Home | History | Annotate | only in /system/iot/attestation/atap
Up to higher level directory
NameDateSize
.clang-format21-Aug-2018884
Android.mk21-Aug-20182.1K
libatap/21-Aug-2018
ops/21-Aug-2018
README.md21-Aug-20182.7K
test/21-Aug-2018

README.md

      1 # Android Things Attestation Provisioning Protocol: Version 1
      2 
      3 This directory contains an implementation of the Android Things
      4 attestation provisioning protocol intended for use with the Android
      5 Things fastboot commands "oem at-get-ca-request" and
      6 "oem set-ca-response".
      7 
      8 ## Introduction
      9 
     10 The `libatap` library provides reference code for the provisioning
     11 protocol that enables an Android Things Factory Applicance (ATFA) to
     12 provision a device with attestation product keys and a Cast
     13 authentication key. This library is intended to be used in TEEs on
     14 devices running Android Things. It has a simple abstraction for system
     15 dependencies (see `atap_sysdeps.h`) as well as operations that the
     16 platform is expected to implement (see `atap_ops.h`). The main entry
     17 points are `atap_get_ca_request()` and `atap_set_ca_response()`
     18 (see `libatap.h`).
     19 
     20 The version will only be bumped when protocol message formats change.
     21 
     22 ## Files and Directories
     23 
     24 * `libatap/`
     25     + An implementation of the provisioning protocol. This code is
     26       designed to be highly portable so it can be used in as many
     27       contexts as possible. This code requires a C99-compliant C
     28       compiler. System dependencies expected to be provided by the
     29       platform is defined in `atap_sysdeps.h`. If the platform
     30       provides the standard C runtime `atap_sysdeps_posix.c` can be used.
     31 * `Android.mk`
     32     + Build instructions for building libatap (a static library for use
     33       on the device), host-side libraries (for unit tests), and unit
     34       tests.
     35 * `test/`
     36     + Unit tests for `libatap`
     37 
     38 ## Audience and portability notes
     39 
     40 This code is intended to be used in TEEs in devices running
     41 Android Things. The suggested approach is to copy the appropriate
     42 header and C files mentioned in the previous section into the TEE an
     43 integrate as appropriate.
     44 
     45 This code can also be used in more general purpose bootloaders, but
     46 porting to a TEE is recommended since a TEE will typically have all
     47 the required crypto callbacks, and is the manager of the provisioned
     48 keys. If ported to a bootloader, the keys will still have to be passed
     49 from the bootloader to the TEE.
     50 
     51 The `libatap/` codebase may change over time so integration should be
     52 as non-invasive as possible. The intention is to keep the API of the
     53 library stable however it will be broken if necessary. As for
     54 portability, the library is intended to be highly portable, work on
     55 both little- and big-endian architectures and 32- and 64-bit. It's
     56 also intended to work in non-standard environments without the
     57 standard C library and runtime.
     58 
     59 If the `ATAP_ENABLE_DEBUG` preprocessor symbol is set, the code will
     60 include useful debug information and run-time checks. Production
     61 builds should not use this.
     62