Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 97f96811fe1265c8b8cb6cc2c6baec54b1466d20
commit97f96811fe1265c8b8cb6cc2c6baec54b1466d20[log] [tgz]
authorMax Bires <jbires@google.com>Tue Feb 23 23:44:57 2021 -0800
committerMax Bires <jbires@google.com>Mon Mar 08 15:15:55 2021 -0800
tree2cf8d10dba6a1f7f3236b7ebefa5394f7bb0a515
parent8f4bd766195c20e1b19887a409f1423bd60f1628 [diff]
Ability for KS2 to select remotely provisioned key

This patch adds the functionality needed by keystore2 in order to make
use of remotely provisioned attestation certificates, if they are
available. The code checks if an IRemotelyProvisionedComponent exists
for the given security level, and if the remote provisioning app has
been enabled to fetch keys for said instance before attempting to assign
these keys to apps.

If remote provisioning is not enabled for the given security level, the
code defaults back to passing None to allow the underlying KM instance
to choose its own factory provisioned attestation key. This is only
relevant in hybrid systems that take advantage of both factory key
provisioning and remote key provisioning.

Test: atest CtsKeystoreTestCases
Change-Id: I44586753afd3f4e63a76263145f1da9f8106af3d
3 files changed
tree: 2cf8d10dba6a1f7f3236b7ebefa5394f7bb0a515
  1. fsverity_init/
  2. identity/
  3. keystore/
  4. keystore-engine/
  5. keystore2/
  6. ondevice-signing/
  7. provisioner/
  8. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  9. .clang-format
  10. .gitignore
  11. Android.bp
  12. METADATA
  13. MODULE_LICENSE_APACHE2
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg