e3q: Somewhat fix keymint

Change-Id: Ie08073141aeecb7985ecc713074623a6f8b0ac1f

BoardConfig.mk

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 
-#BUILD_BROKEN_DUP_RULES := true
+BUILD_BROKEN_DUP_RULES := true
 #BUILD_BROKEN_ELF_PREBUILT_PRODUCT_COPY_FILES := true
 #BUILD_BROKEN_INCORRECT_PARTITION_IMAGES := true
 

extract-files.py

@@ -55,10 +55,7 @@ lib_fixups: lib_fixups_user_type = {
 
 
 blob_fixups: blob_fixups_user_type = {
-        #('vendor/bin/hw/vendor.qti.hardware.display.composer-service', 'vendor/lib64/vendor.qti.hardware.display.composer3-V1-ndk.so'): blob_fixup()
+    ('vendor/bin/hw/android.hardware.security.keymint-service-spu-qti', 'vendor/bin/hw/android.hardware.security.keymint-service', 'vendor/lib64/libhyper.so', 'vendor/lib64/libspukeymintdeviceutils.so', 'vendor/lib64/hw/gatekeeper.mdfpp.so', 'vendor/lib64/libcppcose_rkp.so', 'vendor/lib64/libspukeymint.so', 'vendor/lib64/libhermes.so', 'vendor/lib64/libese-grdg.so', 'vendor/lib64/libspukeymintutils.so', 'vendor/lib64/libskeymint10device.so', 'vendor/lib64/liblbs_core.so', 'vendor/lib64/liboemcrypto.so', 'vendor/lib64/libwifi-hal-qcom.so', 'vendor/lib64/libpuresoftkeymasterdevice.so', 'vendor/lib64/libpal_net_if.so', 'vendor/lib64/libsfp_sensor.so', 'vendor/lib64/libkeystore-engine-wifi-hidl.so', 'vendor/lib64/libkeymaster_portable.so', 'vendor/lib64/mediacas/libclearkeycasplugin.so', 'vendor/lib64/libqcc_sdk.so', 'vendor/lib64/libdk_vnd_service_core.so', 'vendor/lib64/libwifi-hal.so', 'vendor/lib64/libtlpd_crypto.so', 'vendor/lib64/libsec-ril.so', 'vendor/lib64/libcppbor_external.so', 'vendor/lib64/libucm_tlc_tz_esecomm.so', 'vendor/lib64/libqms.so', 'vendor/lib64/libskeymint_cli.so', 'vendor/lib64/libengmode15.so', 'vendor/lib64/libkeymaster4_1support.so', 'vendor/lib64/libizat_core.so', 'vendor/lib64/libspcom.so', 'vendor/lib64/libFaceService.so', 'vendor/lib64/uwb_uci.hal.so', 'vendor/lib64/libnicm_utils.so', 'vendor/lib64/mediadrm/libdrmclearkeyplugin.so', 'vendor/lib64/libkeymaster4support.so', 'vendor/lib64/libsdmextension.so'
-        #    .replace_needed('android.hardware.graphics.composer3-V2-ndk.so', 'android.hardware.graphics.composer3-V3-ndk.so')
-        #    .replace_needed('vendor.qti.hardware.display.config-V8-ndk.so', 'vendor.qti.hardware.display.config-V11-ndk.so'),
-    ('vendor/lib64/libhyper.so', 'vendor/lib64/libspukeymintdeviceutils.so', 'vendor/lib64/hw/gatekeeper.mdfpp.so', 'vendor/lib64/libcppcose_rkp.so', 'vendor/lib64/libspukeymint.so', 'vendor/lib64/libhermes.so', 'vendor/lib64/libese-grdg.so', 'vendor/lib64/libspukeymintutils.so', 'vendor/lib64/libskeymint10device.so', 'vendor/lib64/liblbs_core.so', 'vendor/lib64/liboemcrypto.so', 'vendor/lib64/libwifi-hal-qcom.so', 'vendor/lib64/libpuresoftkeymasterdevice.so', 'vendor/lib64/libpal_net_if.so', 'vendor/lib64/libsfp_sensor.so', 'vendor/lib64/libkeystore-engine-wifi-hidl.so', 'vendor/lib64/libkeymaster_portable.so', 'vendor/lib64/mediacas/libclearkeycasplugin.so', 'vendor/lib64/libqcc_sdk.so', 'vendor/lib64/libdk_vnd_service_core.so', 'vendor/lib64/libwifi-hal.so', 'vendor/lib64/libtlpd_crypto.so', 'vendor/lib64/libsec-ril.so', 'vendor/lib64/libcppbor_external.so', 'vendor/lib64/libucm_tlc_tz_esecomm.so', 'vendor/lib64/libqms.so', 'vendor/lib64/libskeymint_cli.so', 'vendor/lib64/libengmode15.so', 'vendor/lib64/libkeymaster4_1support.so', 'vendor/lib64/libizat_core.so', 'vendor/lib64/libspcom.so', 'vendor/lib64/libFaceService.so', 'vendor/lib64/uwb_uci.hal.so', 'vendor/lib64/libnicm_utils.so', 'vendor/lib64/mediadrm/libdrmclearkeyplugin.so', 'vendor/lib64/libkeymaster4support.so', 'vendor/lib64/libsdmextension.so'
 ): blob_fixup()
         .replace_needed('libcrypto.so', 'libcrypto-v33.so')
         .replace_needed('libcppbor_external.so', 'libcppbor.so')

proprietary-files.txt

@@ -142,9 +142,6 @@ vendor/lib64/libdiag.so
 # Display
 vendor/bin/qdcmss
 vendor/etc/clstc_config_library.xml
-vendor/etc/display/DPU9__.xml
-vendor/etc/display/advanced_sf_offsets.xml
-vendor/etc/display/thermallevel_to_fps.xml
 vendor/etc/init/qdcmss.rc
 vendor/etc/snapdragon_color_libs_config.xml
 vendor/lib64/hw/vulkan.adreno.so
@@ -161,6 +158,7 @@ vendor/lib64/libhdradaptivecustom.so
 vendor/lib64/libhdrdynamic.so
 vendor/lib64/libhdrdynamicootf.so
 vendor/lib64/libintervmipc.so
+vendor/lib64/liblearningmodule.so
 vendor/lib64/libmemutils.so
 vendor/lib64/libmm-hdcpmgr.so
 vendor/lib64/libops.so
@@ -169,7 +167,6 @@ vendor/lib64/libqdcm-json-mode-parser.so
 vendor/lib64/libqdcm-mode-parser.so
 vendor/lib64/libqrtrclient.so
 vendor/lib64/libqseed3.so
-vendor/lib64/libqti-perfd-client.so
 vendor/lib64/libsdm-color.so
 vendor/lib64/libsdm-colormgr-algo.so
 vendor/lib64/libsdm-disp-vndapis.so
@@ -224,6 +221,16 @@ vendor/lib64/vendor.qti.hardware.dpmaidlservice-V1-ndk.so
 vendor/lib64/vendor.qti.hardware.dpmservice@1.0.so
 vendor/lib64/vendor.qti.hardware.dpmservice@1.1.so
 
+# DRK
+vendor/bin/hw/vendor.samsung.hardware.security.drk-service
+vendor/bin/hw/vendor.samsung.hardware.security.drk@2.0-service
+vendor/etc/init/vendor.samsung.hardware.security.drk-service.rc
+vendor/etc/vintf/manifest/drk_manifest.xml
+vendor/lib64/libdk_vnd_service_core.so
+vendor/lib64/libvkmanager_vendor.so
+vendor/lib64/vendor.samsung.hardware.security.drk-V1-ndk.so
+vendor/lib64/vendor.samsung.hardware.security.drk@2.0.so
+
 # DRM
 vendor/lib64/libcpion.so
 vendor/lib64/liboemcrypto.so
@@ -399,15 +406,27 @@ vendor/lib64/libllvm-glnext.so
 vendor/lib64/libllvm-qcom.so
 vendor/lib64/libllvm-qgl.so
 
-# Keymaster
+# Hermes
-vendor/bin/vendor.samsung.hardware.security.fkeymaster-service
+vendor/bin/hermesd
-vendor/etc/init/vendor.samsung.hardware.security.fkeymaster-service.rc
+vendor/bin/hw/vendor.samsung.hardware.security.hermes-service
-vendor/etc/vintf/manifest/vendor.samsung.hardware.security.fkeymaster-service.xml
+vendor/etc/init/hermesd.rc
-vendor/lib64/vendor.samsung.hardware.security.fkeymaster-V1-ndk.so
+vendor/etc/init/vendor.samsung.hardware.security.hermes.rc
+vendor/etc/vintf/manifest/vendor.samsung.hardware.security.hermes.xml
+vendor/lib64/libese-grdg.so
+vendor/lib64/libhermes.so
+vendor/lib64/libhermes_bdbridge.so
+vendor/lib64/libhermes_cred.so
+vendor/lib64/libhwvault.so
+vendor/lib64/libisosechw.so
+vendor/lib64/libshctrl.so
+vendor/lib64/vendor.samsung.hardware.security.hermes-V1-ndk.so
 
 # Memory
 vendor/lib64/libvmmem.so
 
+# PASR
+vendor/lib64/vendor.qti.memory.pasrmanager-V1-ndk.so
+
 # Perf
 vendor/bin/hw/vendor.qti.hardware.perf2-hal-service
 vendor/etc/init/vendor.qti.hardware.perf2-hal-service.rc
@@ -426,7 +445,10 @@ vendor/etc/powerhint.xml
 vendor/etc/vintf/manifest/vendor.qti.hardware.perf2.xml
 vendor/lib64/libperfconfig.so
 vendor/lib64/libperfgluelayer.so
+vendor/lib64/libperfioctl.so
 vendor/lib64/libq-perflog.so
+vendor/lib64/libqti-perfd-client.so
+vendor/lib64/libqti-perfd.so
 vendor/lib64/libqti-util.so
 vendor/lib64/vendor.qti.hardware.perf2-V1-ndk.so
 
@@ -468,15 +490,24 @@ vendor/lib64/libsecril-client.so;MODULE_SUFFIX=_vendor
 
 # Secure element
 vendor/bin/hw/android.hardware.secure_element-service.nxp
-
-# Secure element (power manager)
 vendor/lib64/vendor.qti.esepowermanager@1.0.so
 
 # Security
 vendor/bin/hw/android.hardware.security.keymint-service
 vendor/bin/hw/android.hardware.security.keymint-service-spu-qti
 vendor/etc/init/android.hardware.security.keymint-service-spu-qti.rc
-vendor/lib64/libhermes_cred.so
+vendor/etc/init/android.hardware.security.keymint-service.rc
+vendor/lib64/android.hardware.keymaster-V4-ndk.so;MODULE_SUFFIX=_vendor
+vendor/lib64/android.hardware.keymaster@3.0.so;MODULE_SUFFIX=_vendor
+vendor/lib64/android.hardware.keymaster@4.0.so;MODULE_SUFFIX=_vendor
+vendor/lib64/android.hardware.keymaster@4.1.so;MODULE_SUFFIX=_vendor
+vendor/lib64/android.hardware.security.keymint-V1-ndk.so;MODULE_SUFFIX=_vendor
+vendor/lib64/android.hardware.security.keymint-V3-ndk.so;MODULE_SUFFIX=_vendor
+vendor/lib64/libkeymaster4_1support.so;MODULE_SUFFIX=_vendor
+vendor/lib64/libkeymaster4support.so;MODULE_SUFFIX=_vendor
+vendor/lib64/libkeymaster_messages.so;MODULE_SUFFIX=_vendor
+vendor/lib64/libkeymaster_portable.so;MODULE_SUFFIX=_vendor
+vendor/lib64/libpuresoftkeymasterdevice.so;MODULE_SUFFIX=_vendor
 vendor/lib64/libsec_esek.so
 vendor/lib64/libsec_semHalTlc.so
 vendor/lib64/libskeymint10device.so
@@ -486,12 +517,22 @@ vendor/lib64/libspukeymint.so
 vendor/lib64/libspukeymintdeviceutils.so
 vendor/lib64/libspukeymintutils.so
 vendor/lib64/vendor.samsung.hardware.keymint-V3-ndk.so
+vendor/lib64/vendor.samsung.hardware.security.fkeymaster-V1-ndk.so
 
 # SMC Invoke
 vendor/lib64/libminkdescriptor.so
 vendor/lib64/libminksocket_vendor.so
 vendor/lib64/libqcbor.so
 
+# TEE
+vendor/lib64/libGPMTEEC_vendor.so
+vendor/lib64/libGPTEE_vendor.so
+vendor/lib64/libsfp_teegw.so
+vendor/lib64/vendor.qti.hardware.qteeconnector@1.0.so
+
+# Thermal
+vendor/lib64/libthermalclient.so
+
 # Time services
 vendor/app/TimeService/TimeService.apk
 vendor/bin/time_daemon

rootdir/etc/fstab.qcom

@@ -43,8 +43,7 @@ vendor_dlkm                                             /vendor_dlkm           e
 system_dlkm                                             /system_dlkm           ext4    ro                                                 avb,wait,logical,first_stage_mount
 odm                                                     /odm                   ext4    ro                                                 avb,wait,logical,first_stage_mount
 /dev/block/by-name/metadata                             /metadata              f2fs    noatime,nosuid,nodev,discard,sync,fsync_mode=strict,data_flush    wait,check,formattable,wrappedkey,first_stage_mount
-/dev/block/bootdevice/by-name/userdata                  /data                  f2fs    noatime,nosuid,nodev,discard,usrquota,grpquota,fsync_mode=nobarrier,reserve_root=32768,resgid=5678    latemount,wait,check,formattable,quota,reservedsize=128M,sysfs_path=/sys/devices/platform/soc/1d84000.ufshc,checkpoint=fs,fscompress
+/dev/block/bootdevice/by-name/userdata                  /data                  f2fs    noatime,nosuid,nodev,discard,usrquota,grpquota,fsync_mode=nobarrier,reserve_root=32768,resgid=5678,inlinecrypt    latemount,wait,check,formattable,fileencryption=aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized+wrappedkey_v0,keydirectory=/metadata/vold/metadata_encryption,metadata_encryption=aes-256-xts:wrappedkey_v0,quota,reservedsize=128M,sysfs_path=/sys/devices/platform/soc/1d84000.ufshc,checkpoint=fs,fscompress
-#/dev/block/bootdevice/by-name/userdata                  /data                  f2fs    noatime,nosuid,nodev,discard,usrquota,grpquota,fsync_mode=nobarrier,reserve_root=32768,resgid=5678,inlinecrypt    latemount,wait,check,formattable,fileencryption=aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized+wrappedkey_v0,keydirectory=/metadata/vold/metadata_encryption,metadata_encryption=aes-256-xts:wrappedkey_v0,quota,reservedsize=128M,sysfs_path=/sys/devices/platform/soc/1d84000.ufshc,checkpoint=fs,fscompress
 /dev/block/bootdevice/by-name/cache                     /cache                 ext4    noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic      wait,check
 /dev/block/bootdevice/by-name/persist                   /mnt/vendor/persist    ext4    noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic      wait,check
 /dev/block/bootdevice/by-name/misc                      /misc                  emmc    defaults                                           defaults,first_stage_mount

vintf/manifest_pineapple.xml

@@ -273,11 +273,20 @@ SPDX-License-Identifier: BSD-3-Clause-Clear
     <hal format="aidl" optional="true">
         <name>android.hardware.security.keymint</name>
         <version>3</version>
+        <fqname>IKeyMintDevice/default</fqname>
         <fqname>IKeyMintDevice/strongbox</fqname>
     </hal>
     <hal format="aidl" optional="true">
         <name>android.hardware.security.keymint</name>
         <version>3</version>
-        <fqname>IRemotelyProvisionedComponent/strongbox</fqname>
+        <fqname>IRemotelyProvisionedComponent/default</fqname>
+    </hal>
+    <hal format="aidl" override="true">
+        <name>android.hardware.security.secureclock</name>
+        <fqname>ISecureClock/default</fqname>
+    </hal>
+    <hal format="aidl" override="true">
+        <name>android.hardware.security.sharedsecret</name>
+        <fqname>ISharedSecret/default</fqname>
     </hal>
 </manifest>