1*4d7e907cSAndroid Build Coastguard Worker# IHDCPAuthControl as a Trusted HAL service 2*4d7e907cSAndroid Build Coastguard Worker 3*4d7e907cSAndroid Build Coastguard WorkerIHDCPAuthControl is expected to be a service implemented in a TEE. 4*4d7e907cSAndroid Build Coastguard WorkerWe provide a default reference implementation and its integration in Trusty 5*4d7e907cSAndroid Build Coastguard Workeras an example. 6*4d7e907cSAndroid Build Coastguard Worker 7*4d7e907cSAndroid Build Coastguard WorkerThe VTS test for a Trusted HAL service ought to run in the VM. 8*4d7e907cSAndroid Build Coastguard WorkerWe provide an integration of the VTS test in a Trusty VM, 9*4d7e907cSAndroid Build Coastguard Workerand later in a Microdroid VM (b/380632474). 10*4d7e907cSAndroid Build Coastguard Worker 11*4d7e907cSAndroid Build Coastguard WorkerThis interface shall not be exposed to the host and thus shall be part of 12*4d7e907cSAndroid Build Coastguard Workerthe list of excluded interfaces from 13*4d7e907cSAndroid Build Coastguard Worker[compatibility_matrices/exclude/fcm_exclude.cpp](../../../compatibility_matrices/exclude/fcm_exclude.cpp) 14*4d7e907cSAndroid Build Coastguard Worker 15*4d7e907cSAndroid Build Coastguard Worker## 1. Mock Implementation 16*4d7e907cSAndroid Build Coastguard Worker 17*4d7e907cSAndroid Build Coastguard WorkerThe mock implementation under default/src/lib.rs is expected to be integrated in a 18*4d7e907cSAndroid Build Coastguard WorkerTEE. For AOSP testing we offer two virtual device testing options: 19*4d7e907cSAndroid Build Coastguard Worker 20*4d7e907cSAndroid Build Coastguard Worker- Cuttlefish AVD, where the reference implementation is integrated in an AVF VM, emulating a TEE. 21*4d7e907cSAndroid Build Coastguard Worker- Trusty QEMU AVD, where the reference implementation is integrated in a Trusty TEE image (executed in secure world) 22*4d7e907cSAndroid Build Coastguard Worker 23*4d7e907cSAndroid Build Coastguard Worker### 1.1. Cuttlefish: Integrate in an AVF HAL pVM (Trusty) 24*4d7e907cSAndroid Build Coastguard Worker 25*4d7e907cSAndroid Build Coastguard WorkerIn Cuttlefish, we emulate a TEE with an AVF Trusty pVM. 26*4d7e907cSAndroid Build Coastguard WorkerThe VM2TZ IPC is emulated with a vsock port forward utility (b/379582767). 27*4d7e907cSAndroid Build Coastguard Worker 28*4d7e907cSAndroid Build Coastguard WorkerUntil vsock port forwarding is supported, the trusty_test_vm is used temporarily. 29*4d7e907cSAndroid Build Coastguard Worker(VTS tests and HAL implementation will be in same pVM). 30*4d7e907cSAndroid Build Coastguard Worker 31*4d7e907cSAndroid Build Coastguard WorkerTODO: complete when trusty_hal_vm is created 32*4d7e907cSAndroid Build Coastguard Worker 33*4d7e907cSAndroid Build Coastguard WorkerIn order to add the mock HdcpAuthControlService to the trusty_test_vm, make sure 34*4d7e907cSAndroid Build Coastguard Workerthat `hardware/interfaces/security/see/hdcp/default` is added to the 35*4d7e907cSAndroid Build Coastguard Workertrusty_test_vm makefile, by adding it to 36*4d7e907cSAndroid Build Coastguard Worker[trusty/device/x86/generic-x86_64/project/generic-x86_64-inc.mk](../../../../../trusty/device/x86/generic-x86_64/project/generic-x86_64-inc.mk) 37*4d7e907cSAndroid Build Coastguard Worker 38*4d7e907cSAndroid Build Coastguard Worker### 1.2. Trusty QEMU AVD: Integrate as a TA in Trusty TEE 39*4d7e907cSAndroid Build Coastguard Worker 40*4d7e907cSAndroid Build Coastguard WorkerIn order to add the mock HdcpAuthControlService to the Trusty TEE, make sure 41*4d7e907cSAndroid Build Coastguard Workerthat `hardware/interfaces/security/see/hdcp/default` is added to 42*4d7e907cSAndroid Build Coastguard Worker[trusty/device/arm/generic-arm64/project/generic-arm-inc.mk](../../../../../trusty/device/arm/generic-arm64/project/generic-arm-inc.mk) 43*4d7e907cSAndroid Build Coastguard Worker 44*4d7e907cSAndroid Build Coastguard Worker 45*4d7e907cSAndroid Build Coastguard Worker## 2. VTS Tests 46*4d7e907cSAndroid Build Coastguard Worker 47*4d7e907cSAndroid Build Coastguard WorkerIHdcpAuthControl service is expected to only be exposed to AVF pVM. 48*4d7e907cSAndroid Build Coastguard Worker 49*4d7e907cSAndroid Build Coastguard WorkerThe VTS tests shall verify: 50*4d7e907cSAndroid Build Coastguard Worker 51*4d7e907cSAndroid Build Coastguard Worker- IHdcpAuthControl cannot be accessed from the Android Host: 52*4d7e907cSAndroid Build Coastguard Worker 53*4d7e907cSAndroid Build Coastguard Worker see [aidl/vts/src/host_test.rs](aidl/vts/host_test.rs) 54*4d7e907cSAndroid Build Coastguard Worker 55*4d7e907cSAndroid Build Coastguard Worker- IHdcpAuthControl can be accessed from an AVF pVM: 56*4d7e907cSAndroid Build Coastguard Worker 57*4d7e907cSAndroid Build Coastguard Worker see [aidl/vts/src/vm_test.rs](aidl/vts/src/vm_test.rs) 58*4d7e907cSAndroid Build Coastguard Worker see [aidl/vts/AndroidTest.xml](aidl/vts/AndroidTest.xml) 59*4d7e907cSAndroid Build Coastguard Worker 60*4d7e907cSAndroid Build Coastguard Worker 61*4d7e907cSAndroid Build Coastguard WorkerTo integrate the VTS test in the trusty_test_vm: 62*4d7e907cSAndroid Build Coastguard Worker 63*4d7e907cSAndroid Build Coastguard Worker1. 64*4d7e907cSAndroid Build Coastguard Worker1. add the test to [hardware/interfaces/security/see/usertests-rust-inc.mk](../usertests-rust-inc.mk) 65*4d7e907cSAndroid Build Coastguard Worker 66