From fb95660824cac3ffc7cd410830ea19f9bc4fc713 Mon Sep 17 00:00:00 2001 From: Ioannis Ilkos Date: Mon, 21 Jun 2021 14:38:55 +0000 Subject: [PATCH] Revert "Activate KeyMint" Revert submission 14947110-activate_keymint Reason for revert: Likely b/191652216 Reverted Changes: I6c5210356:Activate KeyMint I784d39383:Activate KeyMint. Bug: b/191652216 Change-Id: I5f6d69f7657180c09a6ec8e8afad09bbd63cdc32 --- CleanSpec.mk | 6 ---- keymaster/Android.bp | 40 ++++++++++++++++++++++ keymaster/wait_for_strongbox.cpp | 59 ++++++++++++++++++++++++++++++++ keymaster/wait_for_strongbox.rc | 9 +++++ 4 files changed, 108 insertions(+), 6 deletions(-) create mode 100644 keymaster/Android.bp create mode 100644 keymaster/wait_for_strongbox.cpp create mode 100644 keymaster/wait_for_strongbox.rc diff --git a/CleanSpec.mk b/CleanSpec.mk index 12538be2..1ca5183f 100644 --- a/CleanSpec.mk +++ b/CleanSpec.mk @@ -77,9 +77,3 @@ $(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/etc/vintf/manifest/android.h $(call add-clean-step, rm -f $(PRODUCT_OUT)/vendor/bin/hw/android.hardware.power.stats@1.0-service.gs101) $(call add-clean-step, rm -f $(PRODUCT_OUT)/vendor/etc/init/android.hardware.power.stats@1.0-service.gs101.rc) $(call add-clean-step, rm -f $(PRODUCT_OUT)/vendor/etc/vintf/manifest/android.hardware.power.stats@1.0-service.gs101.xml) - -# Keymaster to KeyMint -$(call add-clean-step, rm -f $(PRODUCT_OUT)/vendor/bin/hw/android.hardware.keymaster@4.0-service.trusty) -$(call add-clean-step, rm -f $(PRODUCT_OUT)/vendor/etc/init/android.hardware.keymaster@4.0-service.trusty.rc) -$(call add-clean-step, rm -f $(PRODUCT_OUT)/vendor/etc/vintf/manifest/android.hardware.keymaster@4.0-service.trusty.xml) -$(call add-clean-step, rm -f $(PRODUCT_OUT)/vendor/bin/hw/wait_for_strongbox) diff --git a/keymaster/Android.bp b/keymaster/Android.bp new file mode 100644 index 00000000..99aa4b45 --- /dev/null +++ b/keymaster/Android.bp @@ -0,0 +1,40 @@ +// +// Copyright (C) 2018 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package { + // See: http://go/android-license-faq + // A large-scale-change added 'default_applicable_licenses' to import + // all of the 'license_kinds' from "//device/google/gs101:device_google_gs101_license" + // to get the below license kinds: + // SPDX-license-identifier-Apache-2.0 + default_applicable_licenses: [ + "//device/google/gs101:device_google_gs101_license", + ], +} + +cc_binary { + name: "wait_for_strongbox", + init_rc: ["wait_for_strongbox.rc"], + relative_install_path: "hw", + srcs: [ "wait_for_strongbox.cpp" ], + cflags: [ "-Werror", "-Wall" ], + shared_libs: [ + "android.hardware.keymaster@4.0", + "libbase", + "libkeymaster4_1support", + "libutils", + ], + proprietary: true, +} diff --git a/keymaster/wait_for_strongbox.cpp b/keymaster/wait_for_strongbox.cpp new file mode 100644 index 00000000..c0f4094b --- /dev/null +++ b/keymaster/wait_for_strongbox.cpp @@ -0,0 +1,59 @@ +/* + ** Copyright 2018, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ + +#include + +#define LOG_TAG "wait_for_strongbox" +#include + +#include + +using android::hardware::keymaster::V4_1::SecurityLevel; +using android::hardware::keymaster::V4_1::support::Keymaster; + +useconds_t kWaitTimeMicroseconds = 1 * 1000; // 1 milliseconds + +int main() { + for (unsigned cycleCount = 0; /* Forever */; ++cycleCount) { + auto keymasters = Keymaster::enumerateAvailableDevices(); + + bool foundStrongBox = false; + bool foundTee = false; + for (auto &dev : keymasters) { + SecurityLevel securityLevel = dev->halVersion().securityLevel; + uint8_t majorVersion = dev->halVersion().majorVersion; + if (securityLevel == SecurityLevel::STRONGBOX && majorVersion == 4) { + foundStrongBox = true; + } + if (securityLevel == SecurityLevel::TRUSTED_ENVIRONMENT && majorVersion == 4) { + foundTee = true; + } + } + + if (foundTee && foundStrongBox) { + return 0; + } + if (cycleCount % 10 == 1) { + if (!foundStrongBox) { + LOG(WARNING) << "Still waiting for StrongBox Keymaster"; + } + if (!foundTee) { + LOG(WARNING) << "Still waiting for TEE Keymaster"; + } + } + usleep(kWaitTimeMicroseconds); + } +} diff --git a/keymaster/wait_for_strongbox.rc b/keymaster/wait_for_strongbox.rc new file mode 100644 index 00000000..c02fc465 --- /dev/null +++ b/keymaster/wait_for_strongbox.rc @@ -0,0 +1,9 @@ +# Wait for both Trusty and Strongbox HALs to be up +service wait_for_strongbox /vendor/bin/hw/wait_for_strongbox + user root + group root system + priority -20 + ioprio rt 0 + +on late-fs + exec_start wait_for_strongbox