1 files changed, 1 insertions, 75 deletions
diff --git a/guest/hals/keymint/rust/src/keymint_hal_main.rs b/guest/hals/keymint/rust/src/keymint_hal_main.rs
index 5441c6e48..958a2da52 100644
--- a/guest/hals/keymint/rust/src/keymint_hal_main.rs
+++ b/guest/hals/keymint/rust/src/keymint_hal_main.rs
@@ -15,7 +15,7 @@
 //! This crate implements the KeyMint HAL service in Rust, communicating with a Rust
 //! trusted application (TA) running on the Cuttlefish host.
 
-use kmr_hal::env::get_property;
+use kmr_hal_nonsecure::{attestation_id_info, get_boot_info};
 use log::{debug, error, info};
 use std::ops::DerefMut;
 use std::os::unix::io::FromRawFd;
@@ -174,77 +174,3 @@ fn inner_main() -> Result<(), HalServiceError> {
     info!("KeyMint HAL service is terminating.");
     Ok(())
 }
-
-/// Populate attestation ID information based on properties (where available).
-fn attestation_id_info() -> kmr_wire::AttestationIdInfo {
-    let prop = |name| {
-        get_property(name).unwrap_or_else(|_| format!("{} unavailable", name)).as_bytes().to_vec()
-    };
-    kmr_wire::AttestationIdInfo {
-        brand: prop("ro.product.brand"),
-        device: prop("ro.product.device"),
-        product: prop("ro.product.name"),
-        serial: prop("ro.serialno"),
-        manufacturer: prop("ro.product.manufacturer"),
-        model: prop("ro.product.model"),
-        // Currently modem_simulator always returns one fixed value. See `handleGetIMEI` in
-        // device/google/cuttlefish/host/commands/modem_simulator/misc_service.cpp for more details.
-        // TODO(b/263188546): Use device-specific IMEI values when available.
-        imei: b"867400022047199".to_vec(),
-        imei2: b"867400022047199".to_vec(),
-        meid: vec![],
-    }
-}
-
-/// Get boot information based on system properties.
-fn get_boot_info() -> kmr_wire::SetBootInfoRequest {
-    // No access to a verified boot key.
-    let verified_boot_key = vec![0; 32];
-    let vbmeta_digest = get_property("ro.boot.vbmeta.digest").unwrap_or_else(|_| "00".repeat(32));
-    let verified_boot_hash = hex::decode(&vbmeta_digest).unwrap_or_else(|_e| {
-        error!("failed to parse hex data in '{}'", vbmeta_digest);
-        vec![0; 32]
-    });
-    let device_boot_locked = match get_property("ro.boot.vbmeta.device_state")
-        .unwrap_or_else(|_| "no-prop".to_string())
-        .as_str()
-    {
-        "locked" => true,
-        "unlocked" => false,
-        v => {
-            error!("Unknown device_state '{}', treating as unlocked", v);
-            false
-        }
-    };
-    let verified_boot_state = match get_property("ro.boot.verifiedbootstate")
-        .unwrap_or_else(|_| "no-prop".to_string())
-        .as_str()
-    {
-        "green" => 0,  // Verified
-        "yellow" => 1, // SelfSigned
-        "orange" => 2, // Unverified,
-        "red" => 3,    // Failed,
-        v => {
-            error!("Unknown boot state '{}', treating as Unverified", v);
-            2
-        }
-    };
-
-    // Attempt to get the boot patchlevel from a system property.  This requires an SELinux
-    // permission, so fall back to re-using the OS patchlevel if this can't be done.
-    let boot_patchlevel_prop = get_property("ro.vendor.boot_security_patch").unwrap_or_else(|e| {
-        error!("Failed to retrieve boot patchlevel: {:?}", e);
-        get_property(kmr_hal::env::OS_PATCHLEVEL_PROPERTY)
-            .unwrap_or_else(|_| "1970-09-19".to_string())
-    });
-    let boot_patchlevel =
-        kmr_hal::env::extract_patchlevel(&boot_patchlevel_prop).unwrap_or(19700919);
-
-    kmr_wire::SetBootInfoRequest {
-        verified_boot_key,
-        device_boot_locked,
-        verified_boot_state,
-        verified_boot_hash,
-        boot_patchlevel,
-    }
-}