commit 109901d94c6e3f15768f3d9e1ba32803999db672
author Jocelyn Bohr <bohr@google.com> Fri Mar 10 12:27:04 2017 -0800
committer Jocelyn Bohr <bohr@google.com> Tue Aug 22 15:41:02 2017 -0700
tree 85f6406aa079a94debad1a1f5985e1c0446885ec
parent 78307cb1e074bd3d89ec27df23c90dd4fb2094d2

Set TEE RootOfTrust fields in Attestation Extension

Sets RootOfTrust fields in the TEE enforced AuthorizationList of the
Attestation Extension. Previously, there was no generic way to get
get verified boot state from a TEE-based Keymaster implementation.

This was merged earlier but the change disappeared when internal was
pushed to AOSP.

Test: Passes keystore attestation CTS tests on a device with a KM2 TEE
      implementation. Software KM still passes attestation CTS tests.

Change-Id: I4573f5d9d5913a4cb6216d0108498c90262bb243
Merged-In: I24fc0485d5c6aed7cf5b3665cbef12e627123c70

attestation_record.cpp

diff --git a/attestation_record.cpp b/attestation_record.cpp
index 0f7f05f..9d543a5 100644
--- a/attestation_record.cpp
+++ b/attestation_record.cpp
@@ -495,10 +495,29 @@
     } else {
         keymaster_security_level = KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT;
         switch (context.GetSecurityLevel()) {
-        case KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT:
+        case KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT: {
             keymaster_version = kCurrentKeymasterVersion;
-            break;
 
+            // Root of trust is only available in TEE
+            KM_AUTH_LIST* tee_record = key_desc->tee_enforced;
+            tee_record->root_of_trust = KM_ROOT_OF_TRUST_new();
+            keymaster_blob_t verified_boot_key;
+            keymaster_verified_boot_t verified_boot_state;
+            bool device_locked;
+            keymaster_error_t error = context.GetVerifiedBootParams(
+                &verified_boot_key, &verified_boot_state, &device_locked);
+            if (error != KM_ERROR_OK)
+                return error;
+            if (verified_boot_key.data_length &&
+                !ASN1_OCTET_STRING_set(tee_record->root_of_trust->verified_boot_key,
+                                       verified_boot_key.data, verified_boot_key.data_length))
+                return TranslateLastOpenSslError();
+            tee_record->root_of_trust->device_locked = (int*)device_locked;
+            if (!ASN1_ENUMERATED_set(tee_record->root_of_trust->verified_boot_state,
+                                     verified_boot_state))
+                return TranslateLastOpenSslError();
+            break;
+        }
         case KM_SECURITY_LEVEL_SOFTWARE:
             // We're running in software, wrapping some KM hardware.  Is it KM0 or KM1?  KM1 keys
             // have the purpose in the tee_enforced list.  It's possible that a key could be created

include/keymaster/keymaster_context.h

diff --git a/include/keymaster/keymaster_context.h b/include/keymaster/keymaster_context.h
index cf18869..01e66db 100644
--- a/include/keymaster/keymaster_context.h
+++ b/include/keymaster/keymaster_context.h
@@ -196,6 +196,18 @@
         return KM_ERROR_UNIMPLEMENTED;
     }
 
+    /**
+     * Returns verified boot parameters for the Attestation Extension.  For hardware-based
+     * implementations, these will be the values reported by the bootloader. By default,  verified
+     * boot state is unknown, and KM_ERROR_UNIMPLEMENTED is returned.
+     */
+    virtual keymaster_error_t
+    GetVerifiedBootParams(keymaster_blob_t* /* verified_boot_key */,
+                          keymaster_verified_boot_t* /* verified_boot_state */,
+                          bool* /* device_locked */) const {
+        return KM_ERROR_UNIMPLEMENTED;
+    }
+
   private:
     // Uncopyable.
     KeymasterContext(const KeymasterContext&);