Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5e51268a authored by Andrew Scull's avatar Andrew Scull Committed by Automerger Merge Worker
Browse files

Merge "Document expectations of DICE mode" am: ebcdcdbc am: ad2adbcb am:... 

Merge "Document expectations of DICE mode" am: ebcdcdbc am: ad2adbcb am: c71526cd am: 464f6fba am: e1678b0f

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2583537



Change-Id: I5526ed83da9d17cf8e1c5e8851c902db3589ac77
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents d2d58fa9 e1678b0f

security/rkp/README.md

+18 −0
Original line number Diff line number Diff line
@@ -291,6 +291,24 @@ available on the device it should appear in the certificate request as the leaf 
of a DKCertChain in AdditionalDKSignatures (see

[CertificateRequest](#certificaterequest)).



#### Mode



The Open Profile for DICE specifies four possible modes with the most important

mode being `normal`. A certificate must only set the mode to `normal` when all

of the following conditions are met when loading and verifying the software

component that is being described by the certificate:



*   verified boot with anti-rollback protection is enabled

*   only the verified boot authorities for production images are enabled

*   debug ports, fuses or other debug facilities are disabled

*   device booted software from the normal primary source e.g. internal flash



If any of these conditions are not met then it is recommended to explicitly

acknowledge this fact by using the `debug` mode. The mode should never be `not

configured`.



#### Configuration descriptor



The Open Profile for DICE allows for an arbitrary configuration descriptor. For

BCC entries, this configuration descriptor is a CBOR map with the following

optional fields. If no fields are relevant, an empty map should be encoded.