keystore2: Remove remote provisioning logic
keystore2 will always be using RKPD instead.
Bug: 261214100
Test: m keystore2 keystore2_test
Change-Id: Ibd27a8ae7d502e0fab2f728aa49175d28a6780b0
diff --git a/keystore2/src/attestation_key_utils.rs b/keystore2/src/attestation_key_utils.rs
index 8c4cdea..184b3cb 100644
--- a/keystore2/src/attestation_key_utils.rs
+++ b/keystore2/src/attestation_key_utils.rs
@@ -30,17 +30,11 @@
};
use anyhow::{Context, Result};
use keystore2_crypto::parse_subject_from_certificate;
-use rustutils::system_properties;
/// KeyMint takes two different kinds of attestation keys. Remote provisioned keys
/// and those that have been generated by the user. Unfortunately, they need to be
/// handled quite differently, thus the different representations.
pub enum AttestationKeyInfo {
- RemoteProvisioned {
- key_id_guard: KeyIdGuard,
- attestation_key: AttestationKey,
- attestation_certs: Certificate,
- },
RkpdProvisioned {
attestation_key: AttestationKey,
attestation_certs: Certificate,
@@ -53,12 +47,6 @@
},
}
-fn use_rkpd() -> bool {
- let property = "remote_provisioning.enable_rkpd";
- let default_value = true;
- system_properties::read_bool(property, default_value).unwrap_or(default_value)
-}
-
/// This function loads and, optionally, assigns the caller's remote provisioned
/// attestation key if a challenge is present. Alternatively, if `attest_key_descriptor` is given,
/// it loads the user generated attestation key from the database.
@@ -75,34 +63,14 @@
params.iter().any(|kp| kp.tag == Tag::DEVICE_UNIQUE_ATTESTATION);
match attest_key_descriptor {
// Do not select an RKP key if DEVICE_UNIQUE_ATTESTATION is present.
- None if challenge_present && !is_device_unique_attestation => {
- if use_rkpd() {
- rem_prov_state
- .get_rkpd_attestation_key_and_certs(key, caller_uid, params)
- .context(ks_err!("Trying to get attestation key from RKPD."))
- .map(|result| {
- result.map(|(attestation_key, attestation_certs)| {
- AttestationKeyInfo::RkpdProvisioned {
- attestation_key,
- attestation_certs,
- }
- })
- })
- } else {
- rem_prov_state
- .get_remotely_provisioned_attestation_key_and_certs(key, caller_uid, params, db)
- .context(ks_err!("Trying to get remotely provisioned attestation key."))
- .map(|result| {
- result.map(|(key_id_guard, attestation_key, attestation_certs)| {
- AttestationKeyInfo::RemoteProvisioned {
- key_id_guard,
- attestation_key,
- attestation_certs,
- }
- })
- })
- }
- }
+ None if challenge_present && !is_device_unique_attestation => rem_prov_state
+ .get_rkpd_attestation_key_and_certs(key, caller_uid, params)
+ .context(ks_err!("Trying to get attestation key from RKPD."))
+ .map(|result| {
+ result.map(|(attestation_key, attestation_certs)| {
+ AttestationKeyInfo::RkpdProvisioned { attestation_key, attestation_certs }
+ })
+ }),
None => Ok(None),
Some(attest_key) => get_user_generated_attestation_key(attest_key, caller_uid, db)
.context(ks_err!("Trying to load attest key"))