diff options
| author | David Drysdale <drysdale@google.com> | 2021-09-27 17:30:41 +0100 |
|---|---|---|
| committer | David Drysdale <drysdale@google.com> | 2021-09-27 17:30:41 +0100 |
| commit | f5bfa009962aa77dfee79995ffc2a564c20a6610 (patch) | |
| tree | af893d0a9d69ecc24ba4155a9e01147929aed896 /security/keymint/aidl/vts/functional/KeyMintTest.cpp | |
| parent | e185fae2054ffe734a26611149f3c5635630bb06 (diff) | |
KeyMint VTS: enable patchlevel checks
Believe that all KeyMint implementations are now in compliance with
the HAL specification and so we can enable the checks that all
generated keys include vendor and boot patchlevel.
Test: VtsAidlKeyMintTargetTest
Change-Id: I99741af308023fe12268e9875e252470fbaaaf9e
Diffstat (limited to 'security/keymint/aidl/vts/functional/KeyMintTest.cpp')
| -rw-r--r-- | security/keymint/aidl/vts/functional/KeyMintTest.cpp | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index a90ee65843..a98c57da03 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -69,8 +69,6 @@ namespace aidl::android::hardware::security::keymint::test { namespace { -bool check_patchLevels = false; - // The maximum number of times we'll attempt to verify that corruption // of an ecrypted blob results in an error. Retries are necessary as there // is a small (roughly 1/256) chance that corrupting ciphertext still results @@ -529,14 +527,12 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase { EXPECT_TRUE(os_pl); EXPECT_EQ(*os_pl, os_patch_level()); - if (check_patchLevels) { - // Should include vendor and boot patchlevels. - auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL); - EXPECT_TRUE(vendor_pl); - EXPECT_EQ(*vendor_pl, vendor_patch_level()); - auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL); - EXPECT_TRUE(boot_pl); - } + // Should include vendor and boot patchlevels. + auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL); + EXPECT_TRUE(vendor_pl); + EXPECT_EQ(*vendor_pl, vendor_patch_level()); + auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL); + EXPECT_TRUE(boot_pl); return auths; } @@ -6677,10 +6673,6 @@ int main(int argc, char** argv) { } else { std::cout << "NOT dumping attestations" << std::endl; } - // TODO(drysdale): Remove this flag when available KeyMint devices comply with spec - if (std::string(argv[i]) == "--check_patchLevels") { - aidl::android::hardware::security::keymint::test::check_patchLevels = true; - } } } return RUN_ALL_TESTS(); |