Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / fdb9c76d1ea45646b9028c003949ee509fba7138
commitfdb9c76d1ea45646b9028c003949ee509fba7138[log] [tgz]
authorSatya Tangirala <satyat@google.com>Tue Mar 09 22:34:22 2021 -0800
committerSatya Tangirala <satyat@google.com>Tue Mar 09 22:39:35 2021 -0800
treeb64b084fe5a9772bd04c10c95c178fe8bfd09652
parent392e536f4c82bc5d5fbbd4b270e3a5db547a6ab1 [diff]
Keystore 2.0: Don't use DB unconditionally in generate_key()

The global DB can only be initialized after /data is mounted, so we can't
access it before /data is mounted. In particular, generate_key() was
accessing DB unconditionally to handle key attestation, which won't work
once keystore2 starts before /data is mounted.

This patch makes generate_key() directly handle the case when we have a
Domain::BLOB key with no attestation key to avoid initializing DB.

Bug: 181910578
Test: Make keystore2 boot early and call generate_key from vold
      before /data is mounted
Change-Id: I6c61caab681ce462e52cfa497ea699abc6aa3984
1 file changed
tree: b64b084fe5a9772bd04c10c95c178fe8bfd09652
  1. fsverity_init/
  2. identity/
  3. keystore/
  4. keystore-engine/
  5. keystore2/
  6. ondevice-signing/
  7. provisioner/
  8. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  9. .clang-format
  10. .gitignore
  11. Android.bp
  12. METADATA
  13. MODULE_LICENSE_APACHE2
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg