Remove attestation checks that fail on unlocked devices.
CTS tests apparently must be able to pass on unlocked devices. The
KeyAttestation test verifies that devices are locked and have passed
verified boot, which should always be the case on production devices,
but will not be the case when devices are unlocked. Ideally, we should
check that the attestation reports the same status that the system
believes it is in, but there is no publicly accessible API to check
the system's opinion of those states.
We have the same tests in GTS, so GMS devices will be verified as locked
and verified, which will have to do for now. For the future, we'll look
into how we can enforce this in CTS as well. Perhaps Keystore should
verify that the system's view of lock and verified boot states agree
with Keymaster's, and fail to return an attestation if they disagree.
Bug: 64491813
Test: runtest --path cts/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java
Change-Id: Ic9187667bc0e82a3f908af1520943d9ac896e11e
(cherry picked from commit 34dc99b744d7c61a51019a907f8eb99dfeb2a888)
1 file changed
