Wire up DestroyAttestationIds am: c2f6c5682e

Original change: https://android-review.googlesource.com/c/trusty/app/keymaster/+/2700376 Change-Id: I1dcca27091bf364317fa82fb3c8339f5d39f0c53 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: David Drysdale <drysdale@google.com> 2024-02-16 04:50:34 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2024-02-16 04:50:34 +0000
commit: 751c61fa6572f454a887eb764a822540eb406aaa (patch)
tree: 2e8865d96707dc474684c1ff5cdc3838aed13d00
parent: 7310cf7f283a010cab62ee897792a21eceba5047 (diff)
parent: c2f6c5682e21e3f62e259d1829be6a8b1c9406d9 (diff)
download: keymaster-751c61fa6572f454a887eb764a822540eb406aaa.tar.gz
5 files changed, 37 insertions, 3 deletions
diff --git a/ipc/keymaster_ipc.cpp b/ipc/keymaster_ipc.cpp
index 5a01f5c..9d1de9f 100644
--- a/ipc/keymaster_ipc.cpp
+++ b/ipc/keymaster_ipc.cpp
@@ -623,9 +623,9 @@ static long keymaster_dispatch_non_secure(keymaster_chan_ctx* ctx,
                            payload_size, out, out_size);
 
     case KM_DESTROY_ATTESTATION_IDS:
-        // TODO(swillden): Implement this.
-        LOG_E("Destroy attestation IDs is unimplemented.");
-        return ERR_NOT_IMPLEMENTED;
+        LOG_E("Dispatching destroy attestation IDs, size %d", payload_size);
+        return do_dispatch(&TrustyKeymaster::DestroyAttestationIds, msg,
+                           payload_size, out, out_size);
 
     case KM_EARLY_BOOT_ENDED:
         LOG_D("Dispatching KM_EARLY_BOOT_ENDED, size %d", payload_size);
diff --git a/secure_storage_manager.cpp b/secure_storage_manager.cpp
index 41d63c3..745c138 100644
--- a/secure_storage_manager.cpp
+++ b/secure_storage_manager.cpp
@@ -641,6 +641,17 @@ keymaster_error_t SecureStorageManager::SetAttestationIdsKM3(
     return err;
 }
 
+keymaster_error_t SecureStorageManager::ClearAttestationIds() {
+    int rc = storage_delete_file(session_handle_, kAttestationIdsFileName,
+                                 STORAGE_OP_COMPLETE);
+    if (rc < 0 && rc != ERR_NOT_FOUND) {
+        LOG_E("Error: [%d] deleting attestation IDs file", rc);
+        CloseSession();
+        return KM_ERROR_SECURE_HW_COMMUNICATION_FAILED;
+    }
+    return KM_ERROR_UNIMPLEMENTED;
+}
+
 keymaster_error_t SecureStorageManager::SetAttestationIds(
         const SetAttestationIdsRequest& request) {
     auto result = ValidateAndSetBaseAttestationIds(request);
diff --git a/secure_storage_manager.h b/secure_storage_manager.h
index 4c54d35..ade5b4d 100644
--- a/secure_storage_manager.h
+++ b/secure_storage_manager.h
@@ -186,6 +186,11 @@ public:
     keymaster_error_t SetProductId(const uint8_t product_id[kProductIdSize]);
 
     /**
+     * Clear all attestation IDs for the device.
+     */
+    keymaster_error_t ClearAttestationIds();
+
+    /**
      * Set the attestation IDs for the device. This function can only be used
      * once unless Keymaster is in debug mode.
      */
diff --git a/trusty_keymaster.cpp b/trusty_keymaster.cpp
index 673eed4..fbbbe98 100644
--- a/trusty_keymaster.cpp
+++ b/trusty_keymaster.cpp
@@ -125,6 +125,20 @@ void TrustyKeymaster::SetAttestationKey(const SetAttestationKeyRequest& request,
     response->error = ss_manager->WriteKeyToStorage(key_slot, key, key_size);
 }
 
+void TrustyKeymaster::DestroyAttestationIds(
+        const DestroyAttestationIdsRequest& request,
+        DestroyAttestationIdsResponse* response) {
+    if (response == nullptr) {
+        return;
+    }
+    SecureStorageManager* ss_manager = SecureStorageManager::get_instance();
+    if (ss_manager == nullptr) {
+        response->error = KM_ERROR_SECURE_HW_COMMUNICATION_FAILED;
+        return;
+    }
+    response->error = ss_manager->ClearAttestationIds();
+}
+
 void TrustyKeymaster::SetAttestationIds(const SetAttestationIdsRequest& request,
                                         EmptyKeymasterResponse* response) {
     if (response == nullptr) {
diff --git a/trusty_keymaster.h b/trusty_keymaster.h
index 14d92f6..483673d 100644
--- a/trusty_keymaster.h
+++ b/trusty_keymaster.h
@@ -67,6 +67,10 @@ public:
     void SetWrappedAttestationKey(const SetAttestationKeyRequest& request,
                                   SetAttestationKeyResponse* response);
 
+    // DestroyAttestationIds clears the device IDs.
+    void DestroyAttestationIds(const DestroyAttestationIdsRequest& request,
+                               DestroyAttestationIdsResponse* response);
+
     // SetDeviceIds sets all device IDs in the KM spec under ATTESTATION_ID_*
     // This is a factory provisioning step that should not be callable after
     // provisioning.
author	David Drysdale <drysdale@google.com>	2024-02-16 04:50:34 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2024-02-16 04:50:34 +0000
commit	751c61fa6572f454a887eb764a822540eb406aaa (patch)
tree	2e8865d96707dc474684c1ff5cdc3838aed13d00
parent	7310cf7f283a010cab62ee897792a21eceba5047 (diff)
parent	c2f6c5682e21e3f62e259d1829be6a8b1c9406d9 (diff)
download	keymaster-751c61fa6572f454a887eb764a822540eb406aaa.tar.gz