快速鏈接:
.
👉👉👉 個人博客筆記導讀目錄(全部) 👈👈👈


相關推薦:
1、Android keymaster的介紹和總結
2、Android keystore/Keymaster的代碼導讀

文章目錄

• • • • 1、keymaster@4.0-service的集成
      • 2、keymaster HAL接口的定義
      • 3、keymaster@4.0-service 純軟實現
      • 3、keymaster@4.0-service beanpod實現
      • 4、keymaster@4.0-service trustonic實現
      • 5、總結

1、keymaster@4.0-service的集成

在device.mk中定義了需要集成的keymaster，多選一:

• android.hardware.keymaster@4.0-service.trustonic
• android.hardware.keymaster@4.0-service.beanpod
• android.hardware.keymaster@4.0-service.beanpod.lite
• android.hardware.keymaster@4.0-service.trustkernel
• android.hardware.keymaster@4.0-service.mtee
• android.hardware.keymaster@4.0-service //純軟

(vim device/mediatek/common/device.mk) # list of all TEEs ifeq ($(strip $(TRUSTONIC_TEE_SUPPORT)), yes)PRODUCT_PACKAGES += android.hardware.keymaster@4.0-service.trustonic else ifeq ($(strip $(MICROTRUST_TEE_SUPPORT)), yes)PRODUCT_PACKAGES += android.hardware.keymaster@4.0-service.beanpod else ifeq ($(strip $(MICROTRUST_TEE_LITE_SUPPORT)), yes)PRODUCT_PACKAGES += android.hardware.keymaster@4.0-service.beanpod.lite else ifeq ($(strip $(TRUSTKERNEL_TEE_SUPPORT)), yes)PRODUCT_PACKAGES += android.hardware.keymaster@4.0-service.trustkernel else ifeq ($(strip $(MTK_IN_HOUSE_TEE_SUPPORT)), yes)PRODUCT_PACKAGES += android.hardware.keymaster@4.0-service.mtee elsePRODUCT_PACKAGES += android.hardware.keymaster@4.0-service endif #end of list of TEEs

2、keymaster HAL接口的定義

hardware/interfaces/keymaster/4.0$ ls Android.bp default IKeymasterDevice.hal support types.hal vts

3、keymaster@4.0-service 純軟實現

hardware/interfaces/keymaster/4.0/default$ ls Android.bp android.hardware.keymaster@4.0-service.rc OWNERS service.cpp (cat service.cpp) #include <android-base/logging.h> #include <android/hardware/keymaster/4.0/IKeymasterDevice.h> #include <hidl/HidlTransportSupport.h>#include <AndroidKeymaster4Device.h>using android::hardware::keymaster::V4_0::SecurityLevel;int main() {::android::hardware::configureRpcThreadpool(1, true /* willJoinThreadpool */);auto keymaster = ::keymaster::V4_0::ng::CreateKeymasterDevice(SecurityLevel::SOFTWARE);auto status = keymaster->registerAsService();if (status != android::OK) {LOG(FATAL) << "Could not register service for Keymaster 4.0 (" << status << ")";}android::hardware::joinRpcThreadpool();return -1; // Should never get here. }(cat android.hardware.keymaster@4.0-service.rc) service vendor.keymaster-4-0 /vendor/bin/hw/android.hardware.keymaster@4.0-serviceinterface android.hardware.keymaster@4.0::IKeymasterDevice defaultclass early_haluser systemgroup system drmrpc

HAL層的綁定：::keymaster::V4_0:🆖:CreateKeymasterDevice

cat system/keymaster/ng/AndroidKeymaster4Device.cpp IKeymasterDevice* CreateKeymasterDevice(SecurityLevel securityLevel) {return new AndroidKeymaster4Device(securityLevel); }

具體實現都在system/keymaster/ng下的AndroidKeymaster41Device.cpp、AndroidKeymaster4Device.cpp、AndroidKeymaster3Device.cpp中，最終被編譯成了:

• libkeymaster3.so
• libkeymaster4.so
• libkeymaster41.so

cc_library_shared {name: "libkeymaster4",srcs: ["legacy_support/keymaster_passthrough_key.cpp","legacy_support/keymaster_passthrough_engine.cpp","legacy_support/keymaster_passthrough_operation.cpp","ng/AndroidKeymaster4Device.cpp","android_keymaster/keymaster_configuration.cpp",],defaults: ["keymaster_defaults"],shared_libs: ["libkeymaster_messages","android.hardware.keymaster@4.0","libcrypto","libcutils","libbase","libhidlbase","libkeymaster_portable","libpuresoftkeymasterdevice","liblog","libutils","libkeymaster4support",],export_include_dirs: ["ng/include"], }

3、keymaster@4.0-service beanpod實現

vendor/mediatek/proprietary/trustzone/microtrust/source/common/300/km4.0$ ls Android.bp BeanpodKeymaster.cpp kmsetkey_ca.cpp NOTICE ut_kmsetkey.cpp android.hardware.keymaster@4.0-service.beanpod.rc beanpod_keymaster_ipc.cpp manifest.keymaster.xml service.cpp ut_km_tac.cpp BeanpodKeymaster4Device.cpp include microtrust.bp_kmsetkey_ca.rc ut_km_ioctl.cpp (cat service.cpp)#include <android-base/logging.h> #include <android/hardware/keymaster/4.0/IKeymasterDevice.h> #include <hidl/HidlTransportSupport.h> #include <BeanpodKeymaster.h> #include <BeanpodKeymaster4Device.h> #include <cutils/properties.h>int main() {::android::hardware::configureRpcThreadpool(1, true);auto bpKeymaster = new keymaster::BeanpodKeymaster();int err = bpKeymaster->Initialize();if (err != 0) {LOG(FATAL) << "Could not initialize TrustyKeymaster (" << err << ")";return -1;}auto keymaster = new ::keymaster::V4_0::ng::BeanpodKeymaster4Device(bpKeymaster);auto status = keymaster->registerAsService();if (status != android::OK) {LOG(FATAL) << "Could not register service for Keymaster 4.0 (" << status << ")";return -1;}LOG(INFO) << "register beanpod keymaster4.0 success";android::hardware::joinRpcThreadpool();return -1; // Should never get here. }service vendor.keymaster-4-0-beanpod /vendor/bin/hw/android.hardware.keymaster@4.0-service.beanpodclass early_haluser systemgroup system drmrpc

HAL層的綁定：

auto bpKeymaster = new keymaster::BeanpodKeymaster(); auto keymaster = new ::keymaster::V4_0::ng::BeanpodKeymaster4Device(bpKeymaster);（cat vendor/mediatek/proprietary/trustzone/microtrust/source/common/300/km4.0/BeanpodKeymaster4Device.cpp） BeanpodKeymaster4Device::BeanpodKeymaster4Device(BeanpodKeymaster* impl): impl_(impl) {securityLevel_ = SecurityLevel::TRUSTED_ENVIRONMENT;}

Beanpod的HAL實現，被編譯到了android.hardware.keymaster@4.0-service.beanpod中

cc_binary {name: "android.hardware.keymaster@4.0-service.beanpod",vendor: true,init_rc: ["android.hardware.keymaster@4.0-service.beanpod.rc"],srcs: ["beanpod_keymaster_ipc.cpp","BeanpodKeymaster4Device.cpp","BeanpodKeymaster.cpp","service.cpp",],proprietary: true,relative_install_path: "hw",owner: "mtk",local_include_dirs: ["include",],shared_libs: ["liblog","libcutils","libdl","libbase","libutils","libhardware","libhidlbase","libkeymaster_messages","libkeymaster4","android.hardware.keymaster@4.0","libTEECommon",], }

4、keymaster@4.0-service trustonic實現

vendor/mediatek/proprietary/trustzone/trustonic/source/external/keymaster/common/4.0$ ls Android.bp android.hardware.keymaster@4.0-service.trustonic.rc Android.mk.skip include NOTICE src testvendor/mediatek/proprietary/trustzone/trustonic/source/external/keymaster/common/4.0$ ls src/ authlist.cpp cust_tee_keymaster_utils.cpp km_shared_util.cpp service.cpp TrustonicKeymaster4Device.cpp cust_tee_keymaster_impl.cpp km_encodings.cpp serialization.cpp tlcTeeKeymaster_if.cpp TrustonicKeymaster4DeviceImpl.cpp #include <android-base/logging.h> #include <android/hardware/keymaster/4.0/IKeymasterDevice.h> #include <hidl/HidlTransportSupport.h> //#include <AndroidKeymaster4Device.h> #include <TrustonicKeymaster4Device.h>//using android::hardware::keymaster::V4_0::SecurityLevel;int main() {::android::hardware::configureRpcThreadpool(1, true /* willJoinThreadpool */);LOG(INFO) << "Trustonic Keymaster 4.0 Service starts";TrustonicKeymaster4DeviceImpl *impl = new TrustonicKeymaster4DeviceImpl();android::sp <::android::hardware::keymaster::V4_0::IKeymasterDevice> keymaster = new ::android::hardware::keymaster::V4_0::implementation::TrustonicKeymaster4Device(impl);//auto keymaster = ::keymaster::V4_0::ng::CreateKeymasterDevice(SecurityLevel::SOFTWARE);auto status = keymaster->registerAsService();if (status != android::OK) {LOG(FATAL) << "Could not register service for Keymaster 4.0 (" << status << ")";}LOG(INFO) << "Trustonic Keymaster 4.0 Service registered";android::hardware::joinRpcThreadpool();return -1; // Should never get here. }service vendor.keymaster-4-0-trustonic /vendor/bin/hw/android.hardware.keymaster@4.0-service.trustonicclass early_haluser systemgroup system drmrpc

HAL層的綁定：::android::hardware::keymaster::V4_0::implementation::TrustonicKeymaster4Device(impl)

（vendor/mediatek/proprietary/trustzone/trustonic/source/external/keymaster/common/4.0/src/TrustonicKeymaster4Device.cpp） （vendor/mediatek/proprietary/trustzone/trustonic/source/external/keymaster/common/4.0/src/TrustonicKeymaster4DeviceImpl.cpp）TrustonicKeymaster4Device(TrustonicKeymaster4DeviceImpl *impl): impl_(impl) {}

trustonic HAL層的實現, 被編譯到了android.hardware.keymaster@4.0-service.trustonic中

cc_binary {name: "android.hardware.keymaster@4.0-service.trustonic",defaults: ["hidl_defaults"],relative_install_path: "hw",vendor: true,init_rc: ["android.hardware.keymaster@4.0-service.trustonic.rc"],srcs: ["src/service.cpp","src/authlist.cpp","src/cust_tee_keymaster_impl.cpp","src/cust_tee_keymaster_utils.cpp","src/km_encodings.cpp","src/km_shared_util.cpp","src/serialization.cpp","src/tlcTeeKeymaster_if.cpp","src/TrustonicKeymaster4DeviceImpl.cpp","src/TrustonicKeymaster4Device.cpp"],local_include_dirs: ["include"],shared_libs: ["android.hardware.keymaster@4.0","libbase","libcutils","libhardware","libhidlbase","libkeymaster4","liblog","libutils","libMcClient","libcrypto"],}

5、總結

• 如果開啟純軟的keymaster，則
  service在android.hardware.keymaster@4.0-service中
  HAL的具體實現在libkeymaster3.so、libkeymaster4.so、libkeymaster41.so 中

• 如果開啟beanpod keymaster,則：
  service和HAL的具體實現，都在android.hardware.keymaster@4.0-service.beanpod中
  keyattestation不在keymaster HAL中，而是編譯到kmsetkey.beanpod.so，bp_kmsetkey_ca是測試程序

• 如果開啟trustonic keymaster,則：
  service和HAL的具體實現，都在android.hardware.keymaster@4.0-service.trustonic中

如果開啟beanpod TEE,編譯后是生成的相關文件：

./vendor/etc/init/vendor.mediatek.hardware.keymaster_attestation@1.1-service.rc ./vendor/etc/init/android.hardware.keymaster@4.0-service.beanpod.rc./vendor/lib/hw/kmsetkey.beanpod.so ./vendor/lib/libkmsetkey.so ./vendor/bin/hw/android.hardware.keymaster@4.0-service.beanpod./vendor/lib/libkeymaster4.so ./vendor/lib/libpuresoftkeymasterdevice.so ./vendor/lib/libkeymaster4support.so ./vendor/lib/libkeymaster_portable.so ./vendor/lib/libkeymaster_messages.so./vendor/lib/vendor.mediatek.hardware.keymaster_attestation@1.0.so ./vendor/lib/vendor.mediatek.hardware.keymaster_attestation@1.1.so ./vendor/lib/hw/vendor.mediatek.hardware.keymaster_attestation@1.1-impl.so ./vendor/bin/hw/vendor.mediatek.hardware.keymaster_attestation@1.1-service

問: 明明只是開啟beanpod的keymaster，為什么還會編譯出純軟的keymaster（libkeymaster4.so）？
答: 那是因為在編譯beandpod的android.hardware.keymaster@4.0-service.beanpod時，依賴了這些庫，所有這些庫也會跟著編譯

shared_libs: ["liblog","libcutils","libdl","libbase","libutils","libhardware","libhidlbase","libkeymaster_messages","libkeymaster4","android.hardware.keymaster@4.0","libTEECommon",],

總結

以上是生活随笔為你收集整理的Android keymaster4.0- device集成笔记的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。