Gitiles
Code Review Sign In
review.blissroms.org / platform_system_keymaster / 2865c2516a8741ea0ef89b731a8419880b09ea1d
commit2865c2516a8741ea0ef89b731a8419880b09ea1d[log] [tgz]
authorShawn Willden <swillden@google.com>Sat Jul 31 15:34:12 2021 -0600
committerShawn Willden <swillden@google.com>Wed Aug 11 10:34:16 2021 -0600
treeb8180dbcad93b4d420c7eaa1f07579075ebca627
parent644cd4d692a855e86630c0f1ecbb44dd360863a9 [diff]
Add key blob format that supports secure deletion

This CL adds a new key blob format that supports use of two additional
secrets in the derivation of key encryption keys, a "factory reset"
secret and a "secure deletion" secret.  Both secrets are intended to
be kept in secure, tamper-resistant storage.  The factory reset secret
is a single secret that is used in KEK derivation for all KM keys and
remains unchanged until the device is factory reset.  The secure
deletion secret is a per-key secret used to secure rollback resistant
and single-use keys.  When a rollback resistant key is deleted, or a
single-use key is used, the secure deletion secret must be erased.
This ensures that the key blob can never be decrypted.

The format doesn't specify the sizes of the factory reset and secure
deletion secrets, but they should provide significant entropy.

Bug: 187105270
Test: keymaster_tests
Change-Id: I64b36f631a4cc6f304cf2c6435c668fba9aa4377
Merged-In: I64b36f631a4cc6f304cf2c6435c668fba9aa4377
10 files changed
tree: b8180dbcad93b4d420c7eaa1f07579075ebca627
  1. android_keymaster/
  2. contexts/
  3. cppcose/
  4. include/
  5. key_blob_utils/
  6. km_openssl/
  7. legacy_support/
  8. ng/
  9. tests/
  10. .clang-format
  11. .gitignore
  12. Android.bp
  13. km0_sw_rsa_512.blob
  14. km1_sw_ecdsa_256.blob
  15. km1_sw_rsa_512.blob
  16. km1_sw_rsa_512_unversioned.blob
  17. METADATA
  18. MODULE_LICENSE_APACHE2
  19. NOTICE
  20. OWNERS
  21. PREUPLOAD.cfg
  22. sw_rsa_attest_root.key.pem
  23. valgrind.supp