projects / GitHub / LineageOS / G12 / android_device_amlogic_g12-common.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f1e8b82)
g12: Guard prebuilt tee*/keymaster for devices with no OP-TEE
authorJan Altensen <info@stricted.net>
Fri, 2 Jul 2021 05:43:16 +0000 (07:43 +0200)
committerNolen Johnson <johnsonnolen@gmail.com>
Tue, 27 Jul 2021 21:19:04 +0000 (17:19 -0400)
* These need to be split out because development
  boards don't have OP-TEE, and even if they could
  kang another device's, we have no functional keys
  or TA files, so it's useless and broken.

* Devices that have no OP-TEE need to set
  `TARGET_HAS_TEE := false` in their lineage_${DEVICE}.mk.

* So that we can successfully encrypt as per the fstab
  entry for `/data`,  build the AOSP keymaster 4.1 service,
  and that uses a VINTF fragment.

Change-Id: I8756ba2d9cd5c53725645185783f9e15b739602c

BoardConfigCommon.mk patch | blob | blame | history
extract-files.sh patch | blob | blame | history
g12.mk patch | blob | blame | history
manifest-tee.xml [new file with mode: 0644] patch | blob
manifest.xml patch | blob | blame | history
proprietary-files-tee.txt [new file with mode: 0644] patch | blob
proprietary-files.txt patch | blob | blame | history
setup-makefiles.sh patch | blob | blame | history

diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index b31b3b0d2ad8cc6b9f0475b1a9e3ebf41b4f645d..9599ca2127d89e4dfdb30a6d704551a5a400d435 100644 (file)
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -38,6 +38,9 @@ TARGET_SCREEN_DENSITY := 320
 
 ## HIDL
 DEVICE_MANIFEST_FILE := $(COMMON_PATH)/manifest.xml
+ifneq ($(TARGET_HAS_TEE),false)
+DEVICE_MANIFEST_FILE += $(COMMON_PATH)/manifest-tee.xml
+endif
 DEVICE_MATRIX_FILE := $(COMMON_PATH)/compatibility_matrix.xml
 
 ## Kernel
diff --git a/extract-files.sh b/extract-files.sh
index 90a24a0eb76cea332733ef5619771a59d1ddaff0..c53e26c0857e445d73e4c34a8e26ae2d1f4a0d1e 100755 (executable)
--- a/extract-files.sh
+++ b/extract-files.sh
@@ -88,6 +88,7 @@ if [ -z "${ONLY_TARGET}" ]; then
     setup_vendor "${DEVICE_COMMON}" "${VENDOR_COMMON}" "${ANDROID_ROOT}" true "${CLEAN_VENDOR}"
 
     extract "${MY_DIR}/proprietary-files.txt" "${SRC}" "${KANG}" --section "${SECTION}"
+    extract "${MY_DIR}/proprietary-files-tee.txt" "${SRC}" "${KANG}" --section "${SECTION}"
 fi
 
 if [ -z "${ONLY_COMMON}" ] && [ -s "${MY_DIR}/../../${VENDOR_DEVICE}/${DEVICE}/proprietary-files.txt" ]; then
diff --git a/g12.mk b/g12.mk
index 87d35e18a9099a925277d9938ed2c60fd81ed861..12e984649b7ff33a19a13d28a82df8af2e5c05d8 100644 (file)
--- a/g12.mk
+++ b/g12.mk
@@ -129,6 +129,11 @@ PRODUCT_PACKAGES += \
     libpuresoftkeymasterdevice.vendor \
     libsoft_attestation_cert.vendor
 
+ifeq ($(TARGET_HAS_TEE),false)
+PRODUCT_PACKAGES += \
+    android.hardware.keymaster@4.1-service
+endif
+
 ## Logo
 PRODUCT_HOST_PACKAGES += \
     res_packer
diff --git a/manifest-tee.xml b/manifest-tee.xml
new file mode 100644 (file)
index 0000000..4a2e0a1
--- /dev/null
+++ b/manifest-tee.xml
@@ -0,0 +1,12 @@
+<manifest version="2.0" type="device" target-level="4">
+    <hal format="hidl">
+        <name>android.hardware.keymaster</name>
+        <transport>hwbinder</transport>
+        <version>4.1</version>
+        <interface>
+            <name>IKeymasterDevice</name>
+            <instance>default</instance>
+        </interface>
+        <fqname>@4.1::IKeymasterDevice/default</fqname>
+    </hal>
+</manifest>
diff --git a/manifest.xml b/manifest.xml
index 3e1d3187b67949dfe9f3ff95830c184aa4840b3b..a7148adf4f31428c88fab915246a6e7d408a6acf 100644 (file)
--- a/manifest.xml
+++ b/manifest.xml
@@ -112,16 +112,6 @@
         </interface>
         <fqname>@2.0::IHealth/default</fqname>
     </hal>
-    <hal format="hidl">
-        <name>android.hardware.keymaster</name>
-        <transport>hwbinder</transport>
-        <version>4.1</version>
-        <interface>
-            <name>IKeymasterDevice</name>
-            <instance>default</instance>
-        </interface>
-        <fqname>@4.1::IKeymasterDevice/default</fqname>
-    </hal>
     <hal format="hidl">
         <name>android.hardware.media.omx</name>
         <transport>hwbinder</transport>
diff --git a/proprietary-files-tee.txt b/proprietary-files-tee.txt
new file mode 100644 (file)
index 0000000..3fb309b
--- /dev/null
+++ b/proprietary-files-tee.txt
@@ -0,0 +1,13 @@
+### All blobs from this list, unless pinned and noted as otherwise,
+##  are from adt3-user 11 RTT1.200909.003.A2 6832896 release-keys.
+
+## TEE/Keymaster
+vendor/bin/hw/android.hardware.keymaster@4.1-service.amlogic
+vendor/etc/init/android.hardware.keymaster@4.1-service.amlogic.rc
+vendor/lib/libtee_load_video_fw.so
+vendor/lib/libteec.so
+vendor/lib/libsecmem.so
+vendor/bin/tee-supplicant
+vendor/bin/tee_preload_fw
+vendor/etc/init/tee-supplicant.rc
+vendor/etc/init/tee_preload_fw.rc
diff --git a/proprietary-files.txt b/proprietary-files.txt
index 417d24e8bd1d2ea7a1c310d323811ce0cb4546f0..cce3b5fc1123a04c4e53fef83a4f2c1efb97dc6a 100644 (file)
--- a/proprietary-files.txt
+++ b/proprietary-files.txt
@@ -47,15 +47,12 @@ vendor/bin/hw/android.hardware.drm@1.3-service.widevine
 vendor/bin/hw/android.hardware.dumpstate@1.0-service.droidlogic
 vendor/bin/hw/android.hardware.graphics.composer@2.4-service.droidlogic
 vendor/bin/hw/android.hardware.health@2.0-service.droidlogic
-vendor/bin/hw/android.hardware.keymaster@4.1-service.amlogic
 vendor/bin/hw/android.hardware.oemlock@1.0-service.droidlogic
 vendor/bin/hw/android.hardware.thermal@2.0-service.droidlogic
 vendor/bin/hw/android.hardware.usb.gadget@1.1-service.droidlogic
 vendor/bin/oemcrypto_test_aml
 vendor/bin/remotecfg
 vendor/bin/systemcontrol
-vendor/bin/tee-supplicant
-vendor/bin/tee_preload_fw
 vendor/etc/audio_effects.conf
 vendor/etc/bluetooth/4343.hcd
 vendor/etc/bluetooth/BCM20702.hcd
@@ -82,7 +79,6 @@ vendor/etc/init/android.hardware.dumpstate@1.0-service.droidlogic.rc
 vendor/etc/init/android.hardware.graphics.allocator@3.0-service.rc
 vendor/etc/init/android.hardware.graphics.composer@2.4-service.droidlogic.rc
 vendor/etc/init/android.hardware.health@2.0-service.droidlogic.rc
-vendor/etc/init/android.hardware.keymaster@4.1-service.amlogic.rc
 vendor/etc/init/android.hardware.oemlock@1.0-service.droidlogic.rc
 vendor/etc/init/android.hardware.thermal@2.0-service.droidlogic.rc
 vendor/etc/init/android.hardware.usb.gadget@1.1-service.droidlogic.rc
@@ -93,8 +89,6 @@ vendor/etc/init/hdmicecd.rc
 vendor/etc/init/irblaster1.rc
 vendor/etc/init/sysfs_permissions.rc
 vendor/etc/init/systemcontrol.rc
-vendor/etc/init/tee-supplicant.rc
-vendor/etc/init/tee_preload_fw.rc
 vendor/etc/mesondisplay.cfg
 vendor/etc/permissions/android.software.cant_save_state.xml
 vendor/etc/permissions/droidlogic.software.core.xml
@@ -209,8 +203,6 @@ vendor/lib/libremotecontrolserver.so
 vendor/lib/libsecmem.so
 vendor/lib/libstagefrighthw.so
 vendor/lib/libsystemcontrolservice.so
-vendor/lib/libtee_load_video_fw.so
-vendor/lib/libteec.so
 vendor/lib/libthreadworker_alt.so
 vendor/lib/libtvbinder.so
 vendor/lib/libvideotunnel.so
diff --git a/setup-makefiles.sh b/setup-makefiles.sh
index 911a638efada7f447b55bf722b93e855df359420..9f8d0f475a75a6750b027e7cce6ed644cd06bead 100755 (executable)
--- a/setup-makefiles.sh
+++ b/setup-makefiles.sh
@@ -30,6 +30,14 @@ write_headers "g12a g12b sm1" "TARGET_AMLOGIC_SOC"
 # The standard common blobs
 write_makefiles "${MY_DIR}/proprietary-files.txt" true
 
+# The BSP blobs - we put a conditional in case the BSP
+# is actually being built
+printf '\n%s\n' 'ifneq ($(TARGET_HAS_TEE),false)' >> "$PRODUCTMK"
+
+write_makefiles "${MY_DIR}/proprietary-files-tee.txt" true
+
+printf '%s\n' 'endif' >> "$PRODUCTMK"
+
 # Finish
 write_footers