keymaster: add flags indicating feature support
For wrapping the disk encryption secret, we add a flag that indicates it
can be done without having to start some storage daemon which the
trusted OS will query to get data needed to load up the keys. This
usually means that the "key blob" we store is actually just the RSA key
encrypted with the device's KEK and not a reference to an encrypted
filesystem stored on /data
Also to allow other providers to upgrade to V3 of the header, we add
flags to show whether the keymaster supports different key types. This
allows keymaster HALs to support the whole device encryption secret
wrapping without needing to implement DSA and EC key handling. The V2
header made support implicit.
Change-Id: Ic5b13e2e84dd91e7a4ae443048ecc16cc805cb97
1 file changed