Disable KM4 HMAC key agreement
StrongBox doesn't yet have key agreement implemented, which breaks
keystore if TEE KM is upgraded to KM4. This disables it temporarily.
Bug: 77533310
Test: Boot and verify that keystore is running correctly.
Change-Id: I8505f634735d1efc5a196fdfd0910b1b26da7547
diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp
index 1ec32dd..58f0733 100644
--- a/keystore/keystore_main.cpp
+++ b/keystore/keystore_main.cpp
@@ -122,9 +122,8 @@
CHECK(rc.isOk()) << "Communication error while calling getHmacSharingParameters on"
" Keymaster with index: "
<< index;
- CHECK(ec == ErrorCode::OK) << "Failed to get HmacSharingParameters from"
- " Keymaster with index: "
- << index;
+ CHECK(ec == ErrorCode::OK) << "Failed to get HmacSharingParameters from Keymaster "
+ << km->halVersion().keymasterName << " at index: " << index;
++index;
}
hmacSharingParams.resize(index);
@@ -160,8 +159,9 @@
auto result = enumerateKeymasterDevices<Keymaster4>(serviceManager.get());
auto softKeymaster = result[SecurityLevel::SOFTWARE];
if (result[SecurityLevel::TRUSTED_ENVIRONMENT]) {
- performHmacKeyHandshake(
- {result[SecurityLevel::TRUSTED_ENVIRONMENT], result[SecurityLevel::STRONGBOX]});
+ // TODO(swillden): Put this back when StrongBox KM works. b/77533310
+ // performHmacKeyHandshake(
+ // {result[SecurityLevel::TRUSTED_ENVIRONMENT], result[SecurityLevel::STRONGBOX]});
} else {
result = enumerateKeymasterDevices<Keymaster3>(serviceManager.get());
}