diff options
author | David Drysdale <drysdale@google.com> | 2024-04-29 07:25:08 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2024-04-29 07:25:08 +0000 |
commit | b2adc861ee386eca31608f000cb6ed59f2ea8e8b (patch) | |
tree | 96c360fe3551eb84fa170cf2262df7589c962388 | |
parent | e4d1d2dec7c20aa3233b5ee1b6cb6bb552be1b57 (diff) | |
parent | 33a132f13f17c06403b66ab94e8f7aa26b21d167 (diff) | |
download | interfaces-b2adc861ee386eca31608f000cb6ed59f2ea8e8b.tar.gz |
Merge "KeyMint: more warnings around non-secure test impl" into main
-rw-r--r-- | security/keymint/aidl/default/Android.bp | 14 | ||||
-rw-r--r-- | security/keymint/aidl/default/main.rs | 10 |
2 files changed, 21 insertions, 3 deletions
diff --git a/security/keymint/aidl/default/Android.bp b/security/keymint/aidl/default/Android.bp index 0cf53cf6f8..fbb61401b9 100644 --- a/security/keymint/aidl/default/Android.bp +++ b/security/keymint/aidl/default/Android.bp @@ -7,6 +7,13 @@ package { default_applicable_licenses: ["hardware_interfaces_license"], } +// The following target has an insecure implementation of KeyMint where the +// trusted application (TA) code runs in-process alongside the HAL service +// code. +// +// A real device is required to run the TA code in a secure environment, as +// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an +// isolated execution environment." cc_binary { name: "android.hardware.security.keymint-service", relative_install_path: "hw", @@ -46,6 +53,13 @@ cc_binary { ], } +// The following target has an insecure implementation of KeyMint where the +// trusted application (TA) code runs in-process alongside the HAL service +// code. +// +// A real device is required to run the TA code in a secure environment, as +// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an +// isolated execution environment." rust_binary { name: "android.hardware.security.keymint-service.nonsecure", relative_install_path: "hw", diff --git a/security/keymint/aidl/default/main.rs b/security/keymint/aidl/default/main.rs index 055c698e2f..47143f49fa 100644 --- a/security/keymint/aidl/default/main.rs +++ b/security/keymint/aidl/default/main.rs @@ -17,11 +17,15 @@ //! Default implementation of the KeyMint HAL and related HALs. //! //! This implementation of the HAL is only intended to allow testing and policy compliance. A real -//! implementation **must be implemented in a secure environment**. +//! implementation **must implement the TA in a secure environment**, as per CDD 9.11 [C-1-1]: +//! "MUST back up the keystore implementation with an isolated execution environment." +//! +//! The additional device-specific components that are required for a real implementation of KeyMint +//! that is based on the Rust reference implementation are described in system/keymint/README.md. use kmr_hal::SerializedChannel; use kmr_hal_nonsecure::{attestation_id_info, get_boot_info}; -use log::{debug, error, info}; +use log::{debug, error, info, warn}; use std::ops::DerefMut; use std::sync::{mpsc, Arc, Mutex}; @@ -62,7 +66,7 @@ fn inner_main() -> Result<(), HalServiceError> { error!("{}", panic_info); })); - info!("Insecure KeyMint HAL service is starting."); + warn!("Insecure KeyMint HAL service is starting."); info!("Starting thread pool now."); binder::ProcessState::start_thread_pool(); |