1 //
2 // Copyright (C) 2022 The Android Open-Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15
16 //! This module implements the HAL service for Keymint (Rust) in Trusty.
17 use clap::Parser;
18 use kmr_hal::{
19 extract_rsp, keymint, rpc, secureclock, send_hal_info, sharedsecret, SerializedChannel,
20 };
21 use log::{error, info, warn};
22 use std::{
23 ffi::CString,
24 ops::DerefMut,
25 panic,
26 sync::{Arc, Mutex},
27 };
28 use trusty::DEFAULT_DEVICE;
29
30 const TRUSTY_KEYMINT_RUST_SERVICE_NAME: &str = "com.android.trusty.keymint";
31
32 static SERVICE_INSTANCE: &str = "default";
33
34 static KM_SERVICE_NAME: &str = "android.hardware.security.keymint.IKeyMintDevice";
35 static RPC_SERVICE_NAME: &str = "android.hardware.security.keymint.IRemotelyProvisionedComponent";
36 static SECURE_CLOCK_SERVICE_NAME: &str = "android.hardware.security.secureclock.ISecureClock";
37 static SHARED_SECRET_SERVICE_NAME: &str = "android.hardware.security.sharedsecret.ISharedSecret";
38
39 /// Local error type for failures in the HAL service.
40 #[derive(Debug, Clone)]
41 struct HalServiceError(String);
42
43 #[derive(Debug)]
44 struct TipcChannel(trusty::TipcChannel);
45
46 impl SerializedChannel for TipcChannel {
47 const MAX_SIZE: usize = 4000;
execute(&mut self, serialized_req: &[u8]) -> binder::Result<Vec<u8>>48 fn execute(&mut self, serialized_req: &[u8]) -> binder::Result<Vec<u8>> {
49 self.0.send(serialized_req).map_err(|e| {
50 binder::Status::new_exception(
51 binder::ExceptionCode::TRANSACTION_FAILED,
52 Some(
53 &CString::new(format!(
54 "Failed to send the request via tipc channel because of {:?}",
55 e
56 ))
57 .unwrap(),
58 ),
59 )
60 })?;
61 let mut expect_more_msgs = true;
62 let mut full_rsp = Vec::new();
63 while expect_more_msgs {
64 let mut recv_buf = Vec::new();
65 self.0.recv(&mut recv_buf).map_err(|e| {
66 binder::Status::new_exception(
67 binder::ExceptionCode::TRANSACTION_FAILED,
68 Some(
69 &CString::new(format!(
70 "Failed to receive the response via tipc channel because of {:?}",
71 e
72 ))
73 .unwrap(),
74 ),
75 )
76 })?;
77 let current_rsp_content;
78 (expect_more_msgs, current_rsp_content) = extract_rsp(&recv_buf)?;
79 full_rsp.extend_from_slice(current_rsp_content);
80 }
81 Ok(full_rsp)
82 }
83 }
84
85 #[derive(Parser, Debug)]
86 struct Args {
87 /// Tipc device path
88 #[arg(short, long, default_value_t = DEFAULT_DEVICE.to_string())]
89 dev: String,
90 }
91
main()92 fn main() {
93 if let Err(HalServiceError(e)) = inner_main() {
94 panic!("HAL service failed: {:?}", e);
95 }
96 }
97
inner_main() -> Result<(), HalServiceError>98 fn inner_main() -> Result<(), HalServiceError> {
99 let args = Args::parse();
100 // Initialize Android logging.
101 android_logger::init_once(
102 android_logger::Config::default()
103 .with_tag("keymint-hal-trusty")
104 .with_max_level(log::LevelFilter::Info)
105 .with_log_buffer(android_logger::LogId::System),
106 );
107 // Redirect panic messages to logcat.
108 panic::set_hook(Box::new(|panic_info| {
109 error!("{}", panic_info);
110 }));
111
112 if cfg!(feature = "nonsecure") {
113 warn!("Non-secure Trusty KM HAL service is starting.");
114 } else {
115 info!("Trusty KM HAL service is starting.");
116 }
117
118 info!("Starting thread pool now.");
119 binder::ProcessState::start_thread_pool();
120
121 // Create connection to the TA
122 let connection =
123 trusty::TipcChannel::connect(args.dev.as_str(), TRUSTY_KEYMINT_RUST_SERVICE_NAME).map_err(
124 |e| {
125 HalServiceError(format!(
126 "Failed to connect to Trusty Keymint TA at {} because of {:?}.",
127 args.dev, e
128 ))
129 },
130 )?;
131 let tipc_channel = Arc::new(Mutex::new(TipcChannel(connection)));
132
133 #[cfg(feature = "nonsecure")]
134 {
135 // When the non-secure feature is enabled, retrieve root-of-trust information
136 // (with the exception of the verified boot key hash) from Android properties, and
137 // populate the TA with this information. On a real device, the bootloader should
138 // provide this data to the TA directly.
139 let boot_req = kmr_hal_nonsecure::get_boot_info();
140 info!("boot/HAL->TA: boot info is {:?}", boot_req);
141 kmr_hal::send_boot_info(tipc_channel.lock().unwrap().deref_mut(), boot_req)
142 .map_err(|e| HalServiceError(format!("Failed to send boot info: {:?}", e)))?;
143 // When the non-secure feature is enabled, also retrieve device ID information
144 // (except for IMEI/MEID values) from Android properties and populate the TA with
145 // this information. On a real device, a factory provisioning process would populate
146 // this information.
147 let attest_ids = kmr_hal_nonsecure::attestation_id_info();
148 if let Err(e) =
149 kmr_hal::send_attest_ids(tipc_channel.lock().unwrap().deref_mut(), attest_ids)
150 {
151 error!("Failed to send attestation ID info: {:?}", e);
152 }
153 info!("Successfully sent non-secure boot info and attestation IDs to the TA.");
154 }
155
156 // Register the Keymint service
157 let km_service = keymint::Device::new_as_binder(tipc_channel.clone());
158 let km_service_name = format!("{}/{}", KM_SERVICE_NAME, SERVICE_INSTANCE);
159 binder::add_service(&km_service_name, km_service.as_binder()).map_err(|e| {
160 HalServiceError(format!(
161 "Failed to register service {} because of {:?}.",
162 km_service_name, e
163 ))
164 })?;
165
166 // Register the Remotely Provisioned Component service
167 let rpc_service = rpc::Device::new_as_binder(tipc_channel.clone());
168 let rpc_service_name = format!("{}/{}", RPC_SERVICE_NAME, SERVICE_INSTANCE);
169 binder::add_service(&rpc_service_name, rpc_service.as_binder()).map_err(|e| {
170 HalServiceError(format!(
171 "Failed to register service {} because of {:?}.",
172 rpc_service_name, e
173 ))
174 })?;
175
176 // Register the Secure Clock service
177 let sclock_service = secureclock::Device::new_as_binder(tipc_channel.clone());
178 let sclock_service_name = format!("{}/{}", SECURE_CLOCK_SERVICE_NAME, SERVICE_INSTANCE);
179 binder::add_service(&sclock_service_name, sclock_service.as_binder()).map_err(|e| {
180 HalServiceError(format!(
181 "Failed to register service {} because of {:?}.",
182 sclock_service_name, e
183 ))
184 })?;
185
186 // Register the Shared Secret service
187 let ssecret_service = sharedsecret::Device::new_as_binder(tipc_channel.clone());
188 let ssecret_service_name = format!("{}/{}", SHARED_SECRET_SERVICE_NAME, SERVICE_INSTANCE);
189 binder::add_service(&ssecret_service_name, ssecret_service.as_binder()).map_err(|e| {
190 HalServiceError(format!(
191 "Failed to register service {} because of {:?}.",
192 ssecret_service_name, e
193 ))
194 })?;
195
196 // Send the HAL service information to the TA
197 send_hal_info(tipc_channel.lock().unwrap().deref_mut())
198 .map_err(|e| HalServiceError(format!("Failed to populate HAL info: {:?}", e)))?;
199
200 info!("Successfully registered KeyMint HAL services.");
201 info!("Joining thread pool now.");
202 binder::ProcessState::join_thread_pool();
203 info!("KeyMint HAL service is terminating."); // should not reach here
204 Ok(())
205 }
206