Failed -66 RSA attestation failed

[privacyguy123]

Using StrongBox version of the code snippet because my device uses StrongBox. Has anybody else seen this or knows what it means?

[VisionR1]

Using StrongBox version of the code snippet because my device uses StrongBox. Has anybody else seen this or knows what it means?

Short

Full: https://developer.android.com/privacy-and-security/keystore

[privacyguy123]

Doesn't really answer the question - the key box supplied is valid yet RSA portion of the command fails?

[VisionR1]

Doesn't really answer the question - the key box supplied is valid yet RSA portion of the command fails?

Oh another error that, you mean the EC is valid but RSA fails?

[privacyguy123]

Doesn't really answer the question - the key box supplied is valid yet RSA portion of the command fails?

Oh another error that, you mean the EC is valid but RSA fails?

Yes, error 66 from KmInstallKeybox.

The command without StrongBox worked fine.

[VisionR1]

Doesn't really answer the question - the key box supplied is valid yet RSA portion of the command fails?

Oh another error that, you mean the EC is valid but RSA fails?

Yes, error 66 from KmInstallKeybox.

The command without StrongBox worked fine.

Have you try this

[privacyguy123]

Yes, false gives a different error saying the device expects props to be attested or something.

[VisionR1]

Yes, false gives a different error saying the device expects props to be attested or something.

You insert the keybox.xml provided with this guide or try yours?

[privacyguy123]

Yes, false gives a different error saying the device expects props to be attested or something.

You insert the keybox.xml provided with this guide or try yours?

I've tried 3 now all with this same error. I cannot overwrite StrongBox key.

[VisionR1]

Yes, false gives a different error saying the device expects props to be attested or something.

You insert the keybox.xml provided with this guide or try yours?

I've tried 3 now all with this same error. I cannot overwrite StrongBox key.

Besides this 3, you have try and the keybox.xml provide with this guide right?

[privacyguy123]

Yes, false gives a different error saying the device expects props to be attested or something.

You insert the keybox.xml provided with this guide or try yours?

I've tried 3 now all with this same error. I cannot overwrite StrongBox key.

Besides this 3, you have try and the keybox.xml provide with this guide right?

Yes, they all have the same error on StrongBox device ...

[VisionR1]

Yes, false gives a different error saying the device expects props to be attested or something.

You insert the keybox.xml provided with this guide or try yours?

I've tried 3 now all with this same error. I cannot overwrite StrongBox key.

Besides this 3, you have try and the keybox.xml provide with this guide right?

Yes, they all have the same error on StrongBox device ...

This is strange, maybe your ROM have some wrong and cause this problem

[privacyguy123]

Have you been able to run the StrongBox command and get a successful output? I am talking about the longer code snippet:

adb shell LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox /data/nativetest64/qti_keymaster_tests/keybox.xml 0 true /data/nativetest64/qti_keymaster_tests/keybox.xml  0 true

What output do you get from that?

This shorter code snippet says "TEE fine successful" but this is not enough on a StrongBox because it only seems to be reprogramming "half" the key.

[VisionR1]

Have you been able to run the StrongBox command and get a successful output? I am talking about the longer code snippet:

adb shell LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox /data/nativetest64/qti_keymaster_tests/keybox.xml 0 true /data/nativetest64/qti_keymaster_tests/keybox.xml  0 true

What output do you get from that?

This shorter code snippet says "TEE fine successful" but this is not enough on a StrongBox because it only seems to be reprogramming "half" the key.

You mean this adb shell LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox /data/nativetest64/qti_keymaster_tests/keybox.xml 0 true keybox.xml 0 true Because i think you write and some else in the end Don't have try this yet but i take the answer from another users what say like in XDA, and say my opinion.

And maybe is can't work in your device, because @chiteroman say have test this in his Xiaomi Poco X3 Pro. You have i guess, Samsung?

[VisionR1]

And you can write here https://xdaforums.com/t/tee-hacking.4662185/

And if any users have the same problem and found a solution can tell you

[privacyguy123]

You mean this adb shell LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox /data/nativetest64/qti_keymaster_tests/keybox.xml 0 true keybox.xml 0 true Because i think you write and some else in the end

It is necessary to supply to the full path to the keybox twice ...

[VisionR1]

You mean this adb shell LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox /data/nativetest64/qti_keymaster_tests/keybox.xml 0 true keybox.xml 0 true Because i think you write and some else in the end

It is necessary to supply to the full path to the keybox twice ...

Really where say that? 🤔

Because i read this

I think this with keybox twice mean this

Without twice for non StrongBox And with twice for StrongBox

[privacyguy123]

If you don't understand why that is then I don't know if you're qualified to help me. :)

Writing keybox.xml (with no full path) attempts to read the file from the currently directory you're in - if you dont' supply a full path then KmInstallKeybox won't find the keybox file the 2nd time.

[VisionR1]

If you don't understand why that is then I don't know if you're qualified to help me. :)

Writing keybox.xml (with no full path) attempts to read the file from the currently directory you're in - if you dont' supply a full path then KmInstallKeybox won't find the keybox file the 2nd time.

Yeah i know that, for that i say only my opinion and maybe some is useful.

Yeah i get your point, just i confused because i read the guide and can't find where say this specific part

[privacyguy123]

Hes copy pasted the code wrong for StrongBox, it's simple as that

[VisionR1]

Hes copy pasted the code wrong for StrongBox, it's simple as that

If so like this you say, then @chiteroman must change it