diff options
Diffstat (limited to 'guest/hals/keymint/rust/src/keymint_hal_main.rs')
-rw-r--r-- | guest/hals/keymint/rust/src/keymint_hal_main.rs | 76 |
1 files changed, 1 insertions, 75 deletions
diff --git a/guest/hals/keymint/rust/src/keymint_hal_main.rs b/guest/hals/keymint/rust/src/keymint_hal_main.rs index 5441c6e48..958a2da52 100644 --- a/guest/hals/keymint/rust/src/keymint_hal_main.rs +++ b/guest/hals/keymint/rust/src/keymint_hal_main.rs @@ -15,7 +15,7 @@ //! This crate implements the KeyMint HAL service in Rust, communicating with a Rust //! trusted application (TA) running on the Cuttlefish host. -use kmr_hal::env::get_property; +use kmr_hal_nonsecure::{attestation_id_info, get_boot_info}; use log::{debug, error, info}; use std::ops::DerefMut; use std::os::unix::io::FromRawFd; @@ -174,77 +174,3 @@ fn inner_main() -> Result<(), HalServiceError> { info!("KeyMint HAL service is terminating."); Ok(()) } - -/// Populate attestation ID information based on properties (where available). -fn attestation_id_info() -> kmr_wire::AttestationIdInfo { - let prop = |name| { - get_property(name).unwrap_or_else(|_| format!("{} unavailable", name)).as_bytes().to_vec() - }; - kmr_wire::AttestationIdInfo { - brand: prop("ro.product.brand"), - device: prop("ro.product.device"), - product: prop("ro.product.name"), - serial: prop("ro.serialno"), - manufacturer: prop("ro.product.manufacturer"), - model: prop("ro.product.model"), - // Currently modem_simulator always returns one fixed value. See `handleGetIMEI` in - // device/google/cuttlefish/host/commands/modem_simulator/misc_service.cpp for more details. - // TODO(b/263188546): Use device-specific IMEI values when available. - imei: b"867400022047199".to_vec(), - imei2: b"867400022047199".to_vec(), - meid: vec![], - } -} - -/// Get boot information based on system properties. -fn get_boot_info() -> kmr_wire::SetBootInfoRequest { - // No access to a verified boot key. - let verified_boot_key = vec![0; 32]; - let vbmeta_digest = get_property("ro.boot.vbmeta.digest").unwrap_or_else(|_| "00".repeat(32)); - let verified_boot_hash = hex::decode(&vbmeta_digest).unwrap_or_else(|_e| { - error!("failed to parse hex data in '{}'", vbmeta_digest); - vec![0; 32] - }); - let device_boot_locked = match get_property("ro.boot.vbmeta.device_state") - .unwrap_or_else(|_| "no-prop".to_string()) - .as_str() - { - "locked" => true, - "unlocked" => false, - v => { - error!("Unknown device_state '{}', treating as unlocked", v); - false - } - }; - let verified_boot_state = match get_property("ro.boot.verifiedbootstate") - .unwrap_or_else(|_| "no-prop".to_string()) - .as_str() - { - "green" => 0, // Verified - "yellow" => 1, // SelfSigned - "orange" => 2, // Unverified, - "red" => 3, // Failed, - v => { - error!("Unknown boot state '{}', treating as Unverified", v); - 2 - } - }; - - // Attempt to get the boot patchlevel from a system property. This requires an SELinux - // permission, so fall back to re-using the OS patchlevel if this can't be done. - let boot_patchlevel_prop = get_property("ro.vendor.boot_security_patch").unwrap_or_else(|e| { - error!("Failed to retrieve boot patchlevel: {:?}", e); - get_property(kmr_hal::env::OS_PATCHLEVEL_PROPERTY) - .unwrap_or_else(|_| "1970-09-19".to_string()) - }); - let boot_patchlevel = - kmr_hal::env::extract_patchlevel(&boot_patchlevel_prop).unwrap_or(19700919); - - kmr_wire::SetBootInfoRequest { - verified_boot_key, - device_boot_locked, - verified_boot_state, - verified_boot_hash, - boot_patchlevel, - } -} |