Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c43c69be authored by Andrew Scull's avatar Andrew Scull Committed by Automerger Merge Worker
Browse files

Merge "Tweak RKP HAL comments" am: 6e696250 am: 0034c1f2 am: 4854e0c1 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2241036



Change-Id: I0aa476a489b7692ceb740b5cd48395fff0ff9efc
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents a6fb0ade 4854e0c1

security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl

+9 −1
Original line number Diff line number Diff line
@@ -49,8 +49,16 @@ parcelable DeviceInfo { 
     *         "security_level" : "tee" / "strongbox",

     *         "fused": 1 / 0,  ; 1 if secure boot is enforced for the processor that the IRPC

     *                          ; implementation is contained in. 0 otherwise.

     *         "cert_type": "widevine" / "keymint"

     *         "cert_type": CertificateType;

     *     }

     *

     *     ; A tstr identifying the type of certificate. The set of supported certificate types may

     *     ; be extended without requiring a version bump of the HAL. Custom certificate types may

     *     ; be used, but the provisioning server may reject the request for an unknown certificate

     *     ; type. The currently defined certificate types are:

     *     ;  - "widevine"

     *     ;  - "keymint"

     *     CertificateType = tstr

     */

    byte[] deviceInfo;

}

security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl

+6 −5
Original line number Diff line number Diff line
@@ -151,7 +151,8 @@ interface IRemotelyProvisionedComponent { 


    /**

     * This method has been removed in version 3 of the HAL. The header is kept around for

     * backwards compatibility purposes. Calling this method should return STATUS_REMOVED on v3.

     * backwards compatibility purposes. From v3, this method should raise a

     * ServiceSpecificException with an error code of STATUS_REMOVED.

     *

     * For v1 and v2 implementations:

     * generateCertificateRequest creates a certificate request to be sent to the provisioning
@@ -378,8 +379,8 @@ interface IRemotelyProvisionedComponent { 
     *                                      ; Last certificate corresponds to KeyMint's DICE key.

     * ]

     *

     * ; This is the signed payload for each entry in the DCC. Note that the "Configuration

     * ; Input Values" described by the Open Profile are not used here. Instead, the Dcc

     * ; This is the signed payload for each entry in the DICE chain. Note that the "Configuration

     * ; Input Values" described by the Open Profile are not used here. Instead, the DICE chain

     * ; defines its own configuration values for the Configuration Descriptor field. See

     * ; the Open Profile for DICE for more details on the fields. SHA256 and SHA512 are acceptable

     * ; hash algorithms. The digest bstr values in the payload are the digest values without any
@@ -408,8 +409,8 @@ interface IRemotelyProvisionedComponent { 
     *     -4670551 : bstr,                         ; Mode

     * }

     *

     * ; Each entry in the Dcc is a DiceChainEntryPayload signed by the key from the previous entry

     * ; in the Dcc array.

     * ; Each entry in the DICE chain is a DiceChainEntryPayload signed by the key from the previous

     * ; entry in the DICE chain array.

     * DiceChainEntry = [                            ; COSE_Sign1 (untagged)

     *     protected : bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },

     *     unprotected: {},