diff options
author | David Drysdale <drysdale@google.com> | 2024-02-16 04:50:34 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2024-02-16 04:50:34 +0000 |
commit | 751c61fa6572f454a887eb764a822540eb406aaa (patch) | |
tree | 2e8865d96707dc474684c1ff5cdc3838aed13d00 | |
parent | 7310cf7f283a010cab62ee897792a21eceba5047 (diff) | |
parent | c2f6c5682e21e3f62e259d1829be6a8b1c9406d9 (diff) | |
download | keymaster-751c61fa6572f454a887eb764a822540eb406aaa.tar.gz |
Wire up DestroyAttestationIds am: c2f6c5682e
Original change: https://android-review.googlesource.com/c/trusty/app/keymaster/+/2700376
Change-Id: I1dcca27091bf364317fa82fb3c8339f5d39f0c53
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | ipc/keymaster_ipc.cpp | 6 | ||||
-rw-r--r-- | secure_storage_manager.cpp | 11 | ||||
-rw-r--r-- | secure_storage_manager.h | 5 | ||||
-rw-r--r-- | trusty_keymaster.cpp | 14 | ||||
-rw-r--r-- | trusty_keymaster.h | 4 |
5 files changed, 37 insertions, 3 deletions
diff --git a/ipc/keymaster_ipc.cpp b/ipc/keymaster_ipc.cpp index 5a01f5c..9d1de9f 100644 --- a/ipc/keymaster_ipc.cpp +++ b/ipc/keymaster_ipc.cpp @@ -623,9 +623,9 @@ static long keymaster_dispatch_non_secure(keymaster_chan_ctx* ctx, payload_size, out, out_size); case KM_DESTROY_ATTESTATION_IDS: - // TODO(swillden): Implement this. - LOG_E("Destroy attestation IDs is unimplemented."); - return ERR_NOT_IMPLEMENTED; + LOG_E("Dispatching destroy attestation IDs, size %d", payload_size); + return do_dispatch(&TrustyKeymaster::DestroyAttestationIds, msg, + payload_size, out, out_size); case KM_EARLY_BOOT_ENDED: LOG_D("Dispatching KM_EARLY_BOOT_ENDED, size %d", payload_size); diff --git a/secure_storage_manager.cpp b/secure_storage_manager.cpp index 41d63c3..745c138 100644 --- a/secure_storage_manager.cpp +++ b/secure_storage_manager.cpp @@ -641,6 +641,17 @@ keymaster_error_t SecureStorageManager::SetAttestationIdsKM3( return err; } +keymaster_error_t SecureStorageManager::ClearAttestationIds() { + int rc = storage_delete_file(session_handle_, kAttestationIdsFileName, + STORAGE_OP_COMPLETE); + if (rc < 0 && rc != ERR_NOT_FOUND) { + LOG_E("Error: [%d] deleting attestation IDs file", rc); + CloseSession(); + return KM_ERROR_SECURE_HW_COMMUNICATION_FAILED; + } + return KM_ERROR_UNIMPLEMENTED; +} + keymaster_error_t SecureStorageManager::SetAttestationIds( const SetAttestationIdsRequest& request) { auto result = ValidateAndSetBaseAttestationIds(request); diff --git a/secure_storage_manager.h b/secure_storage_manager.h index 4c54d35..ade5b4d 100644 --- a/secure_storage_manager.h +++ b/secure_storage_manager.h @@ -186,6 +186,11 @@ public: keymaster_error_t SetProductId(const uint8_t product_id[kProductIdSize]); /** + * Clear all attestation IDs for the device. + */ + keymaster_error_t ClearAttestationIds(); + + /** * Set the attestation IDs for the device. This function can only be used * once unless Keymaster is in debug mode. */ diff --git a/trusty_keymaster.cpp b/trusty_keymaster.cpp index 673eed4..fbbbe98 100644 --- a/trusty_keymaster.cpp +++ b/trusty_keymaster.cpp @@ -125,6 +125,20 @@ void TrustyKeymaster::SetAttestationKey(const SetAttestationKeyRequest& request, response->error = ss_manager->WriteKeyToStorage(key_slot, key, key_size); } +void TrustyKeymaster::DestroyAttestationIds( + const DestroyAttestationIdsRequest& request, + DestroyAttestationIdsResponse* response) { + if (response == nullptr) { + return; + } + SecureStorageManager* ss_manager = SecureStorageManager::get_instance(); + if (ss_manager == nullptr) { + response->error = KM_ERROR_SECURE_HW_COMMUNICATION_FAILED; + return; + } + response->error = ss_manager->ClearAttestationIds(); +} + void TrustyKeymaster::SetAttestationIds(const SetAttestationIdsRequest& request, EmptyKeymasterResponse* response) { if (response == nullptr) { diff --git a/trusty_keymaster.h b/trusty_keymaster.h index 14d92f6..483673d 100644 --- a/trusty_keymaster.h +++ b/trusty_keymaster.h @@ -67,6 +67,10 @@ public: void SetWrappedAttestationKey(const SetAttestationKeyRequest& request, SetAttestationKeyResponse* response); + // DestroyAttestationIds clears the device IDs. + void DestroyAttestationIds(const DestroyAttestationIdsRequest& request, + DestroyAttestationIdsResponse* response); + // SetDeviceIds sets all device IDs in the KM spec under ATTESTATION_ID_* // This is a factory provisioning step that should not be callable after // provisioning. |