Revert^2 "Add remote key provisioning to the IC HAL" (1bf823ce) · Commits · e / os / android_hardware_interfaces

identity/aidl/Android.bp

+2 −0

Original line number	Diff line number	Diff line
		@@ -15,6 +15,7 @@ aidl_interface {
		],
		imports: [
		"android.hardware.keymaster",
		"android.hardware.security.keymint",
		],
		stability: "vintf",
		backend: {
		@@ -25,6 +26,7 @@ aidl_interface {
		vndk: {
		enabled: true,
		},
		apps_enabled: false,
		},
		},
		versions: [

+1 −0

Original line number	Diff line number	Diff line
		@@ -39,4 +39,5 @@ parcelable HardwareInformation {
		int dataChunkSize;
		boolean isDirectAccess;
		@utf8InCpp String[] supportedDocTypes;
		boolean isRemoteKeyProvisioningSupported = false;
		}

+1 −0

Original line number	Diff line number	Diff line
		@@ -38,6 +38,7 @@ interface IIdentityCredentialStore {
		android.hardware.identity.IWritableIdentityCredential createCredential(in @utf8InCpp String docType, in boolean testCredential);
		android.hardware.identity.IIdentityCredential getCredential(in android.hardware.identity.CipherSuite cipherSuite, in byte[] credentialData);
		android.hardware.identity.IPresentationSession createPresentationSession(in android.hardware.identity.CipherSuite cipherSuite);
		android.hardware.security.keymint.IRemotelyProvisionedComponent getRemotelyProvisionedComponent();
		const int STATUS_OK = 0;
		const int STATUS_FAILED = 1;
		const int STATUS_CIPHER_SUITE_NOT_SUPPORTED = 2;

+1 −0

Original line number	Diff line number	Diff line
		@@ -41,4 +41,5 @@ interface IWritableIdentityCredential {
		byte[] addEntryValue(in byte[] content);
		@SuppressWarnings(value={"out-array"}) void finishAddingEntries(out byte[] credentialData, out byte[] proofOfProvisioningSignature);
		void setExpectedProofOfProvisioningSize(in int expectedProofOfProvisioningSize);
		void setRemotelyProvisionedAttestationKey(in byte[] attestationKeyBlob, in byte[] attestationCertificate);
		}

+15 −0

Original line number	Diff line number	Diff line
		@@ -51,4 +51,19 @@ parcelable HardwareInformation {
		*
		*/
		@utf8InCpp String[] supportedDocTypes;

		/**
		* isRemoteKeyProvisioningSupported indicates whether or not the underlying implementation
		* supports a remotely provisioned key for attestation or not. If this field is false, then
		* the implementation only uses a factory-installed, fixed attestation key. If this field is
		* true, then an IRemotelyProvisionedComponent is associated with the IIdentityCredentialStore,
		* and a remotely provisioned key blob may be provided for credential key attestation.
		*
		* Note that remote provisioning is not required, even when it is supported. Implementations
		* MUST use a factory-installed attestation key as a fallback for when there are no
		* remotely provisioned keys available. This behavior mirrors keystore key attestation.
		*
		* This field was added in API version 4.
		*/
		boolean isRemoteKeyProvisioningSupported = false;
		}