Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 077c76f8 authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Add new CertificateType for the RKP VM" into main am: 3cf2309b 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2850345



Change-Id: Ic5093b17efedf100c4443e22058fc0491b538ef3
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents c92314a0 3cf2309b

security/rkp/README.md

+27 −0
Original line number Diff line number Diff line
@@ -190,3 +190,30 @@ following links: 
*   [RpcHardwareInfo](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl)

*   [DeviceInfo](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl)



### Support for Android Virtualization Framework



The Android Virtualization Framwork (AVF) relies on RKP to provision keys for VMs. A

privileged vm, the RKP VM, is reponsible for generating and managing the keys for client

VMs that run virtualized workloads. See the following for more background information on the

RKP VM:

*    [rkp-vm]: https://android.googlesource.com/platform/packages/modules/Virtualization/+/main/service_vm/README.md#rkp-vm-remote-key-provisioning-virtual-machine

*    [rkp-service]: https://source.android.com/docs/core/ota/modular-system/remote-key-provisioning#stack-architecture



It is important to distinquish the RKP VM from other components, such as KeyMint. An

[RKP VM marker](https://pigweed.googlesource.com/open-dice/+/HEAD/docs/android.md#configuration-descriptor)

(key `-70006) is used for this purpose. The existence or absence of this marker is used to

identify the type of component decribed by a given DICE chain.



The following describes which certificate types may be request based on the RKP VM marker:

1. "rkp-vm": If a DICE chain has zero or more certificates without the RKP VM

   marker followed by one or more certificates with the marker, then that chain

   describes an RKP VM. If there are further certificates without the RKP VM

   marker, then the chain does not describe an RKP VM.



   Implementations must include the first RPK VM marker as early as possible

   after the point of divergence between TEE and non-TEE components in the DICE

   chain, prior to loading the Android Bootloader (ABL).

2. "widevine" or "keymint": If there are no certificates with the RKP VM

   marker then it describes a TEE component.

3. None: Any component described by a DICE chain that does not match the above

   two categories.
 
 No newline at end of file

security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl

+4 −2
Original line number Diff line number Diff line
@@ -14,8 +14,9 @@ CsrPayload = [ ; CBOR Array defining the payload for Csr 
; be extended without requiring a version bump of the HAL. Custom certificate types may

; be used, but the provisioning server may reject the request for an unknown certificate

; type. The currently defined certificate types are:

;  - "widevine"

;  - "keymint"

;  * "widevine" -- Widevine content protection system

;  * "keymint"  -- KeyMint HAL

;  * "rkp-vm"   -- See "Support for Android Virtualization Framework" in the README.md file.

CertificateType = tstr



KeysToSign = [ * PublicKey ]   ; Please see PublicKey.cddl for the PublicKey definition.
@@ -112,6 +113,7 @@ ConfigurationDescriptor = { ; Configuration Descriptor 
    ? -70003 : int / tstr,                   ; Component version

    ? -70004 : null,                         ; Resettable

    ? -70005 : uint,                         ; Security version

    ? -70006 : null,                         ; RKP VM marker

}



; Each entry in the DICE chain is a DiceChainEntryPayload signed by the key from the previous