::Updated(RawArtifacts {
+ cdi_attest: *new_artifacts.cdi_attest(),
+ cdi_seal: *new_artifacts.cdi_seal(),
+ bcc: new_artifacts.bcc(),
+ }))
+ }
+}
+
+fn main() {
+ android_logger::init_once(
+ android_logger::Config::default()
+ .with_tag("android.hardware.security.dice")
+ .with_min_level(log::Level::Debug),
+ );
+ // Redirect panic messages to logcat.
+ panic::set_hook(Box::new(|panic_info| {
+ log::error!("{}", panic_info);
+ }));
+
+ // Saying hi.
+ log::info!("android.hardware.security.dice is starting.");
+
+ let hal_impl = Arc::new(
+ unsafe {
+ // Safety: ResidentHal cannot be used in multi threaded processes.
+ // This service does not start a thread pool. The main thread is the only thread
+ // joining the thread pool, thereby keeping the process single threaded.
+ ResidentHal::new(DriverArtifactManager::new())
+ }
+ .expect("Failed to create ResidentHal implementation."),
+ );
+
+ let hal = DiceDevice::new_as_binder(hal_impl).expect("Failed to construct hal service.");
+
+ binder::add_service(DICE_HAL_SERVICE_NAME, hal.as_binder())
+ .expect("Failed to register IDiceDevice Service");
+
+ log::info!("Joining thread pool now.");
+ binder::ProcessState::join_thread_pool();
+}
diff --git a/microdroid/init.rc b/microdroid/init.rc
index 117b62c..e76260e 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc
@@ -61,6 +61,7 @@
start servicemanager
+ start vendor.dice-microdroid
start diced
mkdir /mnt/apk 0755 system system
diff --git a/microdroid_manager/Android.bp b/microdroid_manager/Android.bp
index 23a61d9..f888b80 100644
--- a/microdroid_manager/Android.bp
+++ b/microdroid_manager/Android.bp
@@ -9,6 +9,7 @@
edition: "2018",
prefer_rlib: true,
rustlibs: [
+ "android.security.dice-rust",
"android.system.virtualizationservice-rust",
"android.system.virtualmachineservice-rust",
"libanyhow",
diff --git a/microdroid_manager/src/instance.rs b/microdroid_manager/src/instance.rs
index aadb71f..3c322b7 100644
--- a/microdroid_manager/src/instance.rs
+++ b/microdroid_manager/src/instance.rs
@@ -33,7 +33,9 @@
//! The payload of a partition is encrypted/signed by a key that is unique to the loader and to the
//! VM as well. Failing to decrypt/authenticate a partition by a loader stops the boot process.
+use android_security_dice::aidl::android::security::dice::IDiceNode::IDiceNode;
use anyhow::{anyhow, bail, Context, Result};
+use binder::wait_for_interface;
use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
use ring::aead::{Aad, Algorithm, LessSafeKey, Nonce, UnboundKey, AES_256_GCM};
use ring::hkdf::{Salt, HKDF_SHA256};
@@ -131,7 +133,7 @@
// Decrypt and authenticate the data (along with the header). The data is decrypted in
// place. `open_in_place` returns slice to the decrypted part in the buffer.
- let plaintext_len = get_key().open_in_place(nonce, Aad::from(&header), &mut data)?.len();
+ let plaintext_len = get_key()?.open_in_place(nonce, Aad::from(&header), &mut data)?.len();
// Truncate to remove the tag
data.truncate(plaintext_len);
@@ -174,7 +176,7 @@
// Then encrypt and sign the data. The non-encrypted input data is copied to a vector
// because it is encrypted in place, and also the tag is appended.
- get_key().seal_in_place_append_tag(nonce, Aad::from(&header), &mut data)?;
+ get_key()?.seal_in_place_append_tag(nonce, Aad::from(&header), &mut data)?;
// Persist the encrypted payload data
self.file.write_all(&data)?;
@@ -276,17 +278,18 @@
/// Returns the key that is used to encrypt the microdroid manager partition. It is derived from
/// the sealing CDI of the previous stage, which is Android Boot Loader (ABL).
-fn get_key() -> ZeroOnDropKey {
- // Sealing CDI from the previous stage. For now, this is hardcoded.
- // TODO(jiyong): actually read this from the previous stage
- const SEALING_CDI: [u8; 32] = [10; 32];
+fn get_key() -> Result<ZeroOnDropKey> {
+ // Sealing CDI from the previous stage.
+ let diced = wait_for_interface::<dyn IDiceNode>("android.security.dice.IDiceNode")
+ .context("IDiceNode service not found")?;
+ let bcc_handover = diced.derive(&[]).context("Failed to get BccHandover")?;
// Derive a key from the Sealing CDI
// Step 1 is extraction: https://datatracker.ietf.org/doc/html/rfc5869#section-2.2 where a
// pseduo random key (PRK) is extracted from (Input Keying Material - IKM, which is secret) and
// optional salt.
let salt = Salt::new(HKDF_SHA256, &[]); // use 0 as salt
- let prk = salt.extract(&SEALING_CDI); // Sealing CDI as IKM
+ let prk = salt.extract(&bcc_handover.cdiSeal); // Sealing CDI as IKM
// Step 2 is expansion: https://datatracker.ietf.org/doc/html/rfc5869#section-2.3 where the PRK
// (optionally with the `info` which gives contextual information) is expanded into the output
@@ -308,7 +311,7 @@
::std::ptr::write_volatile::<[u8; 32]>(&mut key, [0; 32]);
}
- ret
+ Ok(ret)
}
#[derive(Debug, Serialize, Deserialize, PartialEq)]