TrustyKeyMint: support boot, vendor patchlevels am: 830ea32e77

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/core/+/15341992 Change-Id: Ibd1d3fc1b0529a15bae62a4ce917c81ee392e1ca
2021-07-22 08:28:12 +00:00 · 2021-07-22 08:28:12 +00:00 · 9a67d7331e
parent 51d8108034 830ea32e77
commit 9a67d7331e
3 changed files with 22 additions and 1 deletions
--- a/trusty/keymaster/TrustyKeymaster.cpp
+++ b/trusty/keymaster/TrustyKeymaster.cpp
@ -79,6 +79,16 @@ int TrustyKeymaster::Initialize(KmVersion version) {
        return -1;
    }

+    // Set the vendor patchlevel to value retrieved from system property (which
+    // requires SELinux permission).
+    ConfigureVendorPatchlevelRequest vendor_req(message_version());
+    vendor_req.vendor_patchlevel = GetVendorPatchlevel();
+    ConfigureVendorPatchlevelResponse vendor_rsp = ConfigureVendorPatchlevel(vendor_req);
+    if (vendor_rsp.error != KM_ERROR_OK) {
+        LOG(ERROR) << "Failed to configure keymaster vendor patchlevel: " << vendor_rsp.error;
+        // Don't fail if this message isn't understood.
+    }
+
    return 0;
 }

@ -262,4 +272,11 @@ DeviceLockedResponse TrustyKeymaster::DeviceLocked(const DeviceLockedRequest& re
    return response;
 }

+ConfigureVendorPatchlevelResponse TrustyKeymaster::ConfigureVendorPatchlevel(
+        const ConfigureVendorPatchlevelRequest& request) {
+    ConfigureVendorPatchlevelResponse response(message_version());
+    ForwardCommand(KM_CONFIGURE_VENDOR_PATCHLEVEL, request, &response);
+    return response;
+}
+
 }  // namespace keymaster
--- a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
@ -64,6 +64,8 @@ class TrustyKeymaster {
    GetVersion2Response GetVersion2(const GetVersion2Request& request);
    EarlyBootEndedResponse EarlyBootEnded();
    DeviceLockedResponse DeviceLocked(const DeviceLockedRequest& request);
+    ConfigureVendorPatchlevelResponse ConfigureVendorPatchlevel(
+            const ConfigureVendorPatchlevelRequest& request);

    uint32_t message_version() const { return message_version_; }

--- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
@ -58,6 +58,7 @@ enum keymaster_command : uint32_t {
    KM_DEVICE_LOCKED                = (30 << KEYMASTER_REQ_SHIFT),
    KM_GENERATE_RKP_KEY             = (31 << KEYMASTER_REQ_SHIFT),
    KM_GENERATE_CSR                 = (32 << KEYMASTER_REQ_SHIFT),
+    KM_CONFIGURE_VENDOR_PATCHLEVEL  = (33 << KEYMASTER_REQ_SHIFT),

    // Bootloader/provisioning calls.
    KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),
@ -71,7 +72,8 @@ enum keymaster_command : uint32_t {
    KM_SET_PRODUCT_ID = (0x9000 << KEYMASTER_REQ_SHIFT),
    KM_CLEAR_ATTESTATION_CERT_CHAIN = (0xa000 << KEYMASTER_REQ_SHIFT),
    KM_SET_WRAPPED_ATTESTATION_KEY = (0xb000 << KEYMASTER_REQ_SHIFT),
-    KM_SET_ATTESTATION_IDS = (0xc000 << KEYMASTER_REQ_SHIFT)
+    KM_SET_ATTESTATION_IDS = (0xc000 << KEYMASTER_REQ_SHIFT),
+    KM_CONFIGURE_BOOT_PATCHLEVEL = (0xd000 << KEYMASTER_REQ_SHIFT),
 };

 #ifdef __ANDROID__