aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJanis Danisevskis <jdanis@google.com>2018-07-12 14:41:46 -0700
committernagendra modadugu <ngm@google.com>2018-07-14 15:52:33 -0700
commit9e805294a4b2e81117bbd1818a6bb61e715973bd (patch)
tree377aa45504081dda076568c6d99744af9382b9da
parent44fc3770cb30f64766b197a7d5253a10c0b66e70 (diff)
downloadgeneric-9e805294a4b2e81117bbd1818a6bb61e715973bd.tar.gz
[keymaster] Expose the chip fusing on attest finish
This patch adds extra fields to the FinishAttestKeyResponse message, which expose the fusing variant of citadel, and whether RO is of a node-locked variety. These fields then allow the HAL to select the attestation certificate chain appropriate to this configuration. The chain will be selected per the following logic: if (node_locked_ro || chip_fusing == PROTO) use_test_certs(); else if (chip_fusing == DVT) use_dvt_certs(); else use_pvt_certs(); Bug: 110858017 Change-Id: I368dd2de56adbae5bd15b91af9e8923dd4d154ce
Diffstat
-rw-r--r--nugget/proto/nugget/app/keymaster/keymaster.proto2
-rw-r--r--nugget/proto/nugget/app/keymaster/keymaster_defs.proto6
2 files changed, 8 insertions, 0 deletions
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto
index 2a256b1..52412f5 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster.proto
@@ -207,6 +207,8 @@ message FinishAttestKeyRequest {
message FinishAttestKeyResponse {
ErrorCode error_code = 1;
bytes certificate_epilogue = 2;
+ ChipFusing chip_fusing = 3;
+ bool nodelocked_ro = 4;
}
// UpgradeKey
diff --git a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
index 88ee2e5..cbf7409 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto
@@ -281,4 +281,10 @@ enum BootColor {
BOOT_SELFSIGNED_YELLOW = 1;
BOOT_UNVERIFIED_ORANGE = 2;
BOOT_VERIFY_FAILED_RED = 3;
+}
+
+enum ChipFusing {
+ FUSING_PROTO = 0;
+ FUSING_DVT = 1;
+ FUSING_PVT = 2;
} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-12 17:41:36 +0000