[Android GMS 认证] keystore/keymaster/Attestation的问题
首先确定写入key,操作如下:
检查 /persist/data/sfs 目录下是否有key文件存在 adb shell ls -la /persist/data/sfs
做过key provision的机器重新写key,参照如下步骤: 1)烧userdebug版本,重新写key需要在userdebug版本上才能做 2)执行下面命令擦除rpmb分区 MODEL1:/ # qseecom_sample_client v smplap64 15 1 Note: Command line arguments do not belong to legacy test --------------------------------------------------------------- WARNING!!! You are about to erase the entire RPMB partition. ---------------------------------------------------------------- Do you want to proceed (y/n)? y RPMB partition erase completed
3)重启机器,检查机器处于lock状态和rpmb key已经provision adb reboot bootloader 执行下面命令查看locked状态 fastboot oem lock (bootloader) Device already : locked! OKAY [ 0.006s] Finished. Total time: 0.007s
执行下面命令,若返回-1表示已经provision过rpmb key MODEL1:/ # qseecom_sample_client v smplap64 14 1 Note: Command line arguments do not belong to legacy test ------------------------------------------------------- WARNING!!! You are about to provision the RPMB key. This is a ONE time operation and CANNOT be reversed. ------------------------------------------------------- 0 -> Provision Production key 1 -> Provision Test key 2 -> Check RPMB key provision status ------------------------------------------------------- Select an option to proceed: 1 RPMB key provisioning failed (-1)
4) 后面就可以进行attestation key provison了 adb push keybox.xml /data/local/tmp adb shell LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox /data/local/tmp/keybox.xml your_key_file_product_id true 5)在user版本上测试时注意不要刷persist image,因为attestation key是写在persist分区的。
widevine要用到的话,也得先合入。可以参考 kba-160918225319_3_how_to_integrate_widevine_on_android.pdf,Integrate Widevine - GMS Help.pdf等文档。
然后,绝大部分问题都是高通的问题……很多都是闭源的,无能为力。