1service system.keymint.rust-trusty.nonsecure \ 2 /system_ext/bin/hw/android.hardware.security.keymint-service.rust.trusty.system.nonsecure \ 3 --dev ${system.keymint.trusty_ipc_dev:-/dev/trusty-ipc-dev0} 4 disabled 5 user nobody 6 group drmrpc 7 # The keymint service is not allowed to restart. 8 # If it crashes, a device restart is required. 9 oneshot 10 11# Only starts the non-secure KeyMint HALs when the KeyMint VM feature is enabled 12# TODO(b/357821690): Start the KeyMint HALs when the KeyMint VM is ready once the Trusty VM 13# has a mechanism to notify the host. 14on late-fs && property:trusty.security_vm.keymint.enabled=1 && \ 15 property:trusty.security_vm.vm_cid=* 16 setprop system.keymint.trusty_ipc_dev VSOCK:${trusty.security_vm.vm_cid}:1 17 start system.keymint.rust-trusty.nonsecure 18