On-device signing: Support keystore2 for keys. Add code to support Keystore2. Keystore2 will offer a feature similar to EARLY_BOOT_KEYS in Keymaster 4.1, but it will also be hardware-enforced in older Keymaster versions. For now, have the code support both paths, and stick with Keymaster 4.1 until Keystore2 is merged. Bug: 165630556 Test: Local Change-Id: If62837bf6fb1398bd30ce9422cbf3082a5cbf1e2

commit: ba1c9dc8a432050e13e8bbd90b51cad1cd982752 [log] [tgz]
author: Martijn Coenen <maco@google.com> Thu Feb 04 13:18:29 2021 +0100
committer: Martijn Coenen <maco@google.com> Mon Mar 08 16:31:53 2021 +0100
tree: 51a2cbd300d206f1b69e3a07424f98dd35037c5b
parent: 5588e4958bfda09dcbe4b441af262ebbbd48b1af [diff] [blame]
diff --git a/ondevice-signing/VerityUtils.h b/ondevice-signing/VerityUtils.h
index d913073..84af319 100644
--- a/ondevice-signing/VerityUtils.h
+++ b/ondevice-signing/VerityUtils.h

@@ -18,10 +18,11 @@
 
 #include <android-base/result.h>
 
-#include "KeymasterSigningKey.h"
+#include "SigningKey.h"
 
+android::base::Result<void> addCertToFsVerityKeyring(const std::string& path);
 android::base::Result<std::vector<uint8_t>> createDigest(const std::string& path);
 android::base::Result<std::map<std::string, std::string>>
 verifyAllFilesInVerity(const std::string& path);
 android::base::Result<std::map<std::string, std::string>>
-addFilesToVerityRecursive(const std::string& path, const KeymasterSigningKey& key);
+addFilesToVerityRecursive(const std::string& path, const SigningKey& key);
commit	ba1c9dc8a432050e13e8bbd90b51cad1cd982752	[log] [tgz]
author	Martijn Coenen <maco@google.com>	Thu Feb 04 13:18:29 2021 +0100
committer	Martijn Coenen <maco@google.com>	Mon Mar 08 16:31:53 2021 +0100
tree	51a2cbd300d206f1b69e3a07424f98dd35037c5b
parent	5588e4958bfda09dcbe4b441af262ebbbd48b1af [diff] [blame]