From 3e981dfe842f7725daad3ce8115358516a133bca Mon Sep 17 00:00:00 2001 From: Neeraj Soni Date: Tue, 22 May 2018 21:06:36 +0530 Subject: cryptfs_hw: Choose keymaster version for key signing Keymaster key signing support is available from version 1.0 and above. Thus, version 0.3 is excluded on supported targets. [mikeioannina]: Adapt for Q Change-Id: I0cd6455bc5d2459231cb56baf68e57073fe60d69 --- cryptfs_hw.cpp | 28 ++++++++++++++++++++++++++++ cryptfs_hw.h | 2 +- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/cryptfs_hw.cpp b/cryptfs_hw.cpp index 2d9af7a..8f94493 100644 --- a/cryptfs_hw.cpp +++ b/cryptfs_hw.cpp @@ -35,6 +35,8 @@ #include #include "cutils/log.h" #include "cutils/properties.h" +#include +#include #include "cryptfs_hw.h" #include "CryptfsHw.h" @@ -132,3 +134,29 @@ int clear_hw_device_encryption_key() return rc; } +static int get_keymaster_version() +{ + int rc = -1; + const hw_module_t* mod; + rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod); + if (rc) { + ALOGE("could not find any keystore module"); + return rc; + } + return mod->module_api_version; +} + +int should_use_keymaster() +{ + /* + * HW FDE key should be tied to keymaster + * if version is above 0.3. this is to + * support msm8909 go target. + */ + int rc = 1; + if (get_keymaster_version() == KEYMASTER_MODULE_API_VERSION_0_3) { + ALOGI("Keymaster version is 0.3"); + rc = 0; + } + return rc; +} diff --git a/cryptfs_hw.h b/cryptfs_hw.h index d7ed51e..65321eb 100644 --- a/cryptfs_hw.h +++ b/cryptfs_hw.h @@ -43,7 +43,7 @@ int update_hw_device_encryption_key(const char*, const char*, const char*); int clear_hw_device_encryption_key(); unsigned int is_hw_disk_encryption(const char*); int is_ice_enabled(void); -inline int should_use_keymaster(){return 1;} +int should_use_keymaster(); int set_ice_param(int flag); #ifdef __cplusplus -- cgit v1.2.3