Keystore 2.0: Enforce MAX_BOOT_LEVEL in software Test: Initialize keystore.boot_level in init.rc; then adb setprop keystore.boot_level 40 and check logs Test: Test program creates key with MAX_BOOT_LEVEL tag; ensure it can be used before bumping keystore.boot_level but not after Bug: 176450483 Change-Id: I94ea178e0fd524bf0a5d65b016559ddd7766205f

commit: 7c57bf1d4674b89ec3d8ec6add8da0faf291bd76 [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Tue Feb 02 16:26:57 2021 -0800
committer: Paul Crowley <paulcrowley@google.com> Thu Feb 25 12:44:00 2021 -0800
tree: 89cab1ace4b634d38cfc5413f9e829626f3b8d8a
parent: 5ab30a7008972c6944d12099a85653c77a2c5379 [diff] [blame]
diff --git a/keystore2/src/key_parameter.rs b/keystore2/src/key_parameter.rs
index 117dea8..c10da95 100644
--- a/keystore2/src/key_parameter.rs
+++ b/keystore2/src/key_parameter.rs

@@ -965,6 +965,9 @@
     /// Used to deliver the not after date in milliseconds to KeyMint during key generation/import.
     #[key_param(tag = CERTIFICATE_NOT_AFTER, field = DateTime)]
     CertificateNotAfter(i64),
+    /// Specifies a maximum boot level at which a key should function
+    #[key_param(tag = MAX_BOOT_LEVEL, field = Integer)]
+    MaxBootLevel(i32),
 }
 }
commit	7c57bf1d4674b89ec3d8ec6add8da0faf291bd76	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Tue Feb 02 16:26:57 2021 -0800
committer	Paul Crowley <paulcrowley@google.com>	Thu Feb 25 12:44:00 2021 -0800
tree	89cab1ace4b634d38cfc5413f9e829626f3b8d8a
parent	5ab30a7008972c6944d12099a85653c77a2c5379 [diff] [blame]