Google Git
Sign in
android / trusty / app / keymaster / 78a232d7446b02e0708430266512c8eca87685bf
commit78a232d7446b02e0708430266512c8eca87685bf[log] [tgz]
authorMax Bires <jbires@google.com>Sun Jun 13 12:53:32 2021 -0700
committerShawn Willden <swillden@google.com>Tue Jun 15 17:13:47 2021 -0600
treec7246fe53d6253bfeb8376d8fe4788d554d1bb25
parentca1179c5381dcd5d15aca56616f0b8e87f25b752 [diff]
Adding an API for reading/writing Attestation IDs

Trusty needs to be able to have Attestation IDs (product, manufacturer,
device, IMEI, etc) provisioned into secure storage in order to be KM
compliant. Device IDs should only be attested if the values passed in
from frameworks matches the values provisioned into the TEE, or not at
all if destroyAttestationIds() is called on the KM HAL/AIDL interface.

This commit introduces the mechanism for storing and reading those
device IDs. Notably, the IDs can only be provisioned once unless
KEYMASTER_DEBUG is set to true.

Bug: 178796950
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I05737996514c0ac2f67d6492bb516305519eddb4
13 files changed
tree: c7246fe53d6253bfeb8376d8fe4788d554d1bb25
  1. atap/
  2. device_unittest/
  3. host_unittest/
  4. ipc/
  5. .clang-format
  6. build-config-usertests
  7. keymaster_attributes.pb.c
  8. keymaster_attributes.pb.h
  9. keymaster_attributes.proto
  10. LICENSE
  11. manifest.json
  12. openssl_keymaster_enforcement.cpp
  13. openssl_keymaster_enforcement.h
  14. OWNERS
  15. PREUPLOAD.cfg
  16. rules.mk
  17. secure_storage_manager.cpp
  18. secure_storage_manager.h
  19. trusty_aes_key.cpp
  20. trusty_aes_key.h
  21. trusty_keymaster.cpp
  22. trusty_keymaster.h
  23. trusty_keymaster_context.cpp
  24. trusty_keymaster_context.h
  25. trusty_keymaster_enforcement.cpp
  26. trusty_keymaster_enforcement.h
  27. trusty_keymaster_messages.h
  28. trusty_logger.h
  29. usertests-inc.mk