Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2377553d authored Mar 20, 2017 by Bartosz Fabianowski

Add manufacturer and model to device ID attestation

Discussions have shown that in addition to brand, device and product,
we should also allow devices to attest their manufacturer and model.

Bug: 36433192
Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest

Change-Id: I5a9fd839497976cdb1e44cbe4a2d5b7730732b4c

parent 9198e7bb

keymaster/3.0/default/KeymasterDevice.cpp

+2 −0

Original line number	Diff line number	Diff line
		@@ -525,6 +525,8 @@ Return<void> KeymasterDevice::attestKey(const hidl_vec<uint8_t>& keyToAttest,
		case Tag::ATTESTATION_ID_SERIAL:
		case Tag::ATTESTATION_ID_IMEI:
		case Tag::ATTESTATION_ID_MEID:
		case Tag::ATTESTATION_ID_MANUFACTURER:
		case Tag::ATTESTATION_ID_MODEL:
		// Device id attestation may only be supported if the device is able to permanently
		// destroy its knowledge of the ids. This device is unable to do this, so it must
		// never perform any device id attestation.

keymaster/3.0/types.hal

+4 −1

Original line number	Diff line number	Diff line
		@@ -135,7 +135,10 @@ enum Tag : uint32_t {
		in attestation */
		ATTESTATION_ID_MEID = TagType:BYTES \| 715, /* Used to provide the device's MEID to be included
		in attestation */

		ATTESTATION_ID_MANUFACTURER = TagType:BYTES \| 716, /* Used to provide the device's manufacturer
		name to be included in attestation */
		ATTESTATION_ID_MODEL = TagType:BYTES \| 717, /* Used to provide the device's model name to be
		included in attestation */

		/* Tags used only to provide data to or receive data from operations */
		ASSOCIATED_DATA = TagType:BYTES \| 1000, /* Used to provide associated data for AEAD modes. */