diff options
author | Max Bires <jbires@google.com> | 2022-02-08 14:40:59 -0800 |
---|---|---|
committer | Max Bires <jbires@google.com> | 2022-02-12 18:29:54 +0000 |
commit | 8f4ca37dde4027588bdb8429026b0b5d81f1dc18 (patch) | |
tree | 10f414def1b2cef24d3d86fc98e674376da65bb2 | |
parent | 92050f5ffec07093fd07511b4d4191a692181e68 (diff) | |
download | keymaster-8f4ca37dde4027588bdb8429026b0b5d81f1dc18.tar.gz |
Updating app/keymaster to IRPC HAL V2
This change makes the necessary updates to the
TrustyRemoteProvisioningContext to make the implementation compliant
with version 2 of the IRemotelyProvisionedComponent HAL. Primarily, this
is composed of some changes to the DeviceInfo construction.
1) fused field indicating whether SecureBoot is enabled.
2) propagating all patchlevel values from KM
Bug: 215444522
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I2c5eeceaf1204627fbf5e75ad34547cfbb09a8fb
-rw-r--r-- | trusty_keymaster_context.h | 3 | ||||
-rw-r--r-- | trusty_remote_provisioning_context.cpp | 14 | ||||
-rw-r--r-- | trusty_remote_provisioning_context.h | 9 |
3 files changed, 26 insertions, 0 deletions
diff --git a/trusty_keymaster_context.h b/trusty_keymaster_context.h index 62b09f4..a49eaee 100644 --- a/trusty_keymaster_context.h +++ b/trusty_keymaster_context.h @@ -167,6 +167,8 @@ public: return KM_ERROR_INVALID_ARGUMENT; } vendor_patchlevel_ = vendor_patchlevel; + trusty_remote_provisioning_context_->SetVendorPatchlevel( + vendor_patchlevel); return KM_ERROR_OK; } @@ -177,6 +179,7 @@ public: return KM_ERROR_INVALID_ARGUMENT; } boot_patchlevel_ = boot_patchlevel; + trusty_remote_provisioning_context_->SetBootPatchlevel(boot_patchlevel); return KM_ERROR_OK; } diff --git a/trusty_remote_provisioning_context.cpp b/trusty_remote_provisioning_context.cpp index df83016..8ea9046 100644 --- a/trusty_remote_provisioning_context.cpp +++ b/trusty_remote_provisioning_context.cpp @@ -21,6 +21,7 @@ #include <keymaster/logger.h> #include <lib/hwbcc/client/hwbcc.h> #include <lib/hwkey/hwkey.h> +#include <lib/system_state/system_state.h> #include <openssl/bn.h> #include <openssl/ec.h> #include <openssl/hkdf.h> @@ -128,9 +129,21 @@ std::unique_ptr<cppbor::Map> TrustyRemoteProvisioningContext::CreateDeviceInfo() } result->add("bootloader_state", bootParams_->device_locked ? "locked" : "unlocked"); + result->add("vbmeta_digest", + cppbor::Bstr(bootParams_->verified_boot_hash.begin(), + bootParams_->verified_boot_hash.end())); result->add("os_version", std::to_string(bootParams_->boot_os_version)); result->add("system_patch_level", cppbor::Uint(bootParams_->boot_os_patchlevel)); + result->add("boot_patch_level", cppbor::Uint(boot_patchlevel_)); + result->add("vendor_patch_level", cppbor::Uint(vendor_patchlevel_)); + result->add("fused", system_state_get_flag_default( + SYSTEM_STATE_FLAG_APP_LOADING_UNLOCKED, + 0 /* default */) + ? 0 + : 1); + result->add("security_level", "tee"); + result->add("version", 2); } result->canonicalize(); @@ -183,4 +196,5 @@ void TrustyRemoteProvisioningContext::SetBootParams( bootParamsSet_ = true; bootParams_ = bootParams; } + } // namespace keymaster diff --git a/trusty_remote_provisioning_context.h b/trusty_remote_provisioning_context.h index 98d98f6..77b010d 100644 --- a/trusty_remote_provisioning_context.h +++ b/trusty_remote_provisioning_context.h @@ -50,10 +50,19 @@ public: std::optional<cppcose::HmacSha256> GenerateHmacSha256( const cppcose::bytevec& input) const override; void SetBootParams(const BootParams* bootParams); + void SetVendorPatchlevel(uint32_t vendor_patchlevel) { + vendor_patchlevel_ = vendor_patchlevel; + } + + void SetBootPatchlevel(uint32_t boot_patchlevel) { + boot_patchlevel_ = boot_patchlevel; + } private: bool bootParamsSet_ = false; const BootParams* bootParams_ = nullptr; + uint32_t vendor_patchlevel_ = 0; + uint32_t boot_patchlevel_ = 0; }; } // namespace keymaster |