Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 192c575f authored by Seth Moore's avatar Seth Moore
Browse files

Note the relationship of patchlevels with keymint 

Some of the DeviceInfo must match existing tags in KeyMint, but this
was not documented.

Test: n/a
Change-Id: I7733e2a4b0c08b0b89ece41390c0ce0711459d82
parent d0c02789

security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl

+9 −9
Original line number Diff line number Diff line
@@ -48,9 +48,9 @@ parcelable DeviceInfo { 
     *         ? "os_version" : tstr,                         ; Same as

     *                                                        ; android.os.Build.VERSION.release

     *                                                        ; Not optional for TEE.

     *         "system_patch_level" : uint,                   ; YYYYMM

     *         "boot_patch_level" : uint,                     ; YYYYMMDD

     *         "vendor_patch_level" : uint,                   ; YYYYMMDD

     *         "system_patch_level" : uint,     ; YYYYMM, must match KeyMint OS_PATCHLEVEL

     *         "boot_patch_level" : uint,       ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL

     *         "vendor_patch_level" : uint,     ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL

     *         "security_level" : "tee" / "strongbox",

     *         "fused": 1 / 0,  ; 1 if secure boot is enforced for the processor that the IRPC

     *                          ; implementation is contained in. 0 otherwise.
@@ -71,9 +71,9 @@ parcelable DeviceInfo { 
     *         ? "os_version" : tstr,                         ; Same as

     *                                                        ; android.os.Build.VERSION.release

     *                                                        ; Not optional for TEE.

     *         "system_patch_level" : uint,                   ; YYYYMM

     *         "boot_patch_level" : uint,                     ; YYYYMMDD

     *         "vendor_patch_level" : uint,                   ; YYYYMMDD

     *         "system_patch_level" : uint,     ; YYYYMM, must match KeyMint OS_PATCHLEVEL

     *         "boot_patch_level" : uint,       ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL

     *         "vendor_patch_level" : uint,     ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL

     *         "version" : 2,                                 ; The CDDL schema version.

     *         "security_level" : "tee" / "strongbox",

     *         "fused": 1 / 0,  ; 1 if secure boot is enforced for the processor that the IRPC
@@ -93,9 +93,9 @@ parcelable DeviceInfo { 
     *         ? "vbmeta_digest": bstr,                       ; Taken from the AVB values

     *         ? "os_version" : tstr,                         ; Same as

     *                                                        ; android.os.Build.VERSION.release

     *         ? "system_patch_level" : uint,                 ; YYYYMM

     *         ? "boot_patch_level" : uint,                   ; YYYYMMDD

     *         ? "vendor_patch_level" : uint,                 ; YYYYMMDD

     *         ? "system_patch_level" : uint,     ; YYYYMM, must match KeyMint OS_PATCHLEVEL

     *         ? "boot_patch_level" : uint,       ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL

     *         ? "vendor_patch_level" : uint,     ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL

     *         "version" : 1,                                 ; The CDDL schema version.

     *         "security_level" : "tee" / "strongbox"

     *         "att_id_state": "locked" / "open",  ; Attestation IDs State. If "locked", this