RebootEscrow HAL: testing with secure implementations
To test implementations that use TEE keymaster with EARLY_BOOT_ONLY
keys, it is required that the "earlyBootEnded" call in vold should be
removed before they will pass. Mark those tests as DISABLED_... and
include a comment and README indicating what needs to be done.
Bug: 159513354
Bug: 158964050
Test: atest VtsHalRebootEscrowTargetTest
Change-Id: Ie12969c0353ff42202b3dfcfa0be87ba3442e5d3
diff --git a/rebootescrow/aidl/vts/functional/README.md b/rebootescrow/aidl/vts/functional/README.md
new file mode 100644
index 0000000..9ae5caf
--- /dev/null
+++ b/rebootescrow/aidl/vts/functional/README.md
@@ -0,0 +1,7 @@
+Many of the tests in this directory may require that TEE Keymaster
+"EARLY_BOOT_ONLY" keys be usable when this test runs. In order to accomplish
+this, a build of "vold" that omits the call to "earlyBootEnded()" function
+should be made. Then these DISABLED tests may be run successfully.
+
+The CTS test ResumeOnRebootHostTests will test the functionality without a
+special build.
diff --git a/rebootescrow/aidl/vts/functional/VtsHalRebootEscrowTargetTest.cpp b/rebootescrow/aidl/vts/functional/VtsHalRebootEscrowTargetTest.cpp
index cd8cc3e..809a3b5 100644
--- a/rebootescrow/aidl/vts/functional/VtsHalRebootEscrowTargetTest.cpp
+++ b/rebootescrow/aidl/vts/functional/VtsHalRebootEscrowTargetTest.cpp
@@ -60,7 +60,10 @@
};
};
-TEST_P(RebootEscrowAidlTest, StoreAndRetrieve_Success) {
+// This test assumes that it can retrieve keys immediately, but some
+// implementations use the TEE's EARLY_BOOT_ONLY keys. This means that the
+// earlyBootEnded() calls will need to be disabled to test this correctly.
+TEST_P(RebootEscrowAidlTest, DISABLED_StoreAndRetrieve_Success) {
SKIP_UNSUPPORTED;
ASSERT_TRUE(rebootescrow->storeKey(KEY_1).isOk());
@@ -70,7 +73,10 @@
EXPECT_EQ(actualKey, KEY_1);
}
-TEST_P(RebootEscrowAidlTest, StoreAndRetrieve_SecondRetrieveSucceeds) {
+// This test assumes that it can retrieve keys immediately, but some
+// implementations use the TEE's EARLY_BOOT_ONLY keys. This means that the
+// earlyBootEnded() calls will need to be disabled to test this correctly.
+TEST_P(RebootEscrowAidlTest, DISABLED_StoreAndRetrieve_SecondRetrieveSucceeds) {
SKIP_UNSUPPORTED;
ASSERT_TRUE(rebootescrow->storeKey(KEY_1).isOk());
@@ -83,7 +89,10 @@
EXPECT_EQ(actualKey, KEY_1);
}
-TEST_P(RebootEscrowAidlTest, StoreTwiceOverwrites_Success) {
+// This test assumes that it can retrieve keys immediately, but some
+// implementations use the TEE's EARLY_BOOT_ONLY keys. This means that the
+// earlyBootEnded() calls will need to be disabled to test this correctly.
+TEST_P(RebootEscrowAidlTest, DISABLED_StoreTwiceOverwrites_Success) {
SKIP_UNSUPPORTED;
ASSERT_TRUE(rebootescrow->storeKey(KEY_1).isOk());
@@ -94,7 +103,10 @@
EXPECT_EQ(actualKey, KEY_2);
}
-TEST_P(RebootEscrowAidlTest, StoreEmpty_AfterGetEmptyKey_Success) {
+// This test assumes that it can retrieve keys immediately, but some
+// implementations use the TEE's EARLY_BOOT_ONLY keys. This means that the
+// earlyBootEnded() calls will need to be disabled to test this correctly.
+TEST_P(RebootEscrowAidlTest, DISABLED_StoreEmpty_AfterGetEmptyKey_Success) {
SKIP_UNSUPPORTED;
rebootescrow->storeKey(KEY_1);
@@ -105,6 +117,12 @@
EXPECT_EQ(actualKey, EMPTY_KEY);
}
+TEST_P(RebootEscrowAidlTest, Store_Success) {
+ SKIP_UNSUPPORTED;
+
+ rebootescrow->storeKey(KEY_1);
+}
+
INSTANTIATE_TEST_SUITE_P(
RebootEscrow, RebootEscrowAidlTest,
testing::ValuesIn(android::getAidlHalInstanceNames(IRebootEscrow::descriptor)),