Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b0659edc authored by Catherine Vlasov's avatar Catherine Vlasov
Browse files

Add VTS test for attested "rootOfTrust.verifiedBootKey" field on VSR-16+. 

Bug: 220834466
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I9cd322f51b0156ae3a9714f6f1f09bd3d464400c
parent fb8040a8

security/keymint/aidl/vts/functional/BootloaderStateTest.cpp

+12 −0
Original line number Diff line number Diff line
@@ -95,6 +95,18 @@ TEST_P(BootloaderStateTest, VbStateIsUnverified) { 
            << "Verified boot state must be \"UNVERIFIED\" aka \"orange\".";

}



// Check that the attested Verified Boot key is 32 bytes of zeroes since the bootloader is unlocked.

TEST_P(BootloaderStateTest, VerifiedBootKeyAllZeroes) {

    // Gate this test to avoid waiver issues.

    if (get_vsr_api_level() <= __ANDROID_API_V__) {

        return;

    }



    std::vector<uint8_t> expectedVbKey(32, 0);

    ASSERT_EQ(attestedVbKey_, expectedVbKey) << "Verified Boot key digest must be 32 bytes of "

                                                "zeroes since the bootloader is unlocked.";

}



// Following error codes from avb_slot_data() mean that slot data was loaded

// (even if verification failed).

static inline bool avb_slot_data_loaded(AvbSlotVerifyResult result) {