Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7e477d63 authored by Max Bires's avatar Max Bires
Browse files

Fix comment in docs about ID attestation. 

ID attestation will not work if the device identifiers are altered in
the system image. This is because KeyMint checks the device identifiers
that are provided in a generateKey call against the device identifiers
that were provisioned in the factory. If there is a mismatch, the key
request is rejected. The documentation on getSerial() has been fixed to
clarify this.

Test: The new documentation is semantically digestible by a SWE
Change-Id: Ie300cd167bb82b44e38fb3e091b90abe02a7c197
parent f523bbcd

core/java/android/os/Build.java

+4 −2
Original line number Diff line number Diff line
@@ -165,9 +165,11 @@ public class Build { 
     * Gets the hardware serial number, if available.

     *

     * <p class="note"><b>Note:</b> Root access may allow you to modify device identifiers, such as

     * the hardware serial number. If you change these identifiers, you can use

     * the hardware serial number. If you change these identifiers, you can not use

     * <a href="/training/articles/security-key-attestation.html">key attestation</a> to obtain

     * proof of the device's original identifiers.

     * proof of the device's original identifiers. KeyMint will reject an ID attestation request

     * if the identifiers provided by the frameworks do not match the identifiers it was

     * provisioned with.

     *

     * <p>Starting with API level 29, persistent device identifiers are guarded behind additional

     * restrictions, and apps are recommended to use resettable identifiers (see <a