日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 运维知识 > Android >内容正文

Android

Android keymaster4.0- device集成笔记

發(fā)布時間:2025/3/21 Android 35 豆豆
生活随笔 收集整理的這篇文章主要介紹了 Android keymaster4.0- device集成笔记 小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.

快速鏈接:
.
👉👉👉 個人博客筆記導讀目錄(全部) 👈👈👈


相關推薦:
1、Android keymaster的介紹和總結
2、Android keystore/Keymaster的代碼導讀

文章目錄

        • 1、keymaster@4.0-service的集成
        • 2、keymaster HAL接口的定義
        • 3、keymaster@4.0-service 純軟實現(xiàn)
        • 3、keymaster@4.0-service beanpod實現(xiàn)
        • 4、keymaster@4.0-service trustonic實現(xiàn)
        • 5、總結

1、keymaster@4.0-service的集成

在device.mk中定義了需要集成的keymaster,多選一:

  • android.hardware.keymaster@4.0-service.trustonic
  • android.hardware.keymaster@4.0-service.beanpod
  • android.hardware.keymaster@4.0-service.beanpod.lite
  • android.hardware.keymaster@4.0-service.trustkernel
  • android.hardware.keymaster@4.0-service.mtee
  • android.hardware.keymaster@4.0-service //純軟
(vim device/mediatek/common/device.mk) # list of all TEEs ifeq ($(strip $(TRUSTONIC_TEE_SUPPORT)), yes)PRODUCT_PACKAGES += android.hardware.keymaster@4.0-service.trustonic else ifeq ($(strip $(MICROTRUST_TEE_SUPPORT)), yes)PRODUCT_PACKAGES += android.hardware.keymaster@4.0-service.beanpod else ifeq ($(strip $(MICROTRUST_TEE_LITE_SUPPORT)), yes)PRODUCT_PACKAGES += android.hardware.keymaster@4.0-service.beanpod.lite else ifeq ($(strip $(TRUSTKERNEL_TEE_SUPPORT)), yes)PRODUCT_PACKAGES += android.hardware.keymaster@4.0-service.trustkernel else ifeq ($(strip $(MTK_IN_HOUSE_TEE_SUPPORT)), yes)PRODUCT_PACKAGES += android.hardware.keymaster@4.0-service.mtee elsePRODUCT_PACKAGES += android.hardware.keymaster@4.0-service endif #end of list of TEEs

2、keymaster HAL接口的定義

hardware/interfaces/keymaster/4.0$ ls Android.bp default IKeymasterDevice.hal support types.hal vts

3、keymaster@4.0-service 純軟實現(xiàn)

hardware/interfaces/keymaster/4.0/default$ ls Android.bp android.hardware.keymaster@4.0-service.rc OWNERS service.cpp (cat service.cpp) #include <android-base/logging.h> #include <android/hardware/keymaster/4.0/IKeymasterDevice.h> #include <hidl/HidlTransportSupport.h>#include <AndroidKeymaster4Device.h>using android::hardware::keymaster::V4_0::SecurityLevel;int main() {::android::hardware::configureRpcThreadpool(1, true /* willJoinThreadpool */);auto keymaster = ::keymaster::V4_0::ng::CreateKeymasterDevice(SecurityLevel::SOFTWARE);auto status = keymaster->registerAsService();if (status != android::OK) {LOG(FATAL) << "Could not register service for Keymaster 4.0 (" << status << ")";}android::hardware::joinRpcThreadpool();return -1; // Should never get here. }(cat android.hardware.keymaster@4.0-service.rc) service vendor.keymaster-4-0 /vendor/bin/hw/android.hardware.keymaster@4.0-serviceinterface android.hardware.keymaster@4.0::IKeymasterDevice defaultclass early_haluser systemgroup system drmrpc

HAL層的綁定:::keymaster::V4_0:🆖:CreateKeymasterDevice

cat system/keymaster/ng/AndroidKeymaster4Device.cpp IKeymasterDevice* CreateKeymasterDevice(SecurityLevel securityLevel) {return new AndroidKeymaster4Device(securityLevel); }

具體實現(xiàn)都在system/keymaster/ng下的AndroidKeymaster41Device.cpp、AndroidKeymaster4Device.cpp、AndroidKeymaster3Device.cpp中,最終被編譯成了:

  • libkeymaster3.so
  • libkeymaster4.so
  • libkeymaster41.so
cc_library_shared {name: "libkeymaster4",srcs: ["legacy_support/keymaster_passthrough_key.cpp","legacy_support/keymaster_passthrough_engine.cpp","legacy_support/keymaster_passthrough_operation.cpp","ng/AndroidKeymaster4Device.cpp","android_keymaster/keymaster_configuration.cpp",],defaults: ["keymaster_defaults"],shared_libs: ["libkeymaster_messages","android.hardware.keymaster@4.0","libcrypto","libcutils","libbase","libhidlbase","libkeymaster_portable","libpuresoftkeymasterdevice","liblog","libutils","libkeymaster4support",],export_include_dirs: ["ng/include"], }

3、keymaster@4.0-service beanpod實現(xiàn)

vendor/mediatek/proprietary/trustzone/microtrust/source/common/300/km4.0$ ls Android.bp BeanpodKeymaster.cpp kmsetkey_ca.cpp NOTICE ut_kmsetkey.cpp android.hardware.keymaster@4.0-service.beanpod.rc beanpod_keymaster_ipc.cpp manifest.keymaster.xml service.cpp ut_km_tac.cpp BeanpodKeymaster4Device.cpp include microtrust.bp_kmsetkey_ca.rc ut_km_ioctl.cpp (cat service.cpp)#include <android-base/logging.h> #include <android/hardware/keymaster/4.0/IKeymasterDevice.h> #include <hidl/HidlTransportSupport.h> #include <BeanpodKeymaster.h> #include <BeanpodKeymaster4Device.h> #include <cutils/properties.h>int main() {::android::hardware::configureRpcThreadpool(1, true);auto bpKeymaster = new keymaster::BeanpodKeymaster();int err = bpKeymaster->Initialize();if (err != 0) {LOG(FATAL) << "Could not initialize TrustyKeymaster (" << err << ")";return -1;}auto keymaster = new ::keymaster::V4_0::ng::BeanpodKeymaster4Device(bpKeymaster);auto status = keymaster->registerAsService();if (status != android::OK) {LOG(FATAL) << "Could not register service for Keymaster 4.0 (" << status << ")";return -1;}LOG(INFO) << "register beanpod keymaster4.0 success";android::hardware::joinRpcThreadpool();return -1; // Should never get here. }service vendor.keymaster-4-0-beanpod /vendor/bin/hw/android.hardware.keymaster@4.0-service.beanpodclass early_haluser systemgroup system drmrpc

HAL層的綁定:

auto bpKeymaster = new keymaster::BeanpodKeymaster(); auto keymaster = new ::keymaster::V4_0::ng::BeanpodKeymaster4Device(bpKeymaster);(cat vendor/mediatek/proprietary/trustzone/microtrust/source/common/300/km4.0/BeanpodKeymaster4Device.cpp) BeanpodKeymaster4Device::BeanpodKeymaster4Device(BeanpodKeymaster* impl): impl_(impl) {securityLevel_ = SecurityLevel::TRUSTED_ENVIRONMENT;}

Beanpod的HAL實現(xiàn),被編譯到了android.hardware.keymaster@4.0-service.beanpod中

cc_binary {name: "android.hardware.keymaster@4.0-service.beanpod",vendor: true,init_rc: ["android.hardware.keymaster@4.0-service.beanpod.rc"],srcs: ["beanpod_keymaster_ipc.cpp","BeanpodKeymaster4Device.cpp","BeanpodKeymaster.cpp","service.cpp",],proprietary: true,relative_install_path: "hw",owner: "mtk",local_include_dirs: ["include",],shared_libs: ["liblog","libcutils","libdl","libbase","libutils","libhardware","libhidlbase","libkeymaster_messages","libkeymaster4","android.hardware.keymaster@4.0","libTEECommon",], }

4、keymaster@4.0-service trustonic實現(xiàn)

vendor/mediatek/proprietary/trustzone/trustonic/source/external/keymaster/common/4.0$ ls Android.bp android.hardware.keymaster@4.0-service.trustonic.rc Android.mk.skip include NOTICE src testvendor/mediatek/proprietary/trustzone/trustonic/source/external/keymaster/common/4.0$ ls src/ authlist.cpp cust_tee_keymaster_utils.cpp km_shared_util.cpp service.cpp TrustonicKeymaster4Device.cpp cust_tee_keymaster_impl.cpp km_encodings.cpp serialization.cpp tlcTeeKeymaster_if.cpp TrustonicKeymaster4DeviceImpl.cpp #include <android-base/logging.h> #include <android/hardware/keymaster/4.0/IKeymasterDevice.h> #include <hidl/HidlTransportSupport.h> //#include <AndroidKeymaster4Device.h> #include <TrustonicKeymaster4Device.h>//using android::hardware::keymaster::V4_0::SecurityLevel;int main() {::android::hardware::configureRpcThreadpool(1, true /* willJoinThreadpool */);LOG(INFO) << "Trustonic Keymaster 4.0 Service starts";TrustonicKeymaster4DeviceImpl *impl = new TrustonicKeymaster4DeviceImpl();android::sp <::android::hardware::keymaster::V4_0::IKeymasterDevice> keymaster = new ::android::hardware::keymaster::V4_0::implementation::TrustonicKeymaster4Device(impl);//auto keymaster = ::keymaster::V4_0::ng::CreateKeymasterDevice(SecurityLevel::SOFTWARE);auto status = keymaster->registerAsService();if (status != android::OK) {LOG(FATAL) << "Could not register service for Keymaster 4.0 (" << status << ")";}LOG(INFO) << "Trustonic Keymaster 4.0 Service registered";android::hardware::joinRpcThreadpool();return -1; // Should never get here. }service vendor.keymaster-4-0-trustonic /vendor/bin/hw/android.hardware.keymaster@4.0-service.trustonicclass early_haluser systemgroup system drmrpc

HAL層的綁定:::android::hardware::keymaster::V4_0::implementation::TrustonicKeymaster4Device(impl)

(vendor/mediatek/proprietary/trustzone/trustonic/source/external/keymaster/common/4.0/src/TrustonicKeymaster4Device.cpp) (vendor/mediatek/proprietary/trustzone/trustonic/source/external/keymaster/common/4.0/src/TrustonicKeymaster4DeviceImpl.cpp)TrustonicKeymaster4Device(TrustonicKeymaster4DeviceImpl *impl): impl_(impl) {}

trustonic HAL層的實現(xiàn), 被編譯到了android.hardware.keymaster@4.0-service.trustonic中

cc_binary {name: "android.hardware.keymaster@4.0-service.trustonic",defaults: ["hidl_defaults"],relative_install_path: "hw",vendor: true,init_rc: ["android.hardware.keymaster@4.0-service.trustonic.rc"],srcs: ["src/service.cpp","src/authlist.cpp","src/cust_tee_keymaster_impl.cpp","src/cust_tee_keymaster_utils.cpp","src/km_encodings.cpp","src/km_shared_util.cpp","src/serialization.cpp","src/tlcTeeKeymaster_if.cpp","src/TrustonicKeymaster4DeviceImpl.cpp","src/TrustonicKeymaster4Device.cpp"],local_include_dirs: ["include"],shared_libs: ["android.hardware.keymaster@4.0","libbase","libcutils","libhardware","libhidlbase","libkeymaster4","liblog","libutils","libMcClient","libcrypto"],}

5、總結

  • 如果開啟純軟的keymaster,則
    service在android.hardware.keymaster@4.0-service中
    HAL的具體實現(xiàn)在libkeymaster3.so、libkeymaster4.so、libkeymaster41.so 中

  • 如果開啟beanpod keymaster,則:
    service和HAL的具體實現(xiàn),都在android.hardware.keymaster@4.0-service.beanpod中
    keyattestation不在keymaster HAL中,而是編譯到kmsetkey.beanpod.so,bp_kmsetkey_ca是測試程序

  • 如果開啟trustonic keymaster,則:
    service和HAL的具體實現(xiàn),都在android.hardware.keymaster@4.0-service.trustonic中

如果開啟beanpod TEE,編譯后是生成的相關文件:

./vendor/etc/init/vendor.mediatek.hardware.keymaster_attestation@1.1-service.rc ./vendor/etc/init/android.hardware.keymaster@4.0-service.beanpod.rc./vendor/lib/hw/kmsetkey.beanpod.so ./vendor/lib/libkmsetkey.so ./vendor/bin/hw/android.hardware.keymaster@4.0-service.beanpod./vendor/lib/libkeymaster4.so ./vendor/lib/libpuresoftkeymasterdevice.so ./vendor/lib/libkeymaster4support.so ./vendor/lib/libkeymaster_portable.so ./vendor/lib/libkeymaster_messages.so./vendor/lib/vendor.mediatek.hardware.keymaster_attestation@1.0.so ./vendor/lib/vendor.mediatek.hardware.keymaster_attestation@1.1.so ./vendor/lib/hw/vendor.mediatek.hardware.keymaster_attestation@1.1-impl.so ./vendor/bin/hw/vendor.mediatek.hardware.keymaster_attestation@1.1-service

問: 明明只是開啟beanpod的keymaster,為什么還會編譯出純軟的keymaster(libkeymaster4.so)?
答: 那是因為在編譯beandpod的android.hardware.keymaster@4.0-service.beanpod時,依賴了這些庫,所有這些庫也會跟著編譯

shared_libs: ["liblog","libcutils","libdl","libbase","libutils","libhardware","libhidlbase","libkeymaster_messages","libkeymaster4","android.hardware.keymaster@4.0","libTEECommon",],

總結

以上是生活随笔為你收集整理的Android keymaster4.0- device集成笔记的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯,歡迎將生活随笔推薦給好友。