}
void Keymaster::earlyBootEnded() {
- auto error = mDevice->earlyBootEnded();
- if (!error.isOk()) {
- LOG(ERROR) << "earlyBootEnded failed: " << error.description();
- }
- km::V4_1_ErrorCode km_error = error;
- if (km_error != km::V4_1_ErrorCode::OK && km_error != km::V4_1_ErrorCode::UNIMPLEMENTED) {
- LOG(ERROR) << "Error reporting early boot ending to keymaster: " << int32_t(km_error);
+ auto devices = KmDevice::enumerateAvailableDevices();
+ for (auto& dev : devices) {
+ auto error = dev->earlyBootEnded();
+ if (!error.isOk()) {
+ LOG(ERROR) << "earlyBootEnded call failed: " << error.description() << " for "
+ << dev->halVersion().keymasterName;
+ }
+ km::V4_1_ErrorCode km_error = error;
+ if (km_error != km::V4_1_ErrorCode::OK && km_error != km::V4_1_ErrorCode::UNIMPLEMENTED) {
+ LOG(ERROR) << "Error reporting early boot ending to keymaster: "
+ << static_cast<int32_t>(km_error) << " for "
+ << dev->halVersion().keymasterName;
+ }
}
}
km::AuthorizationSet* outParams);
bool isSecure();
- // Tell Keymaster that early boot has ended and early boot-only keys can no longer be created or
- // used.
- void earlyBootEnded();
+ // Tell all Keymaster instances that early boot has ended and early boot-only keys can no longer
+ // be created or used.
+ static void earlyBootEnded();
private:
sp<KmDevice> mDevice;
}
static bool mount_via_fs_mgr(const char* mount_point, const char* blk_device) {
- // We're about to mount data not verified by verified boot. Tell Keymaster that early boot has
- // ended.
- //
- // TODO(paulcrowley): Make a Keymaster singleton or something, so we don't have to repeatedly
- // open and initialize the service.
- ::android::vold::Keymaster keymaster;
- keymaster.earlyBootEnded();
+ // We're about to mount data not verified by verified boot. Tell Keymaster instances that early
+ // boot has ended.
+ ::android::vold::Keymaster::earlyBootEnded();
// fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
// partitions in the fsck domain.
OSDN Git Service
