Merge "Update IRemotelyProvisionedComponent HAL to v3" (26a54850) · Commits · e / os / android_hardware_interfaces

security/keymint/RKP_CHANGELOG.md

+21 −6

Original line number	Diff line number	Diff line
		@@ -6,6 +6,7 @@ This document provides an exact description of which changes have occurred in th
		## Releases
		* Android S (12): IRemotelyProvisionedComponent v1
		* Android T (13): IRemotelyProvisionedComponent v2
		* Android U (14): IRemotelyProvisionedComponent v3

		## IRemotelyProvisionedComponent 1 -> 2
		* DeviceInfo
		@@ -16,3 +17,17 @@ This document provides an exact description of which changes have occurred in th
		* `device` has been added.
		* RpcHardwareInfo
		* `uniqueId` String added as a field in order to differentiate IRPC instances on device.

		## IRemotelyProvisionedComponent 2 -> 3
		* ProtectedData has been removed.
		* DeviceInfo
		* `cert_type` has been added, with values corresponding to `widevine` or `keymint`
		* `version` has moved to a top-level field within the CSR generated by the HAL
		* IRemotelyProvisionedComponent
		* The need for an EEK has been removed. There is no longer an encrypted portion of the CSR.
		* Test mode has been removed.
		* The schema for the CSR itself has been significantly simplified, please see
		IRemotelyProvisionedComponent.aidl for more details.
		* Notably, the chain of signing, MACing, and encryption operations has been replaced with a single
		COSE_Sign1 object.

+2 −0

Original line number	Diff line number	Diff line
		@@ -38,9 +38,11 @@ interface IRemotelyProvisionedComponent {
		android.hardware.security.keymint.RpcHardwareInfo getHardwareInfo();
		byte[] generateEcdsaP256KeyPair(in boolean testMode, out android.hardware.security.keymint.MacedPublicKey macedPublicKey);
		byte[] generateCertificateRequest(in boolean testMode, in android.hardware.security.keymint.MacedPublicKey[] keysToSign, in byte[] endpointEncryptionCertChain, in byte[] challenge, out android.hardware.security.keymint.DeviceInfo deviceInfo, out android.hardware.security.keymint.ProtectedData protectedData);
		byte[] generateCertificateRequestV2(in android.hardware.security.keymint.MacedPublicKey[] keysToSign, in byte[] challenge);
		const int STATUS_FAILED = 1;
		const int STATUS_INVALID_MAC = 2;
		const int STATUS_PRODUCTION_KEY_IN_TEST_REQUEST = 3;
		const int STATUS_TEST_KEY_IN_PRODUCTION_REQUEST = 4;
		const int STATUS_INVALID_EEK = 5;
		const int STATUS_REMOVED = 6;
		}

+12 −12

Original line number	Diff line number	Diff line
		@@ -37,19 +37,19 @@ parcelable DeviceInfo {
		* "product" : tstr,
		* "model" : tstr,
		* "device" : tstr,
		* "vb_state" : "green" / "yellow" / "orange", // Taken from the AVB values
		* "bootloader_state" : "locked" / "unlocked", // Taken from the AVB values
		* "vbmeta_digest": bstr, // Taken from the AVB values
		* ? "os_version" : tstr, // Same as
		* // android.os.Build.VERSION.release
		* // Not optional for TEE.
		* "system_patch_level" : uint, // YYYYMMDD
		* "boot_patch_level" : uint, // YYYYMMDD
		* "vendor_patch_level" : uint, // YYYYMMDD
		* "version" : 2, // The CDDL schema version.
		* "vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values
		* "bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values
		* "vbmeta_digest": bstr, ; Taken from the AVB values
		* ? "os_version" : tstr, ; Same as
		* ; android.os.Build.VERSION.release
		* ; Not optional for TEE.
		* "system_patch_level" : uint, ; YYYYMMDD
		* "boot_patch_level" : uint, ; YYYYMMDD
		* "vendor_patch_level" : uint, ; YYYYMMDD
		* "security_level" : "tee" / "strongbox",
		* "fused": 1 / 0, // 1 if secure boot is enforced for the processor that the IRPC
		* // implementation is contained in. 0 otherwise.
		* "fused": 1 / 0, ; 1 if secure boot is enforced for the processor that the IRPC
		* ; implementation is contained in. 0 otherwise.
		* "cert_type": "widevine" / "keymint"
		* }
		*/
		byte[] deviceInfo;

+272 −102

File changed.

Preview size limit exceeded, changes collapsed.

+11 −13

Original line number	Diff line number	Diff line
		@@ -28,21 +28,22 @@ parcelable MacedPublicKey {
		* only to the secure environment, as proof that the public key was generated by that
		* environment. In CDDL, assuming the contained key is a P-256 public key:
		*
		* MacedPublicKey = [ // COSE_Mac0
		* protected: bstr .cbor { 1 : 5}, // Algorithm : HMAC-256
		* MacedPublicKey = [ ; COSE_Mac0
		* protected: bstr .cbor { 1 : 5}, ; Algorithm : HMAC-256
		* unprotected: { },
		* payload : bstr .cbor PublicKey,
		* tag : bstr HMAC-256(K_mac, MAC_structure)
		* ]
		*
		* PublicKey = { // COSE_Key
		* 1 : 2, // Key type : EC2
		* 3 : -7, // Algorithm : ES256
		* -1 : 1, // Curve : P256
		* -2 : bstr, // X coordinate, little-endian
		* -3 : bstr, // Y coordinate, little-endian
		* ? -70000 : nil // Presence indicates this is a test key. If set, K_mac is
		* // all zeros.
		* ; NOTE: -70000 is deprecated for v3 HAL implementations.
		* PublicKey = { ; COSE_Key
		* 1 : 2, ; Key type : EC2
		* 3 : -7, ; Algorithm : ES256
		* -1 : 1, ; Curve : P256
		* -2 : bstr, ; X coordinate, little-endian
		* -3 : bstr, ; Y coordinate, little-endian
		* -70000 : nil ; Presence indicates this is a test key. If set, K_mac is
		* ; all zeros.
		* },
		*
		* MAC_structure = [
		@@ -51,9 +52,6 @@ parcelable MacedPublicKey {
		* external_aad : bstr .size 0,
		* payload : bstr .cbor PublicKey
		* ]
		*
		* if a non-P256 public key were contained, the contents of the PublicKey map would change a
		* little; see RFC 8152 for details.
		*/
		byte[] macedKey;
		}