Phase out keymaster fallback support
Keystore uses two different keymaster devices.
One device is provided by the OEM providing
hardware/trust zone backed functionality. The other
is a pure software implementation of keymaster.
The latter was used when a "hardware" implementation
failed generating or importing keys with certain
parameters.
This tolerance of misbehaving "hardware" implementations
had the effect that this behavior has done unnoticed for
too long. Therefore, we are phasing out the fallback
device.
This patch ensures that on devices with hardware
implementations supporting keymaster 2.0 and higher
there will be no fallback device papering over failures
in the underlying keymaster implementation.
Test: given a faulty KM2.0 implementation, import and generation
of keys with otherwise supported parameters returns an error
Change-Id: I8c2118e72558c326031368df13e836c3ef6b1da1
4 files changed