diff options
5 files changed, 101 insertions, 65 deletions
diff --git a/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp b/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp index 98cbcc3f8..7184e4d2a 100644 --- a/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp +++ b/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp @@ -221,10 +221,10 @@ Return<void> TrustyKeymaster3Device::getHardwareFeatures(getHardwareFeatures_cb Return<ErrorCode> TrustyKeymaster3Device::addRngEntropy(const hidl_vec<uint8_t>& data) { if (data.size() == 0) return ErrorCode::OK; - AddEntropyRequest request; + AddEntropyRequest request(impl_->message_version()); request.random_data.Reinitialize(data.data(), data.size()); - AddEntropyResponse response; + AddEntropyResponse response(impl_->message_version()); impl_->AddRngEntropy(request, &response); return legacy_enum_conversion(response.error); @@ -232,10 +232,10 @@ Return<ErrorCode> TrustyKeymaster3Device::addRngEntropy(const hidl_vec<uint8_t>& Return<void> TrustyKeymaster3Device::generateKey(const hidl_vec<KeyParameter>& keyParams, generateKey_cb _hidl_cb) { - GenerateKeyRequest request; + GenerateKeyRequest request(impl_->message_version()); request.key_description.Reinitialize(KmParamSet(keyParams)); - GenerateKeyResponse response; + GenerateKeyResponse response(impl_->message_version()); impl_->GenerateKey(request, &response); KeyCharacteristics resultCharacteristics; @@ -253,11 +253,11 @@ Return<void> TrustyKeymaster3Device::getKeyCharacteristics(const hidl_vec<uint8_ const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData, getKeyCharacteristics_cb _hidl_cb) { - GetKeyCharacteristicsRequest request; + GetKeyCharacteristicsRequest request(impl_->message_version()); request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); addClientAndAppData(clientId, appData, &request.additional_params); - GetKeyCharacteristicsResponse response; + GetKeyCharacteristicsResponse response(impl_->message_version()); impl_->GetKeyCharacteristics(request, &response); KeyCharacteristics resultCharacteristics; @@ -273,12 +273,12 @@ Return<void> TrustyKeymaster3Device::importKey(const hidl_vec<KeyParameter>& par KeyFormat keyFormat, const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) { - ImportKeyRequest request; + ImportKeyRequest request(impl_->message_version()); request.key_description.Reinitialize(KmParamSet(params)); request.key_format = legacy_enum_conversion(keyFormat); request.SetKeyMaterial(keyData.data(), keyData.size()); - ImportKeyResponse response; + ImportKeyResponse response(impl_->message_version()); impl_->ImportKey(request, &response); KeyCharacteristics resultCharacteristics; @@ -297,12 +297,12 @@ Return<void> TrustyKeymaster3Device::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) { - ExportKeyRequest request; + ExportKeyRequest request(impl_->message_version()); request.key_format = legacy_enum_conversion(exportFormat); request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); addClientAndAppData(clientId, appData, &request.additional_params); - ExportKeyResponse response; + ExportKeyResponse response(impl_->message_version()); impl_->ExportKey(request, &response); hidl_vec<uint8_t> resultKeyBlob; @@ -316,11 +316,11 @@ Return<void> TrustyKeymaster3Device::exportKey(KeyFormat exportFormat, Return<void> TrustyKeymaster3Device::attestKey(const hidl_vec<uint8_t>& keyToAttest, const hidl_vec<KeyParameter>& attestParams, attestKey_cb _hidl_cb) { - AttestKeyRequest request; + AttestKeyRequest request(impl_->message_version()); request.SetKeyMaterial(keyToAttest.data(), keyToAttest.size()); request.attest_params.Reinitialize(KmParamSet(attestParams)); - AttestKeyResponse response; + AttestKeyResponse response(impl_->message_version()); impl_->AttestKey(request, &response); hidl_vec<hidl_vec<uint8_t>> resultCertChain; @@ -334,11 +334,11 @@ Return<void> TrustyKeymaster3Device::attestKey(const hidl_vec<uint8_t>& keyToAtt Return<void> TrustyKeymaster3Device::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade, const hidl_vec<KeyParameter>& upgradeParams, upgradeKey_cb _hidl_cb) { - UpgradeKeyRequest request; + UpgradeKeyRequest request(impl_->message_version()); request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size()); request.upgrade_params.Reinitialize(KmParamSet(upgradeParams)); - UpgradeKeyResponse response; + UpgradeKeyResponse response(impl_->message_version()); impl_->UpgradeKey(request, &response); if (response.error == KM_ERROR_OK) { @@ -350,18 +350,18 @@ Return<void> TrustyKeymaster3Device::upgradeKey(const hidl_vec<uint8_t>& keyBlob } Return<ErrorCode> TrustyKeymaster3Device::deleteKey(const hidl_vec<uint8_t>& keyBlob) { - DeleteKeyRequest request; + DeleteKeyRequest request(impl_->message_version()); request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); - DeleteKeyResponse response; + DeleteKeyResponse response(impl_->message_version()); impl_->DeleteKey(request, &response); return legacy_enum_conversion(response.error); } Return<ErrorCode> TrustyKeymaster3Device::deleteAllKeys() { - DeleteAllKeysRequest request; - DeleteAllKeysResponse response; + DeleteAllKeysRequest request(impl_->message_version()); + DeleteAllKeysResponse response(impl_->message_version()); impl_->DeleteAllKeys(request, &response); return legacy_enum_conversion(response.error); @@ -374,15 +374,15 @@ Return<ErrorCode> TrustyKeymaster3Device::destroyAttestationIds() { Return<void> TrustyKeymaster3Device::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key, const hidl_vec<KeyParameter>& inParams, begin_cb _hidl_cb) { - BeginOperationRequest request; + BeginOperationRequest request(impl_->message_version()); request.purpose = legacy_enum_conversion(purpose); request.SetKeyMaterial(key.data(), key.size()); request.additional_params.Reinitialize(KmParamSet(inParams)); - BeginOperationResponse response; + BeginOperationResponse response(impl_->message_version()); impl_->BeginOperation(request, &response); - hidl_vec<KeyParameter> resultParams; + hidl_vec<KeyParameter> resultParams(impl_->message_version()); if (response.error == KM_ERROR_OK) { resultParams = kmParamSet2Hidl(response.output_params); } @@ -394,8 +394,8 @@ Return<void> TrustyKeymaster3Device::begin(KeyPurpose purpose, const hidl_vec<ui Return<void> TrustyKeymaster3Device::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams, const hidl_vec<uint8_t>& input, update_cb _hidl_cb) { - UpdateOperationRequest request; - UpdateOperationResponse response; + UpdateOperationRequest request(impl_->message_version()); + UpdateOperationResponse response(impl_->message_version()); hidl_vec<KeyParameter> resultParams; hidl_vec<uint8_t> resultBlob; uint32_t resultConsumed = 0; @@ -431,13 +431,13 @@ Return<void> TrustyKeymaster3Device::finish(uint64_t operationHandle, const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature, finish_cb _hidl_cb) { - FinishOperationRequest request; + FinishOperationRequest request(impl_->message_version()); request.op_handle = operationHandle; request.input.Reinitialize(input.data(), input.size()); request.signature.Reinitialize(signature.data(), signature.size()); request.additional_params.Reinitialize(KmParamSet(inParams)); - FinishOperationResponse response; + FinishOperationResponse response(impl_->message_version()); impl_->FinishOperation(request, &response); hidl_vec<KeyParameter> resultParams; @@ -451,10 +451,10 @@ Return<void> TrustyKeymaster3Device::finish(uint64_t operationHandle, } Return<ErrorCode> TrustyKeymaster3Device::abort(uint64_t operationHandle) { - AbortOperationRequest request; + AbortOperationRequest request(impl_->message_version()); request.op_handle = operationHandle; - AbortOperationResponse response; + AbortOperationResponse response(impl_->message_version()); impl_->AbortOperation(request, &response); return legacy_enum_conversion(response.error); diff --git a/trusty/keymaster/4.0/TrustyKeymaster4Device.cpp b/trusty/keymaster/4.0/TrustyKeymaster4Device.cpp index ec2ba12ed..73ad6ae52 100644 --- a/trusty/keymaster/4.0/TrustyKeymaster4Device.cpp +++ b/trusty/keymaster/4.0/TrustyKeymaster4Device.cpp @@ -284,7 +284,7 @@ Return<void> TrustyKeymaster4Device::getHmacSharingParameters( Return<void> TrustyKeymaster4Device::computeSharedHmac( const hidl_vec<HmacSharingParameters>& params, computeSharedHmac_cb _hidl_cb) { - ComputeSharedHmacRequest request; + ComputeSharedHmacRequest request(impl_->message_version()); request.params_array.params_array = new keymaster::HmacSharingParameters[params.size()]; request.params_array.num_params = params.size(); for (size_t i = 0; i < params.size(); ++i) { @@ -309,7 +309,7 @@ Return<void> TrustyKeymaster4Device::computeSharedHmac( Return<void> TrustyKeymaster4Device::verifyAuthorization( uint64_t challenge, const hidl_vec<KeyParameter>& parametersToVerify, const HardwareAuthToken& authToken, verifyAuthorization_cb _hidl_cb) { - VerifyAuthorizationRequest request; + VerifyAuthorizationRequest request(impl_->message_version()); request.challenge = challenge; request.parameters_to_verify.Reinitialize(KmParamSet(parametersToVerify)); request.auth_token.challenge = authToken.challenge; @@ -336,10 +336,10 @@ Return<void> TrustyKeymaster4Device::verifyAuthorization( Return<ErrorCode> TrustyKeymaster4Device::addRngEntropy(const hidl_vec<uint8_t>& data) { if (data.size() == 0) return ErrorCode::OK; - AddEntropyRequest request; + AddEntropyRequest request(impl_->message_version()); request.random_data.Reinitialize(data.data(), data.size()); - AddEntropyResponse response; + AddEntropyResponse response(impl_->message_version()); impl_->AddRngEntropy(request, &response); return legacy_enum_conversion(response.error); @@ -347,10 +347,10 @@ Return<ErrorCode> TrustyKeymaster4Device::addRngEntropy(const hidl_vec<uint8_t>& Return<void> TrustyKeymaster4Device::generateKey(const hidl_vec<KeyParameter>& keyParams, generateKey_cb _hidl_cb) { - GenerateKeyRequest request; + GenerateKeyRequest request(impl_->message_version()); request.key_description.Reinitialize(KmParamSet(keyParams)); - GenerateKeyResponse response; + GenerateKeyResponse response(impl_->message_version()); impl_->GenerateKey(request, &response); KeyCharacteristics resultCharacteristics; @@ -368,11 +368,11 @@ Return<void> TrustyKeymaster4Device::getKeyCharacteristics(const hidl_vec<uint8_ const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData, getKeyCharacteristics_cb _hidl_cb) { - GetKeyCharacteristicsRequest request; + GetKeyCharacteristicsRequest request(impl_->message_version()); request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); addClientAndAppData(clientId, appData, &request.additional_params); - GetKeyCharacteristicsResponse response; + GetKeyCharacteristicsResponse response(impl_->message_version()); impl_->GetKeyCharacteristics(request, &response); KeyCharacteristics resultCharacteristics; @@ -388,12 +388,12 @@ Return<void> TrustyKeymaster4Device::importKey(const hidl_vec<KeyParameter>& par KeyFormat keyFormat, const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) { - ImportKeyRequest request; + ImportKeyRequest request(impl_->message_version()); request.key_description.Reinitialize(KmParamSet(params)); request.key_format = legacy_enum_conversion(keyFormat); request.SetKeyMaterial(keyData.data(), keyData.size()); - ImportKeyResponse response; + ImportKeyResponse response(impl_->message_version()); impl_->ImportKey(request, &response); KeyCharacteristics resultCharacteristics; @@ -411,7 +411,7 @@ Return<void> TrustyKeymaster4Device::importWrappedKey( const hidl_vec<uint8_t>& wrappedKeyData, const hidl_vec<uint8_t>& wrappingKeyBlob, const hidl_vec<uint8_t>& maskingKey, const hidl_vec<KeyParameter>& unwrappingParams, uint64_t passwordSid, uint64_t biometricSid, importWrappedKey_cb _hidl_cb) { - ImportWrappedKeyRequest request; + ImportWrappedKeyRequest request(impl_->message_version()); request.SetWrappedMaterial(wrappedKeyData.data(), wrappedKeyData.size()); request.SetWrappingMaterial(wrappingKeyBlob.data(), wrappingKeyBlob.size()); request.SetMaskingKeyMaterial(maskingKey.data(), maskingKey.size()); @@ -419,7 +419,7 @@ Return<void> TrustyKeymaster4Device::importWrappedKey( request.password_sid = passwordSid; request.biometric_sid = biometricSid; - ImportWrappedKeyResponse response; + ImportWrappedKeyResponse response(impl_->message_version()); impl_->ImportWrappedKey(request, &response); KeyCharacteristics resultCharacteristics; @@ -438,12 +438,12 @@ Return<void> TrustyKeymaster4Device::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) { - ExportKeyRequest request; + ExportKeyRequest request(impl_->message_version()); request.key_format = legacy_enum_conversion(exportFormat); request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); addClientAndAppData(clientId, appData, &request.additional_params); - ExportKeyResponse response; + ExportKeyResponse response(impl_->message_version()); impl_->ExportKey(request, &response); hidl_vec<uint8_t> resultKeyBlob; @@ -457,11 +457,11 @@ Return<void> TrustyKeymaster4Device::exportKey(KeyFormat exportFormat, Return<void> TrustyKeymaster4Device::attestKey(const hidl_vec<uint8_t>& keyToAttest, const hidl_vec<KeyParameter>& attestParams, attestKey_cb _hidl_cb) { - AttestKeyRequest request; + AttestKeyRequest request(impl_->message_version()); request.SetKeyMaterial(keyToAttest.data(), keyToAttest.size()); request.attest_params.Reinitialize(KmParamSet(attestParams)); - AttestKeyResponse response; + AttestKeyResponse response(impl_->message_version()); impl_->AttestKey(request, &response); hidl_vec<hidl_vec<uint8_t>> resultCertChain; @@ -475,11 +475,11 @@ Return<void> TrustyKeymaster4Device::attestKey(const hidl_vec<uint8_t>& keyToAtt Return<void> TrustyKeymaster4Device::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade, const hidl_vec<KeyParameter>& upgradeParams, upgradeKey_cb _hidl_cb) { - UpgradeKeyRequest request; + UpgradeKeyRequest request(impl_->message_version()); request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size()); request.upgrade_params.Reinitialize(KmParamSet(upgradeParams)); - UpgradeKeyResponse response; + UpgradeKeyResponse response(impl_->message_version()); impl_->UpgradeKey(request, &response); if (response.error == KM_ERROR_OK) { @@ -491,18 +491,18 @@ Return<void> TrustyKeymaster4Device::upgradeKey(const hidl_vec<uint8_t>& keyBlob } Return<ErrorCode> TrustyKeymaster4Device::deleteKey(const hidl_vec<uint8_t>& keyBlob) { - DeleteKeyRequest request; + DeleteKeyRequest request(impl_->message_version()); request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); - DeleteKeyResponse response; + DeleteKeyResponse response(impl_->message_version()); impl_->DeleteKey(request, &response); return legacy_enum_conversion(response.error); } Return<ErrorCode> TrustyKeymaster4Device::deleteAllKeys() { - DeleteAllKeysRequest request; - DeleteAllKeysResponse response; + DeleteAllKeysRequest request(impl_->message_version()); + DeleteAllKeysResponse response(impl_->message_version()); impl_->DeleteAllKeys(request, &response); return legacy_enum_conversion(response.error); @@ -516,12 +516,12 @@ Return<void> TrustyKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<ui const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken, begin_cb _hidl_cb) { hidl_vec<KeyParameter> extendedParams = injectAuthToken(inParams, authToken); - BeginOperationRequest request; + BeginOperationRequest request(impl_->message_version()); request.purpose = legacy_enum_conversion(purpose); request.SetKeyMaterial(key.data(), key.size()); request.additional_params.Reinitialize(KmParamSet(extendedParams)); - BeginOperationResponse response; + BeginOperationResponse response(impl_->message_version()); impl_->BeginOperation(request, &response); hidl_vec<KeyParameter> resultParams; @@ -540,8 +540,8 @@ Return<void> TrustyKeymaster4Device::update(uint64_t operationHandle, const VerificationToken& verificationToken, update_cb _hidl_cb) { (void)verificationToken; - UpdateOperationRequest request; - UpdateOperationResponse response; + UpdateOperationRequest request(impl_->message_version()); + UpdateOperationResponse response(impl_->message_version()); hidl_vec<KeyParameter> resultParams; hidl_vec<uint8_t> resultBlob; hidl_vec<KeyParameter> extendedParams = injectAuthToken(inParams, authToken); @@ -581,14 +581,14 @@ Return<void> TrustyKeymaster4Device::finish(uint64_t operationHandle, const VerificationToken& verificationToken, finish_cb _hidl_cb) { (void)verificationToken; - FinishOperationRequest request; + FinishOperationRequest request(impl_->message_version()); hidl_vec<KeyParameter> extendedParams = injectAuthToken(inParams, authToken); request.op_handle = operationHandle; request.input.Reinitialize(input.data(), input.size()); request.signature.Reinitialize(signature.data(), signature.size()); request.additional_params.Reinitialize(KmParamSet(extendedParams)); - FinishOperationResponse response; + FinishOperationResponse response(impl_->message_version()); impl_->FinishOperation(request, &response); hidl_vec<KeyParameter> resultParams; @@ -602,10 +602,10 @@ Return<void> TrustyKeymaster4Device::finish(uint64_t operationHandle, } Return<ErrorCode> TrustyKeymaster4Device::abort(uint64_t operationHandle) { - AbortOperationRequest request; + AbortOperationRequest request(impl_->message_version()); request.op_handle = operationHandle; - AbortOperationResponse response; + AbortOperationResponse response(impl_->message_version()); impl_->AbortOperation(request, &response); return legacy_enum_conversion(response.error); diff --git a/trusty/keymaster/TrustyKeymaster.cpp b/trusty/keymaster/TrustyKeymaster.cpp index 750a9d71c..569003129 100644 --- a/trusty/keymaster/TrustyKeymaster.cpp +++ b/trusty/keymaster/TrustyKeymaster.cpp @@ -31,11 +31,35 @@ int TrustyKeymaster::Initialize() { return err; } - ConfigureRequest req; + // Try GetVersion2 first. + GetVersion2Request versionReq; + GetVersion2Response versionRsp = GetVersion2(versionReq); + if (versionRsp.error != KM_ERROR_OK) { + ALOGW("TA appears not to support GetVersion2, falling back (err = %d)", versionRsp.error); + + GetVersionRequest versionReq; + GetVersionResponse versionRsp; + GetVersion(versionReq, &versionRsp); + if (versionRsp.error != KM_ERROR_OK) { + ALOGE("Failed to get TA version %d", versionRsp.error); + return -1; + } else { + keymaster_error_t error; + message_version_ = NegotiateMessageVersion(versionRsp, &error); + if (error != KM_ERROR_OK) { + ALOGE("Failed to negotiate message version %d", error); + return -1; + } + } + } else { + message_version_ = NegotiateMessageVersion(versionReq, versionRsp); + } + + ConfigureRequest req(message_version()); req.os_version = GetOsVersion(); req.os_patchlevel = GetOsPatchlevel(); - ConfigureResponse rsp; + ConfigureResponse rsp(message_version()); Configure(req, &rsp); if (rsp.error != KM_ERROR_OK) { @@ -52,7 +76,7 @@ TrustyKeymaster::~TrustyKeymaster() { trusty_keymaster_disconnect(); } -static void ForwardCommand(enum keymaster_command command, const Serializable& req, +static void ForwardCommand(enum keymaster_command command, const KeymasterMessage& req, KeymasterResponse* rsp) { keymaster_error_t err; err = trusty_keymaster_send(command, req, rsp); @@ -173,25 +197,30 @@ void TrustyKeymaster::AbortOperation(const AbortOperationRequest& request, } GetHmacSharingParametersResponse TrustyKeymaster::GetHmacSharingParameters() { - // Empty buffer to allow ForwardCommand to have something to serialize - Buffer request; - GetHmacSharingParametersResponse response; + GetHmacSharingParametersRequest request(message_version()); + GetHmacSharingParametersResponse response(message_version()); ForwardCommand(KM_GET_HMAC_SHARING_PARAMETERS, request, &response); return response; } ComputeSharedHmacResponse TrustyKeymaster::ComputeSharedHmac( const ComputeSharedHmacRequest& request) { - ComputeSharedHmacResponse response; + ComputeSharedHmacResponse response(message_version()); ForwardCommand(KM_COMPUTE_SHARED_HMAC, request, &response); return response; } VerifyAuthorizationResponse TrustyKeymaster::VerifyAuthorization( const VerifyAuthorizationRequest& request) { - VerifyAuthorizationResponse response; + VerifyAuthorizationResponse response(message_version()); ForwardCommand(KM_VERIFY_AUTHORIZATION, request, &response); return response; } +GetVersion2Response TrustyKeymaster::GetVersion2(const GetVersion2Request& request) { + GetVersion2Response response(message_version()); + ForwardCommand(KM_GET_VERSION_2, request, &response); + return response; +} + } // namespace keymaster diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h index 030b64598..bec2a2aea 100644 --- a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h +++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h @@ -59,6 +59,12 @@ class TrustyKeymaster { GetHmacSharingParametersResponse GetHmacSharingParameters(); ComputeSharedHmacResponse ComputeSharedHmac(const ComputeSharedHmacRequest& request); VerifyAuthorizationResponse VerifyAuthorization(const VerifyAuthorizationRequest& request); + GetVersion2Response GetVersion2(const GetVersion2Request& request); + + uint32_t message_version() const { return message_version_; } + + private: + uint32_t message_version_; }; } // namespace keymaster diff --git a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h index ce2cc2e10..419c96f71 100644 --- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h +++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h @@ -53,6 +53,7 @@ enum keymaster_command : uint32_t { KM_DELETE_ALL_KEYS = (23 << KEYMASTER_REQ_SHIFT), KM_DESTROY_ATTESTATION_IDS = (24 << KEYMASTER_REQ_SHIFT), KM_IMPORT_WRAPPED_KEY = (25 << KEYMASTER_REQ_SHIFT), + KM_GET_VERSION_2 = (28 << KEYMASTER_REQ_SHIFT), // Bootloader/provisioning calls. KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT), |