Keystore: Attestation fix for AOSP and GSI builds
Device ID attestation was failing in AOSP and GSI images due to properties mismatch in Build.java and actual device properties. (For example, the value of Build.DEVICE on a Raven device running an AOSP build would be 'aosp_raven', but KeyMint was provisioned with the value 'raven'.) To fix above issue, properties ro.product.*_for_attestation were introduced in AOSP build files (eg. aosp_raven.mk) only. But this was not sufficient for both AOSP and GSI. The same solution does not work for GSI images: GSI images are generic and so we cannot set device-specific properties in them. So, if ro.product.*_for_attestation properties are empty or unknown, they are read from ro.product.vendor because these values are not changed after flashing GSI images also. This fix will work for both AOSP and GSI images. Device ID properties preferences for eg. Build.BRAND_FOR_ATTESTATION = ro.product.brand_for_attestation -> ro.product.vendor.brand -> UNKNOWN. Bug: 268294752 Bug: 110779648 Bug: 259376922 Test: atest VtsAidlKeyMintTargetTest:PerInstance/NewKeyGenerationTest#EcdsaAttestationIdTags/0_android_hardware_security_keymint_IKeyMintDevice_default Test: atest VtsAidlKeyMintTargetTest:PerInstance/NewKeyGenerationTest#EcdsaAttestationIdTags/1_android_hardware_security_keymint_IKeyMintDevice_strongbox Test: atest CtsKeystoreTestCases:android.keystore.cts.KeyAttestationTest CtsKeystoreTestCases:DeviceOwnerKeyManagementTest Change-Id: I574eca430cd2022cb9c270ca23ad33f6e5423cd4
Loading
Please register or sign in to comment