system/security.git -

Age	Commit message (Collapse)	Author
2021-05-25	On-device signing: verify the public key.	Martijn Coenen
	While we can generally trust the key properties of the Keystore key to be correct, the public key certificate that Keystore returns in KeyMetadata is simply retrieved from an on-disk database. This allows an attacker that gets filesystem access to simply modify the public key, and we will happily accept that (and the artifacts that are signed with the private key component). To prevent this, sign the public key itself with another HMAC key that carries the same boot level as the signing key. This is secure, because in order to forge such a signature, an attacker would need to create an HMAC key with the same boot level, which is not possible once early boot has passed. Bug: 187862706 Test: TEST_MAPPING Change-Id: I688fff83f73b1df4e91c3fa03c43df647703d9f8
2021-03-08	On-device signing: Support keystore2 for keys.	Martijn Coenen
	Add code to support Keystore2. Keystore2 will offer a feature similar to EARLY_BOOT_KEYS in Keymaster 4.1, but it will also be hardware-enforced in older Keymaster versions. For now, have the code support both paths, and stick with Keymaster 4.1 until Keystore2 is merged. Bug: 165630556 Test: Local Change-Id: If62837bf6fb1398bd30ce9422cbf3082a5cbf1e2