最近在尝试升级optee的keymaster3实现到keymaster4。
记录下升级过程中的方法和一些坑,便于回溯。
keymaster源码:https://github.com/linaro-swg/kmgk
基于这份源码,based android R,修复了一些cts问题,之后尝试从3.0升级到4.0。
首先需要明确的是,需要新开发的接口,所以有了这个对比图。
版本:android11
hardware/interfaces/keymaster/4.1/IKeymasterDevice.hal
hardware/interfaces/keymaster/4.0/IKeymasterDevice.hal
hardware/interfaces/keymaster/3.0/IKeymasterDevice.hal
|
3.0 |
4.0 | 4.1 |
deviceLocked(bool passwordOnly, VerificationToken verificationToken) |
||
earlyBootEnded() |
||
getHardwareInfo() |
||
getHmacSharingParameters() |
||
computeSharedHmac(vec<HmacSharingParameters> params) |
||
verifyAuthorization(uint64_t operationHandle, vec<KeyParameter> parametersToVerify,
HardwareAuthToken authToken)
|
||
getHardwareFeatures() |
||
addRngEntropy(vec<uint8_t> data) |
addRngEntropy(vec<uint8_t> data) |
|
generateKey(vec<KeyParameter> keyParams) |
generateKey(vec<KeyParameter> keyParams) |
|
importKey(vec<KeyParameter> params, KeyFormat keyFormat, vec<uint8_t> keyData) |
importKey(vec<KeyParameter> keyParams, KeyFormat keyFormat, vec<uint8_t> keyData) |
|
importWrappedKey(vec<uint8_t> wrappedKeyData, vec<uint8_t> wrappingKeyBlob,
vec<uint8_t> maskingKey, vec<KeyParameter> unwrappingParams,
uint64_t passwordSid, uint64_t biometricSid)
|
||
getKeyCharacteristics(vec<uint8_t> keyBlob, vec<uint8_t> clientId, vec<uint8_t> appData) |
getKeyCharacteristics(vec<uint8_t> keyBlob, vec<uint8_t> clientId, vec<uint8_t> appData) |
|
exportKey(KeyFormat keyFormat, vec<uint8_t> keyBlob, vec<uint8_t> clientId,
vec<uint8_t> appData)
|
exportKey(KeyFormat keyFormat, vec<uint8_t> keyBlob, vec<uint8_t> clientId,
vec<uint8_t> appData)
|
|
attestKey(vec<uint8_t> keyToAttest, vec<KeyParameter> attestParams) |
attestKey(vec<uint8_t> keyToAttest, vec<KeyParameter> attestParams) |
|
upgradeKey(vec<uint8_t> keyBlobToUpgrade, vec<KeyParameter> upgradeParams) |
upgradeKey(vec<uint8_t> keyBlobToUpgrade, vec<KeyParameter> upgradeParams) |
|
deleteKey(vec<uint8_t> keyBlob) |
deleteKey(vec<uint8_t> keyBlob) |
|
deleteAllKeys() |
deleteAllKeys() |
|
destroyAttestationIds() |
destroyAttestationIds() |
|
begin(KeyPurpose purpose, vec<uint8_t> key, vec<KeyParameter> inParams) |
begin(KeyPurpose purpose, vec<uint8_t> keyBlob, vec<KeyParameter> inParams,
HardwareAuthToken authToken)
|
|
update(OperationHandle operationHandle, vec<KeyParameter> inParams, vec<uint8_t> input) |
update(OperationHandle operationHandle, vec<KeyParameter> inParams, vec<uint8_t> input,
HardwareAuthToken authToken, VerificationToken verificationToken)
|
|
finish(OperationHandle operationHandle, vec<KeyParameter> inParams, vec<uint8_t> input,
vec<uint8_t> signature)
|
finish(OperationHandle operationHandle, vec<KeyParameter> inParams, vec<uint8_t> input,
vec<uint8_t> signature, HardwareAuthToken authToken, VerificationToken verificationToken)
|
|
abort(OperationHandle operationHandle) |
abort(OperationHandle operationHandle) |