Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e7697d71 authored by David Drysdale's avatar David Drysdale
Browse files

TrustyKeyMint: support boot, vendor patchlevels 

 - Invoke TrustyKeymaster::ConfigureVendorPatchlevel() from
   remote keymint Initialize(), using vendor patchlevel retrieved
   from property.
 - Add TrustyKeymaster::ConfigureVendorPatchlevel() method to
   send the CONFIGURE_VENDOR_PATCHLEVEL message.
 - Add message type values for
   CONFIGURE_{VENDOR,BOOT}_PATCHLEVEL messages.

Test: pending device availability
Change-Id: Ie42345112b08ef9c669535cef2de60ea77da15b4
parent a9362a4e

trusty/keymaster/TrustyKeymaster.cpp

+17 −0
Original line number Diff line number Diff line
@@ -79,6 +79,16 @@ int TrustyKeymaster::Initialize(KmVersion version) { 
        return -1;

    }



    // Set the vendor patchlevel to value retrieved from system property (which

    // requires SELinux permission).

    ConfigureVendorPatchlevelRequest vendor_req(message_version());

    vendor_req.vendor_patchlevel = GetVendorPatchlevel();

    ConfigureVendorPatchlevelResponse vendor_rsp = ConfigureVendorPatchlevel(vendor_req);

    if (vendor_rsp.error != KM_ERROR_OK) {

        LOG(ERROR) << "Failed to configure keymaster vendor patchlevel: " << vendor_rsp.error;

        // Don't fail if this message isn't understood.

    }



    return 0;

}
@@ -262,4 +272,11 @@ DeviceLockedResponse TrustyKeymaster::DeviceLocked(const DeviceLockedRequest& re 
    return response;

}



ConfigureVendorPatchlevelResponse TrustyKeymaster::ConfigureVendorPatchlevel(

        const ConfigureVendorPatchlevelRequest& request) {

    ConfigureVendorPatchlevelResponse response(message_version());

    ForwardCommand(KM_CONFIGURE_VENDOR_PATCHLEVEL, request, &response);

    return response;

}



}  // namespace keymaster

trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h

+2 −0
Original line number Diff line number Diff line
@@ -64,6 +64,8 @@ class TrustyKeymaster { 
    GetVersion2Response GetVersion2(const GetVersion2Request& request);

    EarlyBootEndedResponse EarlyBootEnded();

    DeviceLockedResponse DeviceLocked(const DeviceLockedRequest& request);

    ConfigureVendorPatchlevelResponse ConfigureVendorPatchlevel(

            const ConfigureVendorPatchlevelRequest& request);



    uint32_t message_version() const { return message_version_; }

trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h

+3 −1
Original line number Diff line number Diff line
@@ -58,6 +58,7 @@ enum keymaster_command : uint32_t { 
    KM_DEVICE_LOCKED                = (30 << KEYMASTER_REQ_SHIFT),

    KM_GENERATE_RKP_KEY             = (31 << KEYMASTER_REQ_SHIFT),

    KM_GENERATE_CSR                 = (32 << KEYMASTER_REQ_SHIFT),

    KM_CONFIGURE_VENDOR_PATCHLEVEL  = (33 << KEYMASTER_REQ_SHIFT),



    // Bootloader/provisioning calls.

    KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),
@@ -71,7 +72,8 @@ enum keymaster_command : uint32_t { 
    KM_SET_PRODUCT_ID = (0x9000 << KEYMASTER_REQ_SHIFT),

    KM_CLEAR_ATTESTATION_CERT_CHAIN = (0xa000 << KEYMASTER_REQ_SHIFT),

    KM_SET_WRAPPED_ATTESTATION_KEY = (0xb000 << KEYMASTER_REQ_SHIFT),

    KM_SET_ATTESTATION_IDS = (0xc000 << KEYMASTER_REQ_SHIFT)

    KM_SET_ATTESTATION_IDS = (0xc000 << KEYMASTER_REQ_SHIFT),

    KM_CONFIGURE_BOOT_PATCHLEVEL = (0xd000 << KEYMASTER_REQ_SHIFT),

};



#ifdef __ANDROID__