| 98b998b59a417bb22b88587eac8311efd08169b9 |
|
20-Jan-2018 |
Shawn Willden <swillden@google.com> |
Support library enhancements, to ease transition of vold to KM4
Keymaster clients need to see all the available devices and figure out
which they want to use. This method finds them all and returns them
in a vector sorted from most secure to least, according to a heuristic
defined in Keymaster::VersionResult::operator<
This CL also makes a few other minor improvements to the support
library, providing more information in VersionResult and adding some
more convenience methods in AuthorizationSetBuilder.
Test: Build & boot
Change-Id: I876238ee9ff72573c30d60e1cec665dd610bcde6
/hardware/interfaces/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
|
| 1e50c676f6fe5cfa726b66b2c6ba57084a3888e8 |
|
10-Nov-2017 |
Shawn Willden <swillden@google.com> |
Add Keymaster V4.0
This CL merely duplicates all of the Keymaster V3.0 functionality and
VTS tests, and provides a pure software implementation of the 4.0 HAL,
which passes the VTS tests. Future CLs will remove some cruft and
unused features, then add new features and accompanying tests.
Note that the reason that this is V4.0 rather than V3.1 is because V4.0
will not be fully backward compatible with V3.0. Specifically, V4.0
will allow for "StrongBox" implementations, which will only provide a
subset of Keymaster functionality. StrongBox versions of Keymaster will
be implemented in discrete, special-purpose hardware which will
generally be much less powerful (slower, less RAM, etc.) than is needed
to support a full Keymaster implementation.
So, while the V4.0 interface will be a strict superset of the V3.0
interface, which could normally be best implemented as an extension, it
will allow StrongBox implementations which are unable to pass the V3.0
test suite, which means that it will not be true that a V4.0
impementation IS-A V3.0 implementation, as would be expected of a V3.1
implementation. The V4.0 test suite will distinguish between StrongBox
and non-StrongBox implementations and enforce appropriately-reduced
requirements on the former.
In addition to the duplication, 4.0 also cleans up some cruft from 3.0:
- Removes tags and types which were in previous versions but never
used;
- Removes support for wrapping pre-Treble keymaster HALs with KM4,
since they'll only be wrapped by the default KM3 implementation;
- Renames the ROLLBACK_RESISTANT tag to ROLLBACK_RESISTANCE and
defines new semantics for it;
- Changes auth token handling to use the HardwareAuthToken struct
passed in as an explicit argument to the relevant methods,
rather than an opaque byte vector provided as a KeyParameter;
- Updates the VTS tests to use a gtest "environment" for better
integration with VTS test infrastructure;
- Adds a test for upgradeKey.
- Makes comment formatting more consistent, including using the
correct two-space typographical convention to separate sentences.
Bug: 63931634
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I3f01a4991beaa5c4332f72c91e8878a3bf0dec67
/hardware/interfaces/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
|