Handle auth token with same timestamp
We observed on some Pixel C that they sometimes generate auth token with
a stuck timestamp value. Since the timestamp value does not increase,
newer auth token is not considered "superceding" old auth tokens and keystore
end up retrieving older auth tokens which are then treated as expired due to
its time_received value being too old.
We workaround this issue by comparing both the timestamp (which is part of
auth token) and the time_received (which is a monotonic clock value at the
time auth token is sent to keystore). So a new auth token with stuck timestamp
value but newer time_received still supercedes older auth tokens.
This is actually sufficient to workaround the issue on Pixel C, since the stuck
timestamp value is returned by the secure RTC, whose value is also used by
keymaster TA to check key authorization. In other words, the auth token is
still good to authorize auth-bound keys, even with a stuck timestamp value.
This does mean that on the affected Pixel C, auth-bound keys are not enforced
at TrustZone leve, but merely a logical check in keystore daemon.
Bug: 65283496
Test: boot device, unlock successfully
Change-Id: I0b9d5463e94241bfaf552dcb31fea04ee966596c
(cherry picked from commit bfb01d904d403087d096658d3830b34d0f931714)
2 files changed
