Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 33a132f1 authored by David Drysdale's avatar David Drysdale
Browse files

KeyMint: more warnings around non-secure test impl 

Make it clearer that the default implementation is non-secure in
various ways, most notably because the TA code is running in-process
in the HAL service.

Bug: 314513765
Test: VtsAidlKeyMintTargetTest
Change-Id: I83509110c32a4df8df6c0b288d14659e022442ff
parent f9fc9552

security/keymint/aidl/default/Android.bp

+14 −0
Original line number Diff line number Diff line
@@ -7,6 +7,13 @@ package { 
    default_applicable_licenses: ["hardware_interfaces_license"],

}



// The following target has an insecure implementation of KeyMint where the

// trusted application (TA) code runs in-process alongside the HAL service

// code.

//

// A real device is required to run the TA code in a secure environment, as

// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an

// isolated execution environment."

cc_binary {

    name: "android.hardware.security.keymint-service",

    relative_install_path: "hw",
@@ -46,6 +53,13 @@ cc_binary { 
    ],

}



// The following target has an insecure implementation of KeyMint where the

// trusted application (TA) code runs in-process alongside the HAL service

// code.

//

// A real device is required to run the TA code in a secure environment, as

// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an

// isolated execution environment."

rust_binary {

    name: "android.hardware.security.keymint-service.nonsecure",

    relative_install_path: "hw",

security/keymint/aidl/default/main.rs

+7 −3
Original line number Diff line number Diff line
@@ -17,11 +17,15 @@ 
//! Default implementation of the KeyMint HAL and related HALs.

//!

//! This implementation of the HAL is only intended to allow testing and policy compliance.  A real

//! implementation **must be implemented in a secure environment**.

//! implementation **must implement the TA in a secure environment**, as per CDD 9.11 [C-1-1]:

//! "MUST back up the keystore implementation with an isolated execution environment."

//!

//! The additional device-specific components that are required for a real implementation of KeyMint

//! that is based on the Rust reference implementation are described in system/keymint/README.md.



use kmr_hal::SerializedChannel;

use kmr_hal_nonsecure::{attestation_id_info, get_boot_info};

use log::{debug, error, info};

use log::{debug, error, info, warn};

use std::ops::DerefMut;

use std::sync::{mpsc, Arc, Mutex};
@@ -62,7 +66,7 @@ fn inner_main() -> Result<(), HalServiceError> { 
        error!("{}", panic_info);

    }));



    info!("Insecure KeyMint HAL service is starting.");

    warn!("Insecure KeyMint HAL service is starting.");



    info!("Starting thread pool now.");

    binder::ProcessState::start_thread_pool();