Add a dumpsys implementation for attestation_verification service.
Example output:
$ adb shell dumpsys attestation_verification
AttestationVerificationManagerService
Event Log:
Verification #2 [2024-04-25 22:09:52]
Result: FAILURE(2)
Certificate Chain Valid (inc. Trust Anchor): FAILURE
Verification #1 [2024-04-25 22:08:37]
Result: FAILURE(2)
Certificate Chain Valid (inc. Trust Anchor): FAILURE
Seeing a result from dumpsys that doesn't fail will need to wait until
there is a user-signed build to test on a locked device. However, here's
an example output from a unit test:
04-25 15:23:23.954 408 467 D AVFTest : Verification #1 [2024-04-25 22:23:23]
04-25 15:23:23.954 408 467 D AVFTest : Result: FAILURE(2)
04-25 15:23:23.954 408 467 D AVFTest : Certificate Chain Valid (inc. Trust Anchor): OK
04-25 15:23:23.954 408 467 D AVFTest : Local Binding: OK
04-25 15:23:23.954 408 467 D AVFTest : Binding Type: 3
04-25 15:23:23.954 408 467 D AVFTest : System Ownership: FAILURE
04-25 15:23:23.954 408 467 D AVFTest : KeyStore Attestation Parameters
04-25 15:23:23.954 408 467 D AVFTest : OS Version >= 10: OK
04-25 15:23:23.954 408 467 D AVFTest : OS Patch Level in Range: OK
04-25 15:23:23.954 408 467 D AVFTest : Attestation Version >= 3: OK
04-25 15:23:23.954 408 467 D AVFTest : Keymaster Version >= 4: OK
04-25 15:23:23.954 408 467 D AVFTest : Keymaster HW-Backed: OK
04-25 15:23:23.954 408 467 D AVFTest : Key is HW Backed: OK
04-25 15:23:23.954 408 467 D AVFTest : Boot State is VERIFIED: OK
04-25 15:23:23.954 408 467 D AVFTest : Verified Boot is LOCKED: OK
04-25 15:23:23.954 408 467 D AVFTest : Key Boot Level in Range: OK
04-25 15:23:23.954 408 467 D AVFTest : Key Vendor Patch Level in Range: OK
Bug: 335498868
Test: atest AttestationVerificationTest
Change-Id: Iea0b19b3c3a25c5800ebd6fad85c0829a2cfa2b1
Flag: android.security.dump_attestation_verifications
Loading
Please register or sign in to comment