Revert^2 "Cryptographic security for MAX_BOOT_LEVEL"
Revert submission revert-1660531-max-boot-level-crypto-KFMCEDKSIV
Reason for revert: topic:vold-use-keystore2 has landed fixing the bug
Reverted changes:
Ibf63734a: Revert "Set earlyBootEnded before apex starts"
Id02f63a7: Revert "Expose AID_KEYSTORE"
Ibcedeff4: Revert "Cryptographic security for MAX_BOOT_LEVEL"
Restored changes:
Ia3b968afc:Set earlyBootEnded before apex starts
Ia69891291:Expose AID_KEYSTORE
I12530cd13:Cryptographic security for MAX_BOOT_LEVEL
Reverted-SHA1: 229f2c038c22ee271e06c1f919e2632fa014bc19
Original commit message:
Use a KDF to generate a key for each boot level, anchored in a key
which can only be used once per boot.
Bug: 176450483
Test: atest com.android.tests.odsign.OnDeviceSigningHostTest#verifyArtUpgradeSignsFiles
Change-Id: I62609052647316c5c381e1df12963996aba97f23
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index 50d697e..65512f1 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -687,7 +687,7 @@
SuperKeyManager::reencrypt_if_required(key_blob, &upgraded_blob)
.context("In store_upgraded_keyblob: Failed to handle super encryption.")?;
- let mut new_blob_metadata = new_blob_metadata.unwrap_or_else(BlobMetaData::new);
+ let mut new_blob_metadata = new_blob_metadata.unwrap_or_default();
if let Some(uuid) = km_uuid {
new_blob_metadata.add(BlobMetaEntry::KmUuid(*uuid));
}