Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cf5c67be authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Restore deleteAllKeys expectation for TEE KeyMint 

Even though all of StrongBox KeyMint do support this to our knowledge, not all
TEE KeyMint offer the same.  Partially rollback the expectation for TEE.

Test: N/A
Bug: N/A
Change-Id: Ic6cd89e10386385018ea7380a76020576ec84a6a
parent 6c03b123

security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl

+8 −2
Original line number Diff line number Diff line
@@ -550,8 +550,14 @@ interface IKeyMintDevice { 
    void deleteKey(in byte[] keyBlob);



    /**

     * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After

     * this function is called all keys created previously must be rendered permanently unusable.

     * Deletes all keys in the hardware keystore. Used when keystore is reset completely.

     *

     * For StrongBox KeyMint: After this function is called all keys created previously must be

     * rendered permanently unusable.

     *

     * For TEE KeyMint: After this function is called all keys with Tag::ROLLBACK_RESISTANCE in

     * their hardware-enforced authorization lists must be rendered permanently unusable.  Keys

     * without Tag::ROLLBACK_RESISTANCE may or may not be rendered unusable.

     */

    void deleteAllKeys();