Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0f595355 authored by Subrahmanyaman's avatar Subrahmanyaman
Browse files

Updated the description on Root of Trust Binding. 

The root of trust consists of a bitstring that must be derived
from the public key used by Verified Boot, from the lock state
and from the Verified Boot state of the device.

Test: VtsAidlKeyMintTarget

Change-Id: Ib20bf17066f087c6fc050a498cc7ed4a4cb08ae6
parent 1b7abc43

security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl

+6 −6
Original line number Diff line number Diff line
@@ -196,12 +196,12 @@ import android.hardware.security.secureclock.TimeStampToken; 
 * derive a key that is used to encrypt the private/secret key material.

 *

 * The root of trust consists of a bitstring that must be derived from the public key used by

 * Verified Boot to verify the signature on the boot image and from the lock state of the

 * device.  If the public key is changed to allow a different system image to be used or if the

 * lock state is changed, then all of the IKeyMintDevice-protected keys created by the previous

 * system state must be unusable, unless the previous state is restored.  The goal is to increase

 * the value of the software-enforced key access controls by making it impossible for an attacker-

 * installed operating system to use IKeyMintDevice keys.

 * Verified Boot to verify the signature on the boot image, from the lock state and from the

 * Verified Boot state of the device.  If the public key is changed to allow a different system

 * image to be used or if the lock state is changed, then all of the IKeyMintDevice-protected keys

 * created by the previous system state must be unusable, unless the previous state is restored.

 * The goal is to increase the value of the software-enforced key access controls by making it

 * impossible for an attacker-installed operating system to use IKeyMintDevice keys.

 *

 * == Version Binding ==

 *