Google Git
Sign in
android / platform / system / keymaster / 109901d94c6e3f15768f3d9e1ba32803999db672
commit109901d94c6e3f15768f3d9e1ba32803999db672[log] [tgz]
authorJocelyn Bohr <bohr@google.com>Fri Mar 10 12:27:04 2017 -0800
committerJocelyn Bohr <bohr@google.com>Tue Aug 22 15:41:02 2017 -0700
tree85f6406aa079a94debad1a1f5985e1c0446885ec
parent78307cb1e074bd3d89ec27df23c90dd4fb2094d2 [diff]
Set TEE RootOfTrust fields in Attestation Extension

Sets RootOfTrust fields in the TEE enforced AuthorizationList of the
Attestation Extension. Previously, there was no generic way to get
get verified boot state from a TEE-based Keymaster implementation.

This was merged earlier but the change disappeared when internal was
pushed to AOSP.

Test: Passes keystore attestation CTS tests on a device with a KM2 TEE
      implementation. Software KM still passes attestation CTS tests.

Change-Id: I4573f5d9d5913a4cb6216d0108498c90262bb243
Merged-In: I24fc0485d5c6aed7cf5b3665cbef12e627123c70
2 files changed
tree: 85f6406aa079a94debad1a1f5985e1c0446885ec
  1. include/
  2. .clang-format
  3. .gitignore
  4. ae.h
  5. aes_key.cpp
  6. aes_key.h
  7. aes_operation.cpp
  8. aes_operation.h
  9. Android.bp
  10. Android.mk
  11. android_keymaster.cpp
  12. android_keymaster_messages.cpp
  13. android_keymaster_messages_test.cpp
  14. android_keymaster_test.cpp
  15. android_keymaster_test_utils.cpp
  16. android_keymaster_test_utils.h
  17. android_keymaster_utils.cpp
  18. asymmetric_key.cpp
  19. asymmetric_key.h
  20. asymmetric_key_factory.cpp
  21. attestation_record.cpp
  22. attestation_record.h
  23. attestation_record_test.cpp
  24. auth_encrypted_key_blob.cpp
  25. auth_encrypted_key_blob.h
  26. authorization_set.cpp
  27. authorization_set_test.cpp
  28. ec_key.cpp
  29. ec_key.h
  30. ec_key_factory.cpp
  31. ec_keymaster0_key.cpp
  32. ec_keymaster0_key.h
  33. ec_keymaster1_key.cpp
  34. ec_keymaster1_key.h
  35. ec_privkey_pk8.der
  36. ecdsa_keymaster1_operation.cpp
  37. ecdsa_keymaster1_operation.h
  38. ecdsa_operation.cpp
  39. ecdsa_operation.h
  40. ecies_kem.cpp
  41. ecies_kem.h
  42. ecies_kem_test.cpp
  43. gtest_main.cpp
  44. hkdf.cpp
  45. hkdf.h
  46. hkdf_test.cpp
  47. hmac.cpp
  48. hmac.h
  49. hmac_key.cpp
  50. hmac_key.h
  51. hmac_operation.cpp
  52. hmac_operation.h
  53. hmac_test.cpp
  54. integrity_assured_key_blob.cpp
  55. integrity_assured_key_blob.h
  56. iso18033kdf.cpp
  57. iso18033kdf.h
  58. kdf.cpp
  59. kdf.h
  60. kdf1.h
  61. kdf1_test.cpp
  62. kdf2.h
  63. kdf2_test.cpp
  64. kdf_test.cpp
  65. kem.h
  66. key.cpp
  67. key.h
  68. key_blob_test.cpp
  69. key_exchange.h
  70. keymaster0_engine.cpp
  71. keymaster0_engine.h
  72. keymaster1_engine.cpp
  73. keymaster1_engine.h
  74. keymaster_configuration.cpp
  75. keymaster_configuration_test.cpp
  76. keymaster_enforcement.cpp
  77. keymaster_enforcement_test.cpp
  78. keymaster_tags.cpp
  79. km0_sw_rsa_512.blob
  80. km1_sw_ecdsa_256.blob
  81. km1_sw_rsa_512.blob
  82. km1_sw_rsa_512_unversioned.blob
  83. List.h
  84. logger.cpp
  85. Makefile
  86. MODULE_LICENSE_APACHE2
  87. nist_curve_key_exchange.cpp
  88. nist_curve_key_exchange.h
  89. nist_curve_key_exchange_test.cpp
  90. NOTICE
  91. ocb.c
  92. ocb_utils.cpp
  93. ocb_utils.h
  94. openssl_err.cpp
  95. openssl_err.h
  96. openssl_utils.cpp
  97. openssl_utils.h
  98. operation.cpp
  99. operation.h
  100. operation_table.cpp
  101. operation_table.h
  102. OWNERS
  103. rsa_key.cpp
  104. rsa_key.h
  105. rsa_key_factory.cpp
  106. rsa_keymaster0_key.cpp
  107. rsa_keymaster0_key.h
  108. rsa_keymaster1_key.cpp
  109. rsa_keymaster1_key.h
  110. rsa_keymaster1_operation.cpp
  111. rsa_keymaster1_operation.h
  112. rsa_operation.cpp
  113. rsa_operation.h
  114. rsa_privkey_pk8.der
  115. serializable.cpp
  116. soft_keymaster_context.cpp
  117. soft_keymaster_device.cpp
  118. soft_keymaster_logger.cpp
  119. sw_rsa_attest_root.key.pem
  120. symmetric_key.cpp
  121. symmetric_key.h
  122. valgrind.supp