Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6a1223f2 authored by Seth Moore's avatar Seth Moore
Browse files

Add Attestation IDs State to DeviceInfo 

We will use the 'Attestation IDs State' field in DeviceInfo to
determine whether a device is still provisionable or not. Once a
production device has left the factory, certain attestated device ids
should be fixed, and 'Attestation IDs State' should reflect this
by reporting "locked".

Remove stale, duplicated DeviceInfo description from ProtectedData.aidl

Test: None, just a doc change
Bug: 192017485
Change-Id: I4e0a840a8f415b3b410801805a158c46be30ec6a
Merged-In: I4e0a840a8f415b3b410801805a158c46be30ec6a
parent 9c3bd29c

security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl

+6 −0
Original line number Diff line number Diff line
@@ -44,6 +44,12 @@ parcelable DeviceInfo { 
     *         ? "vendor_patch_level" : uint,                   // YYYYMMDD

     *         "version" : 1,                      // The CDDL schema version.

     *         "security_level" : "tee" / "strongbox"

     *         "att_id_state": "locked" / "open",  // Attestation IDs State. If "locked", this

     *                                             // indicates a device's attestable IDs are

     *                                             // factory-locked and immutable. If "open",

     *                                             // this indicates the device is still in a

     *                                             // provisionable state and the attestable IDs

     *                                             // are not yet frozen.

     *     }

     */

    byte[] deviceInfo;

security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl

+1 −14
Original line number Diff line number Diff line
@@ -158,20 +158,7 @@ parcelable ProtectedData { 
     *         payload: bstr .cbor BccPayload

     *     ]

     *

     *     VerifiedDeviceInfo = {

     *         ? "brand" : tstr,

     *         ? "manufacturer" : tstr,

     *         ? "product" : tstr,

     *         ? "model" : tstr,

     *         ? "board" : tstr,

     *         ? "device" : tstr,

     *         ? "vb_state" : "green" / "yellow" / "orange",

     *         ? "bootloader_state" : "locked" / "unlocked",

     *         ? "os_version" : tstr,

     *         ? "system_patch_level" : uint,        // YYYYMMDD

     *         ? "boot_patch_level" : uint,          // YYYYMMDD

     *         ? "vendor_patch_level" : uint,        // YYYYMMDD

     *     }

     *     VerifiedDeviceInfo = DeviceInfo  // See DeviceInfo.aidl

     *

     *     PubKeyX25519 = {                 // COSE_Key

     *          1 : 1,                      // Key type : Octet Key Pair