Keymaster 1 broken on qualcomm devices on LineageOS 16.0 (WPA2 Enterprise EAP-TLS broken)
Expected Behavior
When connecting to WPA2 Enterprise network with client certificate, it is expected to connect succesfully.
Current Behavior
It does not connect, instead, this core issue appears:
431 431 W /vendor/bin/hw/android.hardware.keymaster@3.0-service: Digest 1 requested but not supported by KM1 hal
...
3825 3825 I wpa_supplicant: OpenSSL: openssl_handshake - SSL_connect error:00000000:invalid library (0): OPENSSL_internal:invalid library (0)
The hardware does not support MD5 digesting, and this is necessary for a (redundant with sha) fingerprint in x509. It seems the KM1 abstraction is too strict.
Possible Solution
Cherry-picking 5a0f381d3cefa0a8646220b759f04e1f5b176002 and 4082375e3e92955ee408a77101a9459ec64e624a on top of tag android-9.0.0-r44 in system/keymaster fixes the issue.
Steps to Reproduce
- Create WPA2 enterprise network with EAP-TLS authentication and client certificate for the phone (like eduroam)
- Connect to the network
It likely affects all qualcomm devices and probably other devices that don't support
/device bardockpro /version lineage-16.0 /date 2019-07-11 /kernel 3.18 /baseband /mods
I have read the directions.