Provide alternate SE RoT provisioning path. On some devices it is infeasible to provision the KeyMint RoT bits in the Android Bootloader. This provides an alternate path to provision them from the TEE during early boot. Bug: 219076736 Test: VtsAidlKeyMintTargetTest Change-Id: I8e19a1096087780f8c979f5a6b37f4100e41a975 Merged-In: I8e19a1096087780f8c979f5a6b37f4100e41a975

commit: e2fac0c976e09739f706e34f720ac7c616fa60c0 [log] [tgz]
author: Shawn Willden <swillden@google.com> Thu Feb 17 15:46:14 2022 -0700
committer: Shawn Willden <swillden@google.com> Tue Feb 22 23:50:50 2022 -0700
tree: 6c236b4fcb2d744f719defa5c4b092da34664d78
parent: bc19d0ae3f42b9debfe3e34590f4fad0344c251c [diff] [blame]
diff --git a/keystore2/src/km_compat.rs b/keystore2/src/km_compat.rs
index 84855df..788beef 100644
--- a/keystore2/src/km_compat.rs
+++ b/keystore2/src/km_compat.rs

@@ -299,6 +299,15 @@
             KeyBlob::Wrapped(keyblob) => self.soft.getKeyCharacteristics(keyblob, app_id, app_data),
         }
     }
+    fn getRootOfTrustChallenge(&self) -> binder::Result<[u8; 16]> {
+        self.real.getRootOfTrustChallenge()
+    }
+    fn getRootOfTrust(&self, challenge: &[u8; 16]) -> binder::Result<Vec<u8>> {
+        self.real.getRootOfTrust(challenge)
+    }
+    fn sendRootOfTrust(&self, root_of_trust: &[u8]) -> binder::Result<()> {
+        self.real.sendRootOfTrust(root_of_trust)
+    }
     fn convertStorageKeyToEphemeral(&self, storage_keyblob: &[u8]) -> binder::Result<Vec<u8>> {
         // Storage keys should never be associated with a software emulated device.
         self.real.convertStorageKeyToEphemeral(storage_keyblob)
commit	e2fac0c976e09739f706e34f720ac7c616fa60c0	[log] [tgz]
author	Shawn Willden <swillden@google.com>	Thu Feb 17 15:46:14 2022 -0700
committer	Shawn Willden <swillden@google.com>	Tue Feb 22 23:50:50 2022 -0700
tree	6c236b4fcb2d744f719defa5c4b092da34664d78
parent	bc19d0ae3f42b9debfe3e34590f4fad0344c251c [diff] [blame]