9f7f48b9894975104315552ee873256e4b827b81 - android_system_security

commit	9f7f48b9894975104315552ee873256e4b827b81	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Wed Mar 31 09:17:47 2021 -0700
committer	Paul Crowley <paulcrowley@google.com>	Mon Apr 05 13:35:57 2021 -0700
tree	8322a385db838fbebd53f760a26ed173ded1e6ac
parent	5975c897763c2596bc7bc724000fd8bb526b4658 [diff]

Cryptographic security for MAX_BOOT_LEVEL

Use a KDF to generate a key for each boot level, anchored in a key
which can only be used once per boot.

Bug: 176450483
Test: aosp/1577966: ensure key created at level 40 stops working at 41
Test: keystore2_test
Change-Id: I12530cd13cb176251c8a0b5431d53c0a7c1bc02d

keystore2/src/boot_level_keys.rs[Added - diff]
keystore2/src/database.rs[diff]
keystore2/src/enforcements.rs[diff]
keystore2/src/keystore2_main.rs[diff]
keystore2/src/lib.rs[diff]
keystore2/src/maintenance.rs[diff]
keystore2/src/security_level.rs[diff]
keystore2/src/super_key.rs[diff]
keystore2/src/utils.rs[diff]

9 files changed

tree: 8322a385db838fbebd53f760a26ed173ded1e6ac

fsverity_init/
identity/
keystore/
keystore-engine/
keystore2/
ondevice-signing/
provisioner/
rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
.clang-format
.gitignore
Android.bp
METADATA
MODULE_LICENSE_APACHE2
NOTICE
OWNERS
PREUPLOAD.cfg