Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / nos / host / android / e1f9f9a64cc0644cfa6918f0ec9e40680b86a921
commite1f9f9a64cc0644cfa6918f0ec9e40680b86a921[log] [tgz]
authorBill Richardson <wfrichar@google.com>Thu Aug 31 17:36:50 2017 -0700
committerBill Richardson <wfrichar@google.com>Thu Sep 07 18:12:23 2017 -0700
treefbf436bcf28fc3932a172526db39a07aa09a35e7
parent411f8e3985a41ed0d0b5f4d676ec661f8f70d44b [diff]
Create test_citadel excutable for SMT tests

This combines several tools into one, so that I can hopefully
have a quick-and-easy utility to verify Citadel communication
during SMT.

Running it with no args will perform a quick pass/fail sanity
check.

I'll continue to tweak this with future CLs, but I
need *something* to shove into the factory image ASAP.

Change-Id: I346a92b8b40290e40683f55edeeca76bcaae261d
Signed-off-by: Bill Richardson <wfrichar@google.com>
7 files changed
tree: fbf436bcf28fc3932a172526db39a07aa09a35e7
  1. citadeld/
  2. generator/
  3. hals/
  4. libnos/
  5. manual_tests/
  6. Android.bp
  7. README.md
README.md

Android components for Nugget

Android communicates with Nugget apps in order to implement security related HALs. Currently, those HALs are Keymaster, Weaver and OemLock.

libnos

libnos offers the NuggetClient interface that should be used by the HALs. AppClient is a wrapper around a NuggetClient for talking to a specific app.

Nugget can be implemented on a number of chips with different drivers so the NuggetClient interface must be implemented for the hardware in use. This interface also allows proxing via a synchronizing service and injecting mocks for testing.

Services

Apps that define a protobuf service will have an app interface class autogenerated. These classes will wrap a NuggetClient. The generator can be found in the generator directory.

Asynchronous communication

Work in progress.

Currently, everything is synchronous and just exposes the call_application() function from the Nugget transport API. In future, asynchronous calls may be desired. Support for this could be added in:

  • Nugget transport API
  • NuggetClient on top of call_application()
  • Generated services

citadeld

Citadel will be running Nugget. In order to synchronize access to the driver / bus, HALs should proxy all communication via the citadeld daemon which will be the only service with driver access.

Synchronizing with this service, rather than in the driver, allows for easier debugging and fixing should the need arise.

CitadeldProxyClient will implement NuggetClient to handle proxying communication via citadeld without requiring change to the HALs.