From be913ec40e77daede44de7669e780438752255e8 Mon Sep 17 00:00:00 2001
From: Jaegeuk Kim <jaegeuk@google.com>
Date: Tue, 30 Aug 2022 14:46:25 -0700
Subject: [PATCH] Enable HW encryption w/ Trusty

Bug: 214136017
Bug: 214135924
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Id38edc06ad58de8eefee7619077ddd753d9804cb
---
 conf/Android.bp |  3 +--
 device.mk       | 18 +++++-------------
 2 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/conf/Android.bp b/conf/Android.bp
index 4716b870..1b554886 100644
--- a/conf/Android.bp
+++ b/conf/Android.bp
@@ -60,10 +60,9 @@ genrule {
         " -e s/@metadata_encryption@/aes-256-xts/ $(in) > $(out)",
 }
 
-// TODO: change below to gen_fstab.zuma-hw-encrypt once GSA is ready
 prebuilt_etc {
     name: "fstab.zuma",
-    src: ":gen_fstab.zuma-sw-encrypt",
+    src: ":gen_fstab.zuma-hw-encrypt",
     vendor: true,
     vendor_ramdisk_available: true,
 }
diff --git a/device.mk b/device.mk
index 54efe228..51c32399 100644
--- a/device.mk
+++ b/device.mk
@@ -761,20 +761,9 @@ PRODUCT_PACKAGES += \
 	libopenvx-opencl
 endif
 
-# TODO[b/XXXX]: Re-enable Trusty and disable this when Trusty is working
-PRODUCT_PACKAGES += \
-	android.hardware.keymaster@4.1-service \
-	android.hardware.gatekeeper@1.0-service.remote
-#	android.hardware.gatekeeper@1.0-service.software
-
-LOCAL_KEYMASTER_PRODUCT_PACKAGE := android.hardware.keymaster@4.1-service
-#LOCAL_GATEKEEPER_PRODUCT_PACKAGE := android.hardware.gatekeeper@1.0-service.software
-LOCAL_GATEKEEPER_PRODUCT_PACKAGE := android.hardware.gatekeeper@1.0-service.remote
-
 # Trusty (KM, GK, Storage)
-#$(call inherit-product, system/core/trusty/trusty-storage.mk)
-#$(call inherit-product, system/core/trusty/trusty-base.mk)
-
+$(call inherit-product, system/core/trusty/trusty-storage.mk)
+$(call inherit-product, system/core/trusty/trusty-base.mk)
 
 # Trusty unit test tool
 PRODUCT_PACKAGES_DEBUG += trusty-ut-ctrl \
@@ -1120,5 +1109,8 @@ PRODUCT_COPY_FILES += \
     frameworks/native/data/etc/android.software.device_id_attestation.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.software.device_id_attestation.xml \
     frameworks/native/data/etc/android.hardware.device_unique_attestation.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.device_unique_attestation.xml
 
+# Call deleteAllKeys if vold detects a factory reset
+PRODUCT_VENDOR_PROPERTIES += ro.crypto.metadata_init_delete_all_keys.enabled?=true
+
 # Hardware Info Collection
 include hardware/google/pixel/HardwareInfo/HardwareInfo.mk