commit | 2fee97143c6ea07148e7b62f00d6557cff004a09 | [log] [tgz] |
---|---|---|
author | nagendra modadugu <ngm@google.com> | Tue May 29 23:22:29 2018 -0700 |
committer | nagendra modadugu <ngm@google.com> | Thu May 31 18:21:12 2018 -0700 |
tree | d3a5b0549882a54b06ed69d733c408cc892c4a4a | |
parent | b5ec912b4b1c2a6b782cef6aefead5c1e2ea928b [diff] |
keymaster: attempt to provision on startup Once the strongbox HAL has been enabled, vold will fail to start unless Citadel has been provisioned with a pre-shared secret. This pre-shared secret is normally provisioned at factory, but we have a number of EVT class devices that were not correctly provisioned, and will thus hit a boot-loop on OTA. Thus, to avoid this situation, attempt a lazy provisioning step at HAL startup. A minority of developer devices may be in `production-mode`, in which case they will be both unprovisioned, and disallow lazy provisioning as done here. In this case the strongbox HAL does not register itself, thus avoiding the bootloop. We should remove this workaround once we have reasonable confidence that all developer devices have either been factory, or lazy, provisioned. Wrote new Android.mk file becaus we have dependencies defined in other Android.mk files. Added group drmrpc to be able to talk to TA apps directly. Bug: 80452907 Change-Id: I74170a3c0366081864b83ba7fda1a4f4ac29af4f
Android communicates with Nugget apps in order to implement security related HALs. Currently, those HALs are Keymaster, Weaver and OemLock.
Apps that define a protobuf service will have an app interface class autogenerated. These classes will wrap a NuggetClient
. The generator can be found in the generator
directory.
Work in progress.
Currently, everything is synchronous and just exposes the call_application()
function from the Nugget transport API. In future, asynchronous calls may be desired. Support for this could be added in:
NuggetClient
on top of call_application()
citadel
This directory contains the components to support Citadel connected to Android.