1 //
2 // Copyright (C) 2020 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15
16 #include "host/commands/secure_env/tpm_attestation_record.h"
17
18 #include <android-base/logging.h>
19
20 using keymaster::AuthorizationSet;
21
GetSecurityLevel() const22 keymaster_security_level_t TpmAttestationRecordContext::GetSecurityLevel() const {
23 return KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT;
24 }
25
VerifyAndCopyDeviceIds(const AuthorizationSet & attestation_params,AuthorizationSet * attestation) const26 keymaster_error_t TpmAttestationRecordContext::VerifyAndCopyDeviceIds(
27 const AuthorizationSet& attestation_params,
28 AuthorizationSet* attestation) const {
29 LOG(DEBUG) << "TODO(schuffelen): Implement VerifyAndCopyDeviceIds";
30 attestation->Difference(attestation_params);
31 attestation->Union(attestation_params);
32 return KM_ERROR_OK;
33 }
34
GenerateUniqueId(uint64_t,const keymaster_blob_t &,bool,keymaster::Buffer *) const35 keymaster_error_t TpmAttestationRecordContext::GenerateUniqueId(
36 uint64_t, const keymaster_blob_t&, bool, keymaster::Buffer*) const {
37 LOG(ERROR) << "TODO(schuffelen): Implement GenerateUniqueId";
38 return KM_ERROR_UNIMPLEMENTED;
39 }
GetVerifiedBootParams(keymaster_blob_t * verified_boot_key,keymaster_blob_t * verified_boot_hash,keymaster_verified_boot_t * verified_boot_state,bool * device_locked) const40 keymaster_error_t TpmAttestationRecordContext::GetVerifiedBootParams(
41 keymaster_blob_t* verified_boot_key,
42 keymaster_blob_t* verified_boot_hash,
43 keymaster_verified_boot_t* verified_boot_state,
44 bool* device_locked) const {
45 LOG(DEBUG) << "TODO(schuffelen): Implement GetVerifiedBootParams";
46 // TODO(schuffelen): Get this data out of vbmeta
47 static uint8_t fake_vb_key[32];
48 static bool fake_vb_key_initialized = false;
49 if (!fake_vb_key_initialized) {
50 for (int i = 0; i < sizeof(fake_vb_key); i++) {
51 fake_vb_key[i] = rand();
52 }
53 fake_vb_key_initialized = true;
54 }
55 *verified_boot_key = {fake_vb_key, sizeof(fake_vb_key)};
56 *verified_boot_hash = {fake_vb_key, sizeof(fake_vb_key)};
57 *verified_boot_state = KM_VERIFIED_BOOT_VERIFIED;
58 *device_locked = true;
59 return KM_ERROR_OK;
60 }
61