Fix strict keymaster configuration checking. With keymaster 4 a new security level strongbox was introduced. When strongbox is present a TEE Keymaster implementation must also be present. Checking this rule strictly poses complications for the teams integrating these implementations. This patch relaxes the Keystores bootstrapping such that Keymaster4 strongbox implementations are ignored as long as there is no Keymaster4 TEE implementation present. This allows Keystore to fall back to Keymaster3 even though Keymaster4 strongbox is present. Change-Id: I06215cb4adfc09e90aea0c24866294a91c5601bc

commit: d7876e63715e7adb43be86c6d99176dbb15233b9 [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Tue Jan 02 17:57:58 2018 -0800
committer: Janis Danisevskis <jdanis@google.com> Tue Jan 02 17:57:58 2018 -0800
tree: 1c20c193fddc7f843a9e98b3a941a5d42d997398
parent: abaf4d88d8ef3061de05da7034fc28b2ba880e71 [diff]
diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp
index 31b9704..d5e20ba 100644
--- a/keystore/keystore_main.cpp
+++ b/keystore/keystore_main.cpp

@@ -158,8 +158,6 @@
     auto serviceManager = android::hidl::manager::V1_1::IServiceManager::getService();
     CHECK(serviceManager.get()) << "Failed to get ServiceManager";
     auto result = enumerateKeymasterDevices<Keymaster4>(serviceManager.get());
-    CHECK(result[SecurityLevel::TRUSTED_ENVIRONMENT] || !result[SecurityLevel::STRONGBOX])
-        << "We cannot have a Strongbox keymaster implementation without a TEE implementation";
     auto softKeymaster = result[SecurityLevel::SOFTWARE];
     if (result[SecurityLevel::TRUSTED_ENVIRONMENT]) {
         performHmacKeyHandshake(
commit	d7876e63715e7adb43be86c6d99176dbb15233b9	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Tue Jan 02 17:57:58 2018 -0800
committer	Janis Danisevskis <jdanis@google.com>	Tue Jan 02 17:57:58 2018 -0800
tree	1c20c193fddc7f843a9e98b3a941a5d42d997398
parent	abaf4d88d8ef3061de05da7034fc28b2ba880e71 [diff]