Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit edb0294b authored by David Drysdale's avatar David Drysdale Committed by Automerger Merge Worker
Browse files

Merge "KeyMint: check length of verified boot key" into main am: 2ae20618 am: 25a8c389 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2786465



Change-Id: I7b4910657f5b1c3ee40bbdb264e7ae66d7c1fc7b
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents a24e8db2 25a8c389

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+6 −0
Original line number Diff line number Diff line
@@ -1792,6 +1792,12 @@ void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, bool device_ 
    std::string empty_boot_key(32, '\0');

    std::string verified_boot_key_str((const char*)verified_boot_key.data(),

                                      verified_boot_key.size());

    if (get_vsr_api_level() >= __ANDROID_API_V__) {

        // The attestation should contain the SHA-256 hash of the verified boot

        // key.  However, this was not checked for earlier versions of the KeyMint

        // HAL so only be strict for VSR-V and above.

        EXPECT_LE(verified_boot_key.size(), 32);

    }

    EXPECT_NE(property_get("ro.boot.verifiedbootstate", property_value, ""), 0);

    if (!strcmp(property_value, "green")) {

        EXPECT_EQ(verified_boot_state, VerifiedBoot::VERIFIED);

security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp

+6 −0
Original line number Diff line number Diff line
@@ -114,6 +114,12 @@ class SecureElementProvisioningTest : public testing::Test { 
        const auto& vbKey = rot->asArray()->get(pos++);

        ASSERT_TRUE(vbKey);

        ASSERT_TRUE(vbKey->asBstr());

        if (get_vsr_api_level() >= __ANDROID_API_V__) {

            // The attestation should contain the SHA-256 hash of the verified boot

            // key.  However, this not was checked for earlier versions of the KeyMint

            // HAL so only be strict for VSR-V and above.

            ASSERT_LE(vbKey->asBstr()->value().size(), 32);

        }



        const auto& deviceLocked = rot->asArray()->get(pos++);

        ASSERT_TRUE(deviceLocked);