Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 34374f8524029ef5bd4ebbe5139e8344a3780c6a
commit34374f8524029ef5bd4ebbe5139e8344a3780c6a[log] [tgz]
authorMartijn Coenen <maco@google.com>Wed May 19 11:06:29 2021 +0200
committerMartijn Coenen <maco@google.com>Tue May 25 13:41:02 2021 +0000
treeb91a5a7ad782ec2f8179bbd480f18d308d7bdb29
parent729f6bec05ac8c514901de04358428602d07fc98 [diff]
On-device signing: Switch to using a TEE-backed keystore key.

We previously used a Strongbox key; but since we'll need to start
verifying the public key component with an HMAC operation on every boot,
switch to a TEE key instead, as TEE operations are much faster, and
this should help bring boot time down.

This also requires some logic to deal with keys in Strongbox on
updating devices.

Bug: 187862706
Test: TEST_MAPPING; manual upgrade test.
Change-Id: Ib99d689dbef02d2f0c34bfa4c852205b1ec680a7
Merged-In: Ib99d689dbef02d2f0c34bfa4c852205b1ec680a7
1 file changed
tree: b91a5a7ad782ec2f8179bbd480f18d308d7bdb29
  1. fsverity_init/
  2. identity/
  3. keystore/
  4. keystore-engine/
  5. keystore2/
  6. ondevice-signing/
  7. provisioner/
  8. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  9. .clang-format
  10. .gitignore
  11. Android.bp
  12. METADATA
  13. MODULE_LICENSE_APACHE2
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg