Merge 59367d73d59b018c0c5df1ed0a887f9557a00236 on remote branch Change-Id: I4032804f7c97a2c88f501561c48a4ede04bf2bb5

commit: f52203b16286913db8ddd60984d2ab8f87de743c [log] [tgz]
author: Linux Build Service Account <lnxbuild@localhost> Wed Apr 29 05:06:38 2020 -0700
committer: Linux Build Service Account <lnxbuild@localhost> Wed Apr 29 05:06:38 2020 -0700
tree: 2e4835ee9475ed58844cee9653fce14b3c1311e4
parent: e4be1df240a3421c9893228848575549600c5619 [diff]
parent: 59367d73d59b018c0c5df1ed0a887f9557a00236 [diff]
diff --git a/contexts/soft_keymaster_context.cpp b/contexts/soft_keymaster_context.cpp
index 6c23fa4..5003c72 100644
--- a/contexts/soft_keymaster_context.cpp
+++ b/contexts/soft_keymaster_context.cpp

@@ -476,4 +476,16 @@
     return KM_ERROR_UNIMPLEMENTED;
 }
 
+keymaster_error_t SoftKeymasterContext::GetVerifiedBootParams(
+    keymaster_blob_t* verified_boot_key, keymaster_blob_t* verified_boot_hash,
+    keymaster_verified_boot_t* verified_boot_state, bool* device_locked) const {
+    // TODO(swillden): See if there might be some sort of vbmeta data in goldfish/cuttlefish.
+    static std::string fake_vb_key(32, 0);
+    *verified_boot_key = {reinterpret_cast<uint8_t*>(fake_vb_key.data()), fake_vb_key.size()};
+    *verified_boot_hash = {reinterpret_cast<uint8_t*>(fake_vb_key.data()), fake_vb_key.size()};
+    *verified_boot_state = KM_VERIFIED_BOOT_UNVERIFIED;
+    *device_locked = false;
+    return KM_ERROR_OK;
+}
+
 }  // namespace keymaster

diff --git a/include/keymaster/attestation_record.h b/include/keymaster/attestation_record.h
index 2a6f24b..17a6429 100644
--- a/include/keymaster/attestation_record.h
+++ b/include/keymaster/attestation_record.h

@@ -43,7 +43,7 @@
 
 typedef struct km_root_of_trust {
     ASN1_OCTET_STRING* verified_boot_key;
-    ASN1_BOOLEAN* device_locked;
+    ASN1_BOOLEAN device_locked;
     ASN1_ENUMERATED* verified_boot_state;
     ASN1_OCTET_STRING* verified_boot_hash;
 } KM_ROOT_OF_TRUST;

diff --git a/include/keymaster/contexts/soft_keymaster_context.h b/include/keymaster/contexts/soft_keymaster_context.h
index 588e3db..20a10ac 100644
--- a/include/keymaster/contexts/soft_keymaster_context.h
+++ b/include/keymaster/contexts/soft_keymaster_context.h

@@ -104,6 +104,15 @@
                                     AuthorizationSet* sw_enforced) const override;
     /*********************************************************************************************/
 
+    /*********************************************************************************************
+     * Implement AttestationRecordContext
+     */
+
+    keymaster_error_t GetVerifiedBootParams(keymaster_blob_t* verified_boot_key,
+                                            keymaster_blob_t* verified_boot_hash,
+                                            keymaster_verified_boot_t* verified_boot_state,
+                                            bool* device_locked) const override;
+
   private:
     keymaster_error_t ParseKeymaster1HwBlob(const KeymasterKeyBlob& blob,
                                             const AuthorizationSet& additional_params,

diff --git a/km_openssl/attestation_record.cpp b/km_openssl/attestation_record.cpp
index d1a920b..4f70138 100644
--- a/km_openssl/attestation_record.cpp
+++ b/km_openssl/attestation_record.cpp

@@ -417,8 +417,7 @@
         return TranslateLastOpenSslError();
     }
 
-    root_of_trust->device_locked = reinterpret_cast<int*>(malloc(sizeof(ASN1_BOOLEAN)));
-    *root_of_trust->device_locked = device_locked;
+    root_of_trust->device_locked = device_locked ? 0xFF : 0x00;
     if (!ASN1_ENUMERATED_set(root_of_trust->verified_boot_state, verified_boot_state)) {
         return TranslateLastOpenSslError();
     }

diff --git a/ng/include/AndroidKeymaster41Device.h b/ng/include/AndroidKeymaster41Device.h
index 8e6d0f8..68bbcf6 100644
--- a/ng/include/AndroidKeymaster41Device.h
+++ b/ng/include/AndroidKeymaster41Device.h

@@ -21,7 +21,6 @@
 #include <android/hardware/keymaster/4.1/IKeymasterDevice.h>
 #include <android/hardware/keymaster/4.1/types.h>
 #include <hidl/Status.h>
-#include <keymasterV4_1/Operation.h>
 
 #include "AndroidKeymaster4Device.h"
 
@@ -47,7 +46,6 @@
 using ::android::hardware::keymaster::V4_0::SecurityLevel;
 using ::android::hardware::keymaster::V4_0::VerificationToken;
 using ::android::hardware::keymaster::V4_1::IKeymasterDevice;
-using ::android::hardware::keymaster::V4_1::IOperation;
 using ::android::hardware::keymaster::V4_1::Tag;
 
 using V41ErrorCode = ::android::hardware::keymaster::V4_1::ErrorCode;
@@ -71,17 +69,6 @@
                                       const VerificationToken& /* verificationToken */) override;
     Return<V41ErrorCode> earlyBootEnded() override;
 
-    Return<void> beginOp(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
-                         const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
-                         beginOp_cb _hidl_cb) override {
-        return super::begin(
-            purpose, key, inParams, authToken,
-            [&](auto hidl_err, auto hidl_params, auto hidl_handle) {
-                _hidl_cb(convert(hidl_err), hidl_params,
-                         new ::android::hardware::keymaster::V4_1::support::Operation(hidl_handle));
-            });
-    }
-
     Return<void> getHardwareInfo(super::getHardwareInfo_cb _hidl_cb) override {
         return super::getHardwareInfo(_hidl_cb);
     }
commit	f52203b16286913db8ddd60984d2ab8f87de743c	[log] [tgz]
author	Linux Build Service Account <lnxbuild@localhost>	Wed Apr 29 05:06:38 2020 -0700
committer	Linux Build Service Account <lnxbuild@localhost>	Wed Apr 29 05:06:38 2020 -0700
tree	2e4835ee9475ed58844cee9653fce14b3c1311e4
parent	e4be1df240a3421c9893228848575549600c5619 [diff]
parent	59367d73d59b018c0c5df1ed0a887f9557a00236 [diff]