Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2027a9b5 authored by Tommy Chiu's avatar Tommy Chiu
Browse files

Update the UdsCertChain comment to reflect the latest recommendation. 

Bug: 331136391
Test: comment update only
Change-Id: I72f45c85d106d87fcd4c56d4c4fa86eb1af8f5a7
parent ce06c8ba

security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl

+7 −3
Original line number Diff line number Diff line
@@ -62,9 +62,13 @@ UdsCerts = { 
SignerName = tstr



UdsCertChain = [

    2* X509Certificate      ; Root -> ... -> Leaf. "Root" is the vendor self-signed

                            ; cert, "Leaf" contains UDS_Public. There may also be

                            ; intermediate certificates between Root and Leaf.

    + X509Certificate       ; Root -> ... -> Leaf. "Root" is the vendor self-signed

                            ; cert, "Leaf" contains UDS_Public. It's recommended to

                            ; have at least 3 certificates in the chain.

                            ; The Root certificate is recommended to be generated in an air-gapped,

                            ; HSM-based secure environment. The intermediate signing keys may be

                            ; online, and should be rotated regularly (e.g. annually). Additionally,

                            ; the intermediate certificates may contain product family identifiers.

]



; A bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or EdDSA)