Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 618869e08ca57d79f99133a70932ed355730b717
commit618869e08ca57d79f99133a70932ed355730b717[log] [tgz]
authorPaul Crowley <paulcrowley@google.com>Thu Apr 08 20:30:54 2021 -0700
committerPaul Crowley <paulcrowley@google.com>Tue Apr 27 12:11:25 2021 -0700
tree65fb8c4ae5e761e3e961a16172b93f521cb3b4ce
parentef611e54ff2cf92cdc69237eb06562a620a165ac [diff]
Biometric support for UNLOCKED_DEVICE_REQUIRED

When the device is locked, keystore is passed a list of biometric
SIDs which should allow unlock of UNLOCKED_DEVICE_REQUIRED keys.
It creates a KM key protected by these SIDs and uses it to encrypt
the UNLOCKED_DEVICE_REQUIRED secrets, and uses this key to recover
those secrets when the device is unlocked.

Test: aosp/1686345
Bug: 163866361
Change-Id: Ic73ed0089cd9567a83c38aed61e20215862aa0be
5 files changed
tree: 65fb8c4ae5e761e3e961a16172b93f521cb3b4ce
  1. fsverity_init/
  2. identity/
  3. keystore/
  4. keystore-engine/
  5. keystore2/
  6. ondevice-signing/
  7. provisioner/
  8. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  9. .clang-format
  10. .gitignore
  11. Android.bp
  12. METADATA
  13. MODULE_LICENSE_APACHE2
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg