Phase out keymaster fallback support
Keystore uses two different keymaster devices.
One device is provided by the OEM providing
hardware/trust zone backed functionality. The other
is a pure software implementation of keymaster.
The latter was used when a "hardware" implementation
failed generating or importing keys with certain
parameters.
This tolerance of misbehaving "hardware" implementations
had the effect that this behavior has done unnoticed for
too long. Therefore, we are phasing out the fallback
device.
This patch ensures that on devices with hardware
implementations supporting keymaster 2.0 and higher
there will be no fallback device papering over failures
in the underlying keymaster implementation.
Test: given a faulty KM2.0 implementation, import and generation
of keys with otherwise supported parameters returns an error
Change-Id: I8c2118e72558c326031368df13e836c3ef6b1da1
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 2d9de5d..02c39df 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -40,8 +40,10 @@
using namespace keystore;
-KeyStore::KeyStore(Entropy* entropy, const km_device_t& device, const km_device_t& fallback)
- : mEntropy(entropy), mDevice(device), mFallbackDevice(fallback) {
+KeyStore::KeyStore(Entropy* entropy, const km_device_t& device, const km_device_t& fallback,
+ bool allowNewFallback)
+ : mEntropy(entropy), mDevice(device), mFallbackDevice(fallback),
+ mAllowNewFallback(allowNewFallback) {
memset(&mMetaData, '\0', sizeof(mMetaData));
}