On-device signing: fall back to TEE.
In case a SE is not available.
Bug: 165630556
Test: creating a keystore key works on cuttlefish
Change-Id: Ida97fa9536ca8b6a4fefb959f882f3a820c89514
diff --git a/ondevice-signing/KeystoreKey.cpp b/ondevice-signing/KeystoreKey.cpp
index cd5c398..de7033f 100644
--- a/ondevice-signing/KeystoreKey.cpp
+++ b/ondevice-signing/KeystoreKey.cpp
@@ -140,8 +140,10 @@
auto status = mService->getSecurityLevel(SecurityLevel::STRONGBOX, &mSecurityLevel);
if (!status.isOk()) {
- // TODO fallback to TEE
- return false;
+ status = mService->getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT, &mSecurityLevel);
+ if (!status.isOk()) {
+ return false;
+ }
}
auto descriptor = getKeyDescriptor();