Update CreateDeviceInfo() implementation
Bug: 260920864
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Test: atest RemoteProvisionerUnitTests
Change-Id: I0354e98cfb05f6599998aa264a4c19133a93b84f
diff --git a/host/commands/secure_env/tpm_remote_provisioning_context.cpp b/host/commands/secure_env/tpm_remote_provisioning_context.cpp
index c6b5610..a4f9265 100644
--- a/host/commands/secure_env/tpm_remote_provisioning_context.cpp
+++ b/host/commands/secure_env/tpm_remote_provisioning_context.cpp
@@ -65,8 +65,8 @@
return result;
}
-std::unique_ptr<cppbor::Map> TpmRemoteProvisioningContext::CreateDeviceInfo()
- const {
+std::unique_ptr<cppbor::Map> TpmRemoteProvisioningContext::CreateDeviceInfo(
+ uint32_t csrVersion) const {
auto result = std::make_unique<cppbor::Map>();
result->add(cppbor::Tstr("brand"), cppbor::Tstr("Google"));
result->add(cppbor::Tstr("manufacturer"), cppbor::Tstr("Google"));
@@ -100,7 +100,10 @@
result->add(cppbor::Tstr("vendor_patch_level"),
cppbor::Uint(*vendor_patchlevel_));
}
- result->add(cppbor::Tstr("version"), cppbor::Uint(2));
+ // "version" field was removed from DeviceInfo in CSR v3.
+ if (csrVersion < 3) {
+ result->add(cppbor::Tstr("version"), cppbor::Uint(csrVersion));
+ }
result->add(cppbor::Tstr("fused"), cppbor::Uint(0));
result->add(cppbor::Tstr("security_level"), cppbor::Tstr("tee"));
result->canonicalize();
@@ -228,9 +231,10 @@
cppcose::ErrMsgOr<cppbor::Array> TpmRemoteProvisioningContext::BuildCsr(
const std::vector<uint8_t>& challenge, cppbor::Array keysToSign) const {
- auto deviceInfo = std::move(*CreateDeviceInfo());
+ uint32_t csrVersion = 3;
+ auto deviceInfo = std::move(*CreateDeviceInfo(csrVersion));
auto csrPayload = cppbor::Array()
- .add(3 /* version */)
+ .add(csrVersion)
.add("keymint" /* CertificateType */)
.add(std::move(deviceInfo))
.add(std::move(keysToSign));
diff --git a/host/commands/secure_env/tpm_remote_provisioning_context.h b/host/commands/secure_env/tpm_remote_provisioning_context.h
index 8167fea..726656f 100644
--- a/host/commands/secure_env/tpm_remote_provisioning_context.h
+++ b/host/commands/secure_env/tpm_remote_provisioning_context.h
@@ -33,7 +33,8 @@
~TpmRemoteProvisioningContext() override = default;
std::vector<uint8_t> DeriveBytesFromHbk(const std::string& context,
size_t numBytes) const override;
- std::unique_ptr<cppbor::Map> CreateDeviceInfo() const override;
+ std::unique_ptr<cppbor::Map> CreateDeviceInfo(
+ uint32_t csrVersion) const override;
cppcose::ErrMsgOr<std::vector<uint8_t>> BuildProtectedDataPayload(
bool isTestMode, //
const std::vector<uint8_t>& macKey, //