Assigned
Status Update
No update yet.
Comments
ty...@google.com
Prashant, do you have insight on what might happen here?
pa...@google.com
I am not sure whether the process followed for flashing GSI image is correct or not, but can the reporter confirm below properties are same before and after flashing GSI image?
ro.product.name_for_attestation: TB352XC
ro.product.model_for_attestation: TB352XC
ro.product.device_for_attestation: TB352XC
ro.product.manufacturer_for_attestation: LENOVO
ro.product.brand_for_attestation: Lenovo
ty...@google.com
ju...@gmail.com
Run
Description
Device Manufacturer: LENOVO
Device Brand and Device Model:Lenovo TB352XC
Android OS Version (Base OS version before installing GSI image): 14
Android OS Build Number (please input the full string): UGR1.231217.001.A1
STEPS TO REPRODUCE:
Google Attestation Key CSR Uploaded to Google before flashing gsi system.img
flashing gsi system.img
1 `adb reboot fastboot`
2 `fastboot -S 20M flash system system.img`
3 `fastboot reboot recovery`
3.1 select: `wipe data/factory reset`
3.2 select: `reboot system now`
GSI CTS CtsKeystoreTestCases test fail
```
java.lang.Exception: Unexpected failure while generating key.
In case of AOSP/GSI builds, system provided properties could be different from provisioned properties in KeyMaster/KeyMint. In such cases, make sure attestation specific properties (Build.*_FOR_ATTESTATION) are configured correctly.
at android.keystore.cts.KeyAttestationTest.testRsaAttestations(KeyAttestationTest.java:820)
at android.keystore.cts.KeyAttestationTest.testRsaAttestation(KeyAttestationTest.java:625)
... 8 trimmed
Caused by: java.security.ProviderException: Failed to generate key pair.
at android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:664)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:746)
at android.keystore.cts.KeyAttestationTest.generateKeyPair(KeyAttestationTest.java:1579)
at android.keystore.cts.KeyAttestationTest.testRsaAttestation(KeyAttestationTest.java:881)
at android.keystore.cts.KeyAttestationTest.testRsaAttestations(KeyAttestationTest.java:808)
... 10 more
Caused by: android.security.KeyStoreException: Unable to attest device ids (internal Keystore code: -66 message: system/security/keystore2/src/
Caused by:
0: system/security/keystore2/src/
1: Error::Km(r#CANNOT_ATTEST_IDS)) (public error code: 8 internal Keystore code: -66)
at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:386)
at android.security.KeyStoreSecurityLevel.handleExceptions(KeyStoreSecurityLevel.java:57)
at android.security.KeyStoreSecurityLevel.generateKey(KeyStoreSecurityLevel.java:145)
at android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:651)
```
GSI CTS report in attachment: GSI-KEY_20240227.zip
below is adb get system property
```
ro.product.model: GSI on ARM64
ro.product.device: generic_arm64
ro.product.manufacturer: unknown
ro.product.brand: Android
ro.product.imei:
ro.product.meid:
ro.product.name_for_attestation: TB352XC
ro.product.model_for_attestation: TB352XC
ro.product.device_for_attestation: TB352XC
ro.product.manufacturer_for_attestation: LENOVO
ro.product.brand_for_attestation: Lenovo
ro.product.imei_for_attestation:
ro.product.meid_for_attestation:
```
OBSERVED RESULTS:
GSI CTS CtsKeystoreTestCases test fail
EXPECTED RESULTS:
GSI CTS CtsKeystoreTestCases test pass