cryptfs_hw: Choose keymaster version for key signing

Keymaster key signing support is available from version 1.0
and above. Thus, version 0.3 is excluded on supported targets.

[mikeioannina]: Adapt for Q

Change-Id: I0cd6455bc5d2459231cb56baf68e57073fe60d69

2 files changed, 29 insertions, 1 deletions

diff --git a/cryptfs_hw.cpp b/cryptfs_hw.cpp
index 2d9af7a..8f94493 100644
--- a/cryptfs_hw.cpp
+++ b/cryptfs_hw.cpp
@@ -35,6 +35,8 @@
 #include <linux/qseecom.h>
 #include "cutils/log.h"
 #include "cutils/properties.h"
+#include <hardware/hardware.h>
+#include <hardware/keymaster_common.h>
 #include "cryptfs_hw.h"
 #include "CryptfsHw.h"
 
@@ -132,3 +134,29 @@ int clear_hw_device_encryption_key()
     return rc;
 }
 
+static int get_keymaster_version()
+{
+    int rc = -1;
+    const hw_module_t* mod;
+    rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
+    if (rc) {
+        ALOGE("could not find any keystore module");
+        return rc;
+    }
+    return mod->module_api_version;
+}
+
+int should_use_keymaster()
+{
+    /*
+     * HW FDE key should be tied to keymaster
+     * if version is above 0.3. this is to
+     * support msm8909 go target.
+     */
+    int rc = 1;
+    if (get_keymaster_version() == KEYMASTER_MODULE_API_VERSION_0_3) {
+        ALOGI("Keymaster version is 0.3");
+        rc = 0;
+    }
+    return rc;
+}
diff --git a/cryptfs_hw.h b/cryptfs_hw.h
index d7ed51e..65321eb 100644
--- a/cryptfs_hw.h
+++ b/cryptfs_hw.h
@@ -43,7 +43,7 @@ int update_hw_device_encryption_key(const char*, const char*, const char*);
 int clear_hw_device_encryption_key();
 unsigned int is_hw_disk_encryption(const char*);
 int is_ice_enabled(void);
-inline int should_use_keymaster(){return 1;}
+int should_use_keymaster();
 int set_ice_param(int flag);
 
 #ifdef __cplusplus