Google Attestation key(Qualcomm)
写入Key时通过Debug版本,开机进入主界面后,进行下面准备操作。
adb root
adb disable-verity
adb reboot
adb root
adb remountadb shell
device:/ # qseecom_sample_client v smplap64 14 1
Note: Command line arguments do not belong to legacy test
-------------------------------------------------------
WARNING!!! You are about to provision the RPMB key.
This is a ONE time operation and CANNOT be reversed.
-------------------------------------------------------
0 -> Provision Production key
1 -> Provision Test key
2 -> Check RPMB key provision status
-------------------------------------------------------
Select an option to proceed:
选择 1. Expected Result:
然退出 adb shell
RPMB key provisioning completed (If the device is not RPMB provisioned)
RPMB key provisioning failed (-1) (If the device is already provisioned)进行以下操作写入 Attestaion key,注意 Google keybox xml 文件替换为自己的(如果提示文 建夹创建失败 加上 –p )
adb shell mkdir /data/nativetest64/qti_keymaster_tests/
* adb shell mkdir –p /data/nativetest64/qti_keymaster_tests/adb push \abc\7551190900100.xml /data/nativetest64/qti_keymaster_tests/
adb shell
cd /data/nativetest64/qti_keymaster_tests/
LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox 00000000.xml 00000000 trueGoogle key换成对应自己的 xml 和 DeviceID
重启手机后,再升级为 User 版本。(注意升级成User版本时,不要 升级刷persist.img )
备注:
如果已经写入 Google key 成功后,直接升级了persist.img导致写入的 Google Key 被擦除,或再次写 Key 时出现错误,升级版本为 Debug 版本,可以按以下步骤进行重写入Google Key。
adb root
adb disable-verity
adb shell
qseecom_sample_client v smplap64 15 1 选择 y 执行擦除
adb reboot重启手机后,如果开机提示解密失败,按提示进入恢复出厂设置,再次执行写 Key 操作。
CTS 下面此项失败,错误信息为 Device does not support Device ID attestation
| Test | Result |
| com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement | fail |
arm64-v8a CtsDevicePolicyManagerTestCases
arm64-v8a CtsDevicePolicyManagerTestCases
com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement fail
com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement fail: java.lang.AssertionError: On-device tests failed:
com.android.cts.deviceandprofileowner.KeyManagementTest#testAllVariationsOfDeviceIdAttestation:
junit.framework.AssertionFailedError: Unexpected failure while generating key RSA with ID flags 8: java.lang.UnsupportedOperationException: Device does not support Device ID attestation.修改写Key时,最后为false, Use Command –
LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox 0000000000.xml 0000000000 false不支持Device ID时,同时需要检查移除配置”android.software.device_id_attestation.xml”文件
<!-- Feature for devices with Keymaster that support Device ID attestation. -->
<permissions>
<feature name="android.software.device_id_attestation" />
</permissions>
修改了还是测不过, 还是提示
fail: java.lang.AssertionError: On-device tests failed:
com.android.cts.deviceandprofileowner.KeyManagementTest#testAllVariationsOfDeviceIdAttestation:
junit.framework.AssertionFailedError: Unexpected failure while generating key RSA with ID flags 8: java.lang.UnsupportedOperationException: Device does not support Device ID attestation.