• State
  • Locked Locked
  • Replies 8 replies
  • Subscribers 99 subscribers
  • Views 351 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

SK-AM62P-LP: [Android Automotive] Keyguard lock-unlock not working in 10.00.00 Android Automotive

Libin Jose
Prodigy 190 points
Part Number: SK-AM62P-LP
Other Parts Discussed in Thread: 4428

Tool/software:

Dear Team,

I am using Android Automotive 10.00.00 SDK

https://software-dl.ti.com/processor-sdk-android/esd/AM62PX/10_00_00/docs/android/Overview.html

Steps I followed

On UI

1. Go to Settings App->Security->Profile Lock : Enable PIN = 1212

02-06 09:38:02.641   526  1557 I SyntheticPasswordManager: Creating LSKF-based protector da7211a8af23eea0 for user 0
02-06 09:38:02.644   526  1557 W SyntheticPasswordManager: Device does not support weaver
02-06 09:38:02.653   526  1557 I SyntheticPasswordManager: Enrolling LSKF for user 0 into Gatekeeper
02-06 09:38:02.721   526  1557 D SyntheticPasswordManager: Syncing Gatekeeper-based FRP credential tied to user 0
02-06 09:38:03.325   526  1557 I SyntheticPasswordManager: Destroying LSKF-based protector 24ee77afe1610a21 for user 0

On command line

adb shell input keyevent 223 ==> Enable sleep

adb shell input keyevent 224 ==> Enable wakeup

Screenshot

Adb log:

02-06 09:40:28.062   188   188 E optee_keymaster_hal: Cmd 4 returned error: -26
02-06 09:40:28.064   185   185 E keystore2: system/security/keystore2/src/error.rs:180 - system/security/keystore2/src/security_level.rs:358: Failed to begin operation.
02-06 09:40:28.064   185   185 E keystore2: 
02-06 09:40:28.064   185   185 E keystore2: Caused by:
02-06 09:40:28.064   185   185 E keystore2:     0: system/security/keystore2/src/security_level.rs:868
02-06 09:40:28.064   185   185 E keystore2:     1: system/security/keystore2/src/utils.rs:200: Calling km_op.
02-06 09:40:28.064   185   185 E keystore2:     2: Error::Km(r#KEY_USER_NOT_AUTHENTICATED)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: Failed to decrypt blob
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: android.security.keystore.UserNotAuthenticatedException: User not authenticated
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at android.security.keystore2.KeyStoreCryptoOperationUtils.getInvalidKeyException(KeyStoreCryptoOperationUtils.java:126)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at android.security.keystore2.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:152)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at android.security.keystore2.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:354)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:248)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2981)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at javax.crypto.Cipher.tryCombinations(Cipher.java:2892)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2797)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at javax.crypto.Cipher.chooseProvider(Cipher.java:774)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at javax.crypto.Cipher.init(Cipher.java:1289)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at javax.crypto.Cipher.init(Cipher.java:1224)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at com.android.server.locksettings.SyntheticPasswordCrypto.decrypt(SyntheticPasswordCrypto.java:73)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at com.android.server.locksettings.SyntheticPasswordCrypto.decryptBlob(SyntheticPasswordCrypto.java:178)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at com.android.server.locksettings.SyntheticPasswordManager.decryptSpBlob(SyntheticPasswordManager.java:1824)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at com.android.server.locksettings.SyntheticPasswordManager.unwrapSyntheticPasswordBlob(SyntheticPasswordManager.java:1572)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at com.android.server.locksettings.SyntheticPasswordManager.unlockLskfBasedProtector(SyntheticPasswordManager.java:1430)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at com.android.server.locksettings.LockSettingsService.doVerifyCredential(LockSettingsService.java:2197)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at com.android.server.locksettings.LockSettingsService.checkCredential(LockSettingsService.java:2104)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at com.android.internal.widget.ILockSettings$Stub.onTransact(ILockSettings.java:618)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at android.os.Binder.execTransactInternal(Binder.java:1358)
02-06 09:40:28.068   526  1061 E SyntheticPasswordCrypto: 	at android.os.Binder.execTransact(Binder.java:1304)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: FATAL EXCEPTION: AsyncTask #1
02-06 09:40:28.072  1083  1259 E AndroidRuntime: Process: com.android.systemui, PID: 1083
02-06 09:40:28.072  1083  1259 E AndroidRuntime: java.lang.RuntimeException: An error occurred while executing doInBackground()
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at android.os.AsyncTask$4.done(AsyncTask.java:415)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:381)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at java.util.concurrent.FutureTask.setException(FutureTask.java:250)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at java.util.concurrent.FutureTask.run(FutureTask.java:269)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at java.lang.Thread.run(Thread.java:1012)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: Caused by: java.lang.IllegalStateException: Failed to decrypt blob
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at android.os.Parcel.createExceptionOrNull(Parcel.java:3065)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at android.os.Parcel.createException(Parcel.java:3041)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at android.os.Parcel.readException(Parcel.java:3024)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at android.os.Parcel.readException(Parcel.java:2966)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at com.android.internal.widget.ILockSettings$Stub$Proxy.checkCredential(ILockSettings.java:1299)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at com.android.internal.widget.LockPatternUtils.checkCredential(LockPatternUtils.java:518)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at com.android.internal.widget.LockPatternChecker$2.doInBackground(LockPatternChecker.java:110)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at com.android.internal.widget.LockPatternChecker$2.doInBackground(LockPatternChecker.java:104)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at android.os.AsyncTask$3.call(AsyncTask.java:394)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at java.util.concurrent.FutureTask.run(FutureTask.java:264)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	... 4 more
02-06 09:40:28.072  1083  1259 E AndroidRuntime: Caused by: android.os.RemoteException: Remote stack trace:
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at com.android.server.locksettings.SyntheticPasswordCrypto.decryptBlob(SyntheticPasswordCrypto.java:186)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at com.android.server.locksettings.SyntheticPasswordManager.decryptSpBlob(SyntheticPasswordManager.java:1824)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at com.android.server.locksettings.SyntheticPasswordManager.unwrapSyntheticPasswordBlob(SyntheticPasswordManager.java:1572)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at com.android.server.locksettings.SyntheticPasswordManager.unlockLskfBasedProtector(SyntheticPasswordManager.java:1430)
02-06 09:40:28.072  1083  1259 E AndroidRuntime: 	at com.android.server.locksettings.LockSettingsService.doVerifyCredential(LockSettingsService.java:2197)

After this, even if I enter the correct password, I am not able to see the home screen. Every time, I enter the password the system again go back to the lock screen with above logs.

Could you please help us resolve the issue? Attached complete adb logs as well.

credential_log.txt

Best regards

Libin Jose.

  • 0
    TI__Intellectual 1635 points

    Hello Libin,

    We confirm that we can reproduce the issue on regular Android (tablet version) as well.

    We are investigating the issue and will keep you updated.

    Thank you for reporting thiss.

  • 0 in reply to Mattijs Korpershoek
    Prodigy 190 points

    Hi Mattijs,

    Any update? Can you also heck with disabling headless user/multi-user?

    Best regards

    Libin Jose

  • 0 in reply to Libin Jose
    TI__Intellectual 1635 points

    Hi Libin,

    The error arises from the TA computing the hmac to validate the authentication token.
    This is due to the computed hmac being different from the expected one.
    The error propagates as the user being unauthenticated.

    We are still investigating the root cause.

    Regards,
    Mattijs

  • 0 in reply to Mattijs Korpershoek
    Prodigy 190 points

    Dear Mattijs,

    Any update on the same?

    Best regards

    Libin Jose

  • 0 in reply to Libin Jose
    TI__Intellectual 2545 points

    Hi,

    we have a solution for you issue you can use to update TA binaires from this commit :
    https://gitlab.baylibre.com/baylibre/ti/android/aosp/vendor/ti/am62x/-/commit/5b81f052959250f3a2d1d3ad7a99fe8d16a89c4c

    it should fix you pinlock issue.

    this fix will be integrate in next release.

    Regards,
    Guillaume

  • 0 in reply to Guillaume La Roque
    Prodigy 190 points

    Dear Guillaume,

    We are using https://software-dl.ti.com/processor-sdk-android/esd/AM62PX/10_00_00/docs/android/Overview.html

    Version 10.00.00

    OS: Android

    Version: ti-android-14

    It seems, the above patch is for ti-android-15. Am I right?

    Do you mean that you will release the patch for this version? If so, can you please provide the patch for me?

    Best regards,

    Libin jose.

  • 0 in reply to Libin Jose
    TI__Intellectual 2545 points

    Hi,

    patch was for android 14 and 15 it's in secure part so not deps on android version.

    this patch will be included in next android 15 release so in 10.01.01
    it's already in public ti git : https://git.ti.com/cgit/android/external-kmgk/commit/?h=d-android15-release

    on android 14 you can use for kmgk source d-android15-release branch, it's not a problem normally.


    Guillaume

  • 0 in reply to Guillaume La Roque
    Prodigy 190 points

    Dear Guillaume,

    I applied you patch to our repo manifest

    ```bash

    @ -104,7 +104,7 @@
    <project name="OP-TEE/optee_os.git" path="ti-aosp-14/vendor/linaro/optee-os" remote="github" revision="12d7c4ee4642d2d761e39fbcf21a06fb77141dea" upstream="refs/tags/4.2.0" dest-branch="refs/tags/4.2.0" groups="ti"/>
    <project name="OP-TEE/optee_test.git" path="ti-aosp-14/external/optee_test" remote="github" revision="526d5bac1b65f907f67c05cd07beca72fbab88dd" upstream="refs/tags/4.2.0" dest-branch="refs/tags/4.2.0" groups="ti"/>
    <project name="android/device-ti-am62x-kernel" path="ti-aosp-14/device/ti/am62x-kernel" remote="git-ti-com" revision="6213cb9e5a319e0b635723d0404fac5ea0c5af6d" upstream="d-android14-release" dest-branch="d-android14-release" groups="device,ti"/>
    <project name="android/external-kmgk" path="ti-aosp-14/external/kmgk" remote="git-ti-com" revision="f9897f4a8a152317901b56f7a531514211ee2c3d" upstream="d-android14-release" dest-branch="d-android14-release" groups="ti"/>
    <project name="android/external-kmgk" path="ti-aosp-14/external/kmgk" remote="git-ti-com" revision="b1a4a23d118feb4c17df69893e4b85504f88e84c" upstream="d-android15-release" dest-branch="d-android15-release" groups="ti"/>
    <project name="android/external-libcamera" path="ti-aosp-14/external/libcamera" remote="git-ti-com" revision="85c6ba8dd2347f5fa8ee9400ff1e33abfa1d8f50" upstream="d-android14-release" dest-branch="d-android14-release" groups="ti"/>
    <project name="android/external-libyaml" path="ti-aosp-14/external/libyaml" remote="git-ti-com" revision="82526f06060e20a441f102266096c0d9f34e420a" upstream="d-android14-release" dest-branch="d-android14-release" groups="ti"/>
    <project name="android/external-libyuv_chromium" path="ti-aosp-14/external/libyuv_chromium" remote="git-ti-com" revision="0bb9615271551c974f95397d8250a1edffa4433e" upstream="d-android14-release" dest-branch="d-android14-release" groups="ti"/>

    ```

    However, the unlockis still not workign with the below error:

    ```bash

    04-02 10:39:23.750   184   184 E keystore2: system/security/keystore2/src/error.rs:180 - system/security/keystore2/src/security_level.rs:358: Failed to begin operation.
    04-02 10:39:23.750   184   184 E keystore2:     0: system/security/keystore2/src/security_level.rs:868
    04-02 10:39:23.750   184   184 E keystore2:     1: system/security/keystore2/src/utils.rs:200: Calling km_op.
    04-02 10:39:23.753   478   988 E SyntheticPasswordCrypto: android.security.keystore.UserNotAuthenticatedException: User not authenticated
    04-02 10:39:23.753   478   988 E SyntheticPasswordCrypto:   at android.security.keystore2.KeyStoreCryptoOperationUtils.getInvalidKeyException(KeyStoreCryptoOperationUtils.java:126)
    04-02 10:39:23.753   478   988 E SyntheticPasswordCrypto:   at android.security.keystore2.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:152)
    04-02 10:39:23.753   478   988 E SyntheticPasswordCrypto:   at android.security.keystore2.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:354)
    04-02 10:39:23.753   478   988 E SyntheticPasswordCrypto:   at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:248)
    04-02 10:39:34.223   184  4428 I keystore2: system/security/keystore2/src/watchdog.rs:319 - Watchdog thread idle -> terminating. Have a great day.
    04-02 10:40:53.785   184   184 E keystore2: system/security/keystore2/src/error.rs:180 - system/security/keystore2/src/security_level.rs:358: Failed to begin operation.
    04-02 10:40:53.785   184   184 E keystore2:     0: system/security/keystore2/src/security_level.rs:868
    04-02 10:40:53.785   184   184 E keystore2:     1: system/security/keystore2/src/utils.rs:200: Calling km_op.
    04-02 10:40:53.788   478  3578 E SyntheticPasswordCrypto: android.security.keystore.UserNotAuthenticatedException: User not authenticated
    04-02 10:40:53.788   478  3578 E SyntheticPasswordCrypto:   at android.security.keystore2.KeyStoreCryptoOperationUtils.getInvalidKeyException(KeyStoreCryptoOperationUtils.java:126)
    04-02 10:40:53.788   478  3578 E SyntheticPasswordCrypto:   at android.security.keystore2.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:152)
    04-02 10:40:53.788   478  3578 E SyntheticPasswordCrypto:   at android.security.keystore2.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:354)
    04-02 10:40:53.788   478  3578 E SyntheticPasswordCrypto:   at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:248)

    ```

    Is there any additional patch required?

    Best regards

    Libin Jose