1 # Android Things Attestation Provisioning Protocol: Version 1 2 3 This directory contains an implementation of the Android Things 4 attestation provisioning protocol intended for use with the Android 5 Things fastboot commands "oem at-get-ca-request" and 6 "oem set-ca-response". 7 8 ## Introduction 9 10 The `libatap` library provides reference code for the provisioning 11 protocol that enables an Android Things Factory Applicance (ATFA) to 12 provision a device with attestation product keys and a Cast 13 authentication key. This library is intended to be used in TEEs on 14 devices running Android Things. It has a simple abstraction for system 15 dependencies (see `atap_sysdeps.h`) as well as operations that the 16 platform is expected to implement (see `atap_ops.h`). The main entry 17 points are `atap_get_ca_request()` and `atap_set_ca_response()` 18 (see `libatap.h`). 19 20 The version will only be bumped when protocol message formats change. 21 22 ## Files and Directories 23 24 * `libatap/` 25 + An implementation of the provisioning protocol. This code is 26 designed to be highly portable so it can be used in as many 27 contexts as possible. This code requires a C99-compliant C 28 compiler. System dependencies expected to be provided by the 29 platform is defined in `atap_sysdeps.h`. If the platform 30 provides the standard C runtime `atap_sysdeps_posix.c` can be used. 31 * `Android.mk` 32 + Build instructions for building libatap (a static library for use 33 on the device), host-side libraries (for unit tests), and unit 34 tests. 35 * `test/` 36 + Unit tests for `libatap` 37 38 ## Audience and portability notes 39 40 This code is intended to be used in TEEs in devices running 41 Android Things. The suggested approach is to copy the appropriate 42 header and C files mentioned in the previous section into the TEE an 43 integrate as appropriate. 44 45 This code can also be used in more general purpose bootloaders, but 46 porting to a TEE is recommended since a TEE will typically have all 47 the required crypto callbacks, and is the manager of the provisioned 48 keys. If ported to a bootloader, the keys will still have to be passed 49 from the bootloader to the TEE. 50 51 The `libatap/` codebase may change over time so integration should be 52 as non-invasive as possible. The intention is to keep the API of the 53 library stable however it will be broken if necessary. As for 54 portability, the library is intended to be highly portable, work on 55 both little- and big-endian architectures and 32- and 64-bit. It's 56 also intended to work in non-standard environments without the 57 standard C library and runtime. 58 59 If the `ATAP_ENABLE_DEBUG` preprocessor symbol is set, the code will 60 include useful debug information and run-time checks. Production 61 builds should not use this. 62
