Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f5bfa009 authored by David Drysdale's avatar David Drysdale
Browse files

KeyMint VTS: enable patchlevel checks 

Believe that all KeyMint implementations are now in compliance with
the HAL specification and so we can enable the checks that all
generated keys include vendor and boot patchlevel.

Test: VtsAidlKeyMintTargetTest
Change-Id: I99741af308023fe12268e9875e252470fbaaaf9e
parent e185fae2

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+6 −14
Original line number Diff line number Diff line
@@ -69,8 +69,6 @@ namespace aidl::android::hardware::security::keymint::test { 


namespace {



bool check_patchLevels = false;



// The maximum number of times we'll attempt to verify that corruption

// of an ecrypted blob results in an error. Retries are necessary as there

// is a small (roughly 1/256) chance that corrupting ciphertext still results
@@ -529,14 +527,12 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase { 
        EXPECT_TRUE(os_pl);

        EXPECT_EQ(*os_pl, os_patch_level());



        if (check_patchLevels) {

        // Should include vendor and boot patchlevels.

        auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL);

        EXPECT_TRUE(vendor_pl);

        EXPECT_EQ(*vendor_pl, vendor_patch_level());

        auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);

        EXPECT_TRUE(boot_pl);

        }



        return auths;

    }
@@ -6677,10 +6673,6 @@ int main(int argc, char** argv) { 
            } else {

                std::cout << "NOT dumping attestations" << std::endl;

            }

            // TODO(drysdale): Remove this flag when available KeyMint devices comply with spec

            if (std::string(argv[i]) == "--check_patchLevels") {

                aidl::android::hardware::security::keymint::test::check_patchLevels = true;

            }

        }

    }

    return RUN_ALL_TESTS();