1 /*
2 * Copyright 2021, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "android.hardware.security.keymint-service.trusty"
18 #include <android-base/logging.h>
19 #include <android/binder_manager.h>
20 #include <android/binder_process.h>
21 #include <getopt.h>
22
23 #include <trusty_keymaster/TrustyKeyMintDevice.h>
24 #include <trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h>
25 #include <trusty_keymaster/TrustySecureClock.h>
26 #include <trusty_keymaster/TrustySharedSecret.h>
27 #include <trusty_keymaster/ipc/trusty_keymaster_ipc.h>
28
29 using aidl::android::hardware::security::keymint::trusty::TrustyKeyMintDevice;
30 using aidl::android::hardware::security::keymint::trusty::TrustyRemotelyProvisionedComponentDevice;
31 using aidl::android::hardware::security::secureclock::trusty::TrustySecureClock;
32 using aidl::android::hardware::security::sharedsecret::trusty::TrustySharedSecret;
33
34 template <typename T, class... Args>
addService(Args &&...args)35 std::shared_ptr<T> addService(Args&&... args) {
36 std::shared_ptr<T> service = ndk::SharedRefBase::make<T>(std::forward<Args>(args)...);
37 auto instanceName = std::string(T::descriptor) + "/default";
38 LOG(ERROR) << "Adding service instance: " << instanceName;
39 auto status = AServiceManager_addService(service->asBinder().get(), instanceName.c_str());
40 CHECK(status == STATUS_OK) << "Failed to add service " << instanceName;
41 return service;
42 }
43
44 static const char* _sopts = "hD:";
45 static const struct option _lopts[] = {
46 {"help", no_argument, 0, 'h'},
47 {"dev", required_argument, 0, 'D'},
48 {0, 0, 0, 0},
49 };
50
51 static const char* usage =
52 "Usage: %s [options]\n"
53 "\n"
54 "options:\n"
55 " -h, --help prints this message and exit\n"
56 " -D, --dev name Trusty device name\n"
57 "\n";
58
59 static const char* usage_long = "\n";
60
print_usage_and_exit(const char * prog,int code,bool verbose)61 static void print_usage_and_exit(const char* prog, int code, bool verbose) {
62 fprintf(stderr, usage, prog);
63 if (verbose) {
64 fprintf(stderr, "%s", usage_long);
65 }
66 exit(code);
67 }
68
parse_options(int argc,char ** argv)69 static void parse_options(int argc, char** argv) {
70 int c;
71 int oidx = 0;
72
73 while (1) {
74 c = getopt_long(argc, argv, _sopts, _lopts, &oidx);
75 if (c == -1) {
76 break; /* done */
77 }
78
79 switch (c) {
80 case 'D':
81 trusty_keymaster_set_dev_name(optarg);
82 break;
83
84 case 'h':
85 print_usage_and_exit(argv[0], EXIT_SUCCESS, true);
86 break;
87
88 default:
89 print_usage_and_exit(argv[0], EXIT_FAILURE, false);
90 }
91 }
92 }
93
main(int argc,char ** argv)94 int main(int argc, char** argv) {
95 parse_options(argc, argv);
96 auto trustyKeymaster = std::make_shared<keymaster::TrustyKeymaster>();
97 int err = trustyKeymaster->Initialize(keymaster::KmVersion::KEYMINT_3);
98 if (err != 0) {
99 LOG(FATAL) << "Could not initialize TrustyKeymaster for KeyMint (" << err << ")";
100 return -1;
101 }
102
103 // Zero threads seems like a useless pool but below we'll join this thread to it, increasing
104 // the pool size to 1.
105 ABinderProcess_setThreadPoolMaxThreadCount(0);
106
107 auto keyMint = addService<TrustyKeyMintDevice>(trustyKeymaster);
108 auto secureClock = addService<TrustySecureClock>(trustyKeymaster);
109 auto sharedSecret = addService<TrustySharedSecret>(trustyKeymaster);
110 auto remotelyProvisionedComponent =
111 addService<TrustyRemotelyProvisionedComponentDevice>(trustyKeymaster);
112 ABinderProcess_joinThreadPool();
113 return EXIT_FAILURE; // should not reach
114 }
115