Move Trusty C++ KeyMint to v4
- Declare v4 HAL.
- Declare version 400 in Package Manager (when unfrozen).
- Link to current (V4 when unfrozen) versions of support libraries.
- Add `setAdditionalAttestationInfo()` method to HAL service.
- Add `SetAdditionalAttestationInfo()` method to implementation, using
the common message types.
- Add Trusty-specific message code for the
`SET_ADDITIONAL_ATTESTATION_INFO` message exchange.
Test: VtsAidlKeyMintTargetTest (new test fails until TA updated too)
Bug: 369375199
Change-Id: I4699aea3ab8a0723a5c2bc1493f7bbb69cdfd6df
diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp
index 5a1e420..8ebfc1a 100644
--- a/trusty/keymaster/Android.bp
+++ b/trusty/keymaster/Android.bp
@@ -106,11 +106,11 @@
"keymint/service.cpp",
],
shared_libs: [
- "android.hardware.security.keymint-V3-ndk",
+ "android.hardware.security.keymint-V4-ndk",
"android.hardware.security.rkp-V3-ndk",
"android.hardware.security.secureclock-V1-ndk",
"android.hardware.security.sharedsecret-V1-ndk",
- "lib_android_keymaster_keymint_utils_V3",
+ "lib_android_keymaster_keymint_utils",
"libbase",
"libbinder_ndk",
"libhardware",
@@ -120,9 +120,10 @@
"libtrusty",
"libutils",
],
- required: [
- "android.hardware.hardware_keystore_V3.xml",
- ],
+ required: select(release_flag("RELEASE_AIDL_USE_UNFROZEN"), {
+ true: ["android.hardware.hardware_keystore.xml"],
+ default: ["android.hardware.hardware_keystore_V3.xml"],
+ }),
}
prebuilt_etc {
diff --git a/trusty/keymaster/TrustyKeymaster.cpp b/trusty/keymaster/TrustyKeymaster.cpp
index b118a20..723229d 100644
--- a/trusty/keymaster/TrustyKeymaster.cpp
+++ b/trusty/keymaster/TrustyKeymaster.cpp
@@ -295,6 +295,13 @@
return response;
}
+SetAdditionalAttestationInfoResponse TrustyKeymaster::SetAdditionalAttestationInfo(
+ const SetAdditionalAttestationInfoRequest& request) {
+ SetAdditionalAttestationInfoResponse response(message_version());
+ ForwardCommand(KM_SET_ADDITIONAL_ATTESTATION_INFO, request, &response);
+ return response;
+}
+
GetHwInfoResponse TrustyKeymaster::GetHwInfo() {
GetHwInfoResponse response(message_version());
ForwardCommand(KM_GET_HW_INFO, GetHwInfoRequest(message_version()), &response);
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h
index c8d8932..5e876d3 100644
--- a/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h
@@ -85,6 +85,7 @@
ScopedAStatus getRootOfTrust(const array<uint8_t, 16>& challenge,
vector<uint8_t>* rootOfTrust) override;
ScopedAStatus sendRootOfTrust(const vector<uint8_t>& rootOfTrust) override;
+ ScopedAStatus setAdditionalAttestationInfo(const vector<KeyParameter>& info) override;
protected:
std::shared_ptr<TrustyKeymaster> impl_;
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
index c50178b..65d7217 100644
--- a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
@@ -70,6 +70,8 @@
ConfigureVendorPatchlevelResponse ConfigureVendorPatchlevel(
const ConfigureVendorPatchlevelRequest& request);
GetRootOfTrustResponse GetRootOfTrust(const GetRootOfTrustRequest& request);
+ SetAdditionalAttestationInfoResponse SetAdditionalAttestationInfo(
+ const SetAdditionalAttestationInfoRequest& request);
GetHwInfoResponse GetHwInfo();
uint32_t message_version() const { return message_version_; }
diff --git a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
index 822e933..721315d 100644
--- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
@@ -62,6 +62,7 @@
KM_GET_ROOT_OF_TRUST = (34 << KEYMASTER_REQ_SHIFT),
KM_GET_HW_INFO = (35 << KEYMASTER_REQ_SHIFT),
KM_GENERATE_CSR_V2 = (36 << KEYMASTER_REQ_SHIFT),
+ KM_SET_ADDITIONAL_ATTESTATION_INFO = (37 << KEYMASTER_REQ_SHIFT),
// Bootloader/provisioning calls.
KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),
diff --git a/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
index fec4c60..154597f 100644
--- a/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
+++ b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
@@ -349,4 +349,18 @@
return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED);
}
+ScopedAStatus TrustyKeyMintDevice::setAdditionalAttestationInfo(const vector<KeyParameter>& info) {
+ keymaster::SetAdditionalAttestationInfoRequest request(impl_->message_version());
+ request.info.Reinitialize(KmParamSet(info));
+
+ keymaster::SetAdditionalAttestationInfoResponse response =
+ impl_->SetAdditionalAttestationInfo(request);
+
+ if (response.error != KM_ERROR_OK) {
+ return kmError2ScopedAStatus(response.error);
+ } else {
+ return ScopedAStatus::ok();
+ }
+}
+
} // namespace aidl::android::hardware::security::keymint::trusty
diff --git a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
index 3dc9c88..f74d212 100644
--- a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
+++ b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
@@ -1,7 +1,7 @@
<manifest version="1.0" type="device">
<hal format="aidl">
<name>android.hardware.security.keymint</name>
- <version>3</version>
+ <version>4</version>
<fqname>IKeyMintDevice/default</fqname>
</hal>
<hal format="aidl">