Merge remote-tracking branch 'goog/upstream-master' into citadel-ba9f1d086

* goog/upstream-master:
  keymaster: remove unused buffer and blockMode fields
  AuthSecret: fix update reboot logic
  Keymaster HAL: fixed stoi exception.
  keymaster: rpc scaffolding for attestation
  keymaster: add rsa and ec support to update()
  keymaster: add buffering layer
  Add NOTICE files to get copyright info published
  NUGGET_PARAM_ENABLE_UPDATE tells us whether it worked or not
  Fix build breakage on pi-dev-plus-aosp-without-vendor
  Keymaster HAL: Fix the format of the OS version.

Bug: 109864210
Test: Update, boot, set and unlock with PIN
Change-Id: Iac8bc0aeff1a5f8ff9fa522ec45048bfc66b0bc2
tree: 6cfb5e13f7e1a6cc888781af89499544b2f294f7
  1. Android.bp
  2. LICENSE
  3. METADATA
  4. MODULE_LICENSE_APACHE2
  5. NOTICE
  6. README.md
  7. citadel/
  8. hals/
  9. manual_tests/
README.md

Android components for Nugget

Android communicates with Nugget apps in order to implement security related HALs. Currently, those HALs are Keymaster, Weaver and OemLock.

Services

Apps that define a protobuf service will have an app interface class autogenerated. These classes will wrap a NuggetClient. The generator can be found in the generator directory.

Asynchronous communication

Work in progress.

Currently, everything is synchronous and just exposes the call_application() function from the Nugget transport API. In future, asynchronous calls may be desired. Support for this could be added in:

  • Nugget transport API
  • NuggetClient on top of call_application()
  • Generated services

citadel

This directory contains the components to support Citadel connected to Android.