Initial Secretkeeper HAL service for Trusty Disabled by default; enable with `export SECRETKEEPER_ENABLED=y` before building. Also needs the Secretkeeper TA to be present in Trusty; if the TA is absent, the HAL service will (repeatedly) fail to connect. Test: build, VtsSecretkeeperTargetTest Bug: 306364873 Change-Id: I529013395d0e3afbff4a24b663088adce2a23805

commit: 8e1c267cdf66c069244c963259704da1eefa438b [log] [tgz]
author: David Drysdale <drysdale@google.com> Fri Nov 10 19:12:18 2023 +0000
committer: David Drysdale <drysdale@google.com> Thu Jan 11 09:45:20 2024 +0000
tree: 52dc03acac43097eff6eefdd404f62bad20ed6bc
parent: c0c1c3d0c1ac175514e5356160e0f52744b3b0bd [diff] [blame]
diff --git a/trusty/trusty-base.mk b/trusty/trusty-base.mk
index 1986c73..d645c3e 100644
--- a/trusty/trusty-base.mk
+++ b/trusty/trusty-base.mk

@@ -35,8 +35,16 @@
     LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.trusty
 endif
 
+# TODO(b/306364873): move this to be flag-controlled?
+ifeq ($(SECRETKEEPER_ENABLED),)
+    LOCAL_SECRETKEEPER_PRODUCT_PACKAGE :=
+else
+    LOCAL_SECRETKEEPER_PRODUCT_PACKAGE := android.hardware.security.secretkeeper.trusty
+endif
+
 PRODUCT_PACKAGES += \
 	$(LOCAL_KEYMINT_PRODUCT_PACKAGE) \
+	$(LOCAL_SECRETKEEPER_PRODUCT_PACKAGE) \
 	android.hardware.gatekeeper-service.trusty \
 	trusty_apploader \
commit	8e1c267cdf66c069244c963259704da1eefa438b	[log] [tgz]
author	David Drysdale <drysdale@google.com>	Fri Nov 10 19:12:18 2023 +0000
committer	David Drysdale <drysdale@google.com>	Thu Jan 11 09:45:20 2024 +0000
tree	52dc03acac43097eff6eefdd404f62bad20ed6bc
parent	c0c1c3d0c1ac175514e5356160e0f52744b3b0bd [diff] [blame]