TrustyKeyMint: support boot, vendor patchlevels

- Invoke TrustyKeymaster::ConfigureVendorPatchlevel() from
   remote keymint Initialize(), using vendor patchlevel retrieved
   from property.
 - Add TrustyKeymaster::ConfigureVendorPatchlevel() method to
   send the CONFIGURE_VENDOR_PATCHLEVEL message.
 - Add message type values for
   CONFIGURE_{VENDOR,BOOT}_PATCHLEVEL messages.

Test: pending device availability
Change-Id: Ie42345112b08ef9c669535cef2de60ea77da15b4

trusty/keymaster/TrustyKeymaster.cpp

@@ -79,6 +79,16 @@ int TrustyKeymaster::Initialize(KmVersion version) {
         return -1;
     }
 
+    // Set the vendor patchlevel to value retrieved from system property (which
+    // requires SELinux permission).
+    ConfigureVendorPatchlevelRequest vendor_req(message_version());
+    vendor_req.vendor_patchlevel = GetVendorPatchlevel();
+    ConfigureVendorPatchlevelResponse vendor_rsp = ConfigureVendorPatchlevel(vendor_req);
+    if (vendor_rsp.error != KM_ERROR_OK) {
+        LOG(ERROR) << "Failed to configure keymaster vendor patchlevel: " << vendor_rsp.error;
+        // Don't fail if this message isn't understood.
+    }
+
     return 0;
 }
 
@@ -262,4 +272,11 @@ DeviceLockedResponse TrustyKeymaster::DeviceLocked(const DeviceLockedRequest& re
     return response;
 }
 
+ConfigureVendorPatchlevelResponse TrustyKeymaster::ConfigureVendorPatchlevel(
+        const ConfigureVendorPatchlevelRequest& request) {
+    ConfigureVendorPatchlevelResponse response(message_version());
+    ForwardCommand(KM_CONFIGURE_VENDOR_PATCHLEVEL, request, &response);
+    return response;
+}
+
 }  // namespace keymaster

trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h

@@ -64,6 +64,8 @@ class TrustyKeymaster {
     GetVersion2Response GetVersion2(const GetVersion2Request& request);
     EarlyBootEndedResponse EarlyBootEnded();
     DeviceLockedResponse DeviceLocked(const DeviceLockedRequest& request);
+    ConfigureVendorPatchlevelResponse ConfigureVendorPatchlevel(
+            const ConfigureVendorPatchlevelRequest& request);
 
     uint32_t message_version() const { return message_version_; }
 

trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h

@@ -58,6 +58,7 @@ enum keymaster_command : uint32_t {
     KM_DEVICE_LOCKED                = (30 << KEYMASTER_REQ_SHIFT),
     KM_GENERATE_RKP_KEY             = (31 << KEYMASTER_REQ_SHIFT),
     KM_GENERATE_CSR                 = (32 << KEYMASTER_REQ_SHIFT),
+    KM_CONFIGURE_VENDOR_PATCHLEVEL  = (33 << KEYMASTER_REQ_SHIFT),
 
     // Bootloader/provisioning calls.
     KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),
@@ -71,7 +72,8 @@ enum keymaster_command : uint32_t {
     KM_SET_PRODUCT_ID = (0x9000 << KEYMASTER_REQ_SHIFT),
     KM_CLEAR_ATTESTATION_CERT_CHAIN = (0xa000 << KEYMASTER_REQ_SHIFT),
     KM_SET_WRAPPED_ATTESTATION_KEY = (0xb000 << KEYMASTER_REQ_SHIFT),
-    KM_SET_ATTESTATION_IDS = (0xc000 << KEYMASTER_REQ_SHIFT)
+    KM_SET_ATTESTATION_IDS = (0xc000 << KEYMASTER_REQ_SHIFT),
+    KM_CONFIGURE_BOOT_PATCHLEVEL = (0xd000 << KEYMASTER_REQ_SHIFT),
 };
 
 #ifdef __ANDROID__