Loading security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl +61 −6 Original line number Diff line number Diff line Loading @@ -17,11 +17,11 @@ package android.hardware.security.keymint; /** * DeviceInfo contains information about the device that's fed in as AAD in the signature of the * device private key over the MAC key used for the bundle of public keys. These values are intended * to be checked by the server to verify that the certificate signing request crafted by * an IRemotelyProvisionedComponent HAL instance is coming from the expected device based * on values initially uploaded during device manufacture in the factory. * DeviceInfo contains information about the device that's signed by the * IRemotelyProvisionedComponent HAL. These values are intended to be checked by the server to * verify that the certificate signing request crafted by an IRemotelyProvisionedComponent HAL * instance is coming from the expected device based on values initially uploaded during device * manufacture in the factory. * @hide */ @VintfStability Loading @@ -31,6 +31,34 @@ parcelable DeviceInfo { * canonicalized according to the specification in RFC 7049. The ordering presented here is * non-canonical to group similar entries semantically. * * The DeviceInfo has changed across versions 1, 2, and 3 of the HAL. All versions of the * DeviceInfo CDDL are described as follows. Please refer to the CDDL structure version * that corresponds to the HAL version you are working with: * * Version 3, introduced in Android 14: * DeviceInfo = { * "brand" : tstr, * "manufacturer" : tstr, * "product" : tstr, * "model" : tstr, * "device" : tstr, * "vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values * "bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values * "vbmeta_digest": bstr, ; Taken from the AVB values * ? "os_version" : tstr, ; Same as * ; android.os.Build.VERSION.release * ; Not optional for TEE. * "system_patch_level" : uint, ; YYYYMM * "boot_patch_level" : uint, ; YYYYMMDD * "vendor_patch_level" : uint, ; YYYYMMDD * "security_level" : "tee" / "strongbox", * "fused": 1 / 0, ; 1 if secure boot is enforced for the processor that the IRPC * ; implementation is contained in. 0 otherwise. * } * * --------------------------------------------------------------------------------------------- * * Version 2, introduced in Android 13: * DeviceInfo = { * "brand" : tstr, * "manufacturer" : tstr, Loading @@ -43,12 +71,39 @@ parcelable DeviceInfo { * ? "os_version" : tstr, ; Same as * ; android.os.Build.VERSION.release * ; Not optional for TEE. * "system_patch_level" : uint, ; YYYYMMDD * "system_patch_level" : uint, ; YYYYMM * "boot_patch_level" : uint, ; YYYYMMDD * "vendor_patch_level" : uint, ; YYYYMMDD * "version" : 2, ; The CDDL schema version. * "security_level" : "tee" / "strongbox", * "fused": 1 / 0, ; 1 if secure boot is enforced for the processor that the IRPC * ; implementation is contained in. 0 otherwise. * * --------------------------------------------------------------------------------------------- * * Version 1, introduced in Android 12: * DeviceInfo = { * ? "brand" : tstr, * ? "manufacturer" : tstr, * ? "product" : tstr, * ? "model" : tstr, * ? "board" : tstr, * ? "vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values * ? "bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values * ? "vbmeta_digest": bstr, ; Taken from the AVB values * ? "os_version" : tstr, ; Same as * ; android.os.Build.VERSION.release * ? "system_patch_level" : uint, ; YYYYMM * ? "boot_patch_level" : uint, ; YYYYMMDD * ? "vendor_patch_level" : uint, ; YYYYMMDD * "version" : 1, ; The CDDL schema version. * "security_level" : "tee" / "strongbox" * "att_id_state": "locked" / "open", ; Attestation IDs State. If "locked", this * ; indicates a device's attestable IDs are * ; factory-locked and immutable. If "open", * ; this indicates the device is still in a * ; provisionable state and the attestable IDs * ; are not yet frozen. * } */ byte[] deviceInfo; Loading Loading
security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl +61 −6 Original line number Diff line number Diff line Loading @@ -17,11 +17,11 @@ package android.hardware.security.keymint; /** * DeviceInfo contains information about the device that's fed in as AAD in the signature of the * device private key over the MAC key used for the bundle of public keys. These values are intended * to be checked by the server to verify that the certificate signing request crafted by * an IRemotelyProvisionedComponent HAL instance is coming from the expected device based * on values initially uploaded during device manufacture in the factory. * DeviceInfo contains information about the device that's signed by the * IRemotelyProvisionedComponent HAL. These values are intended to be checked by the server to * verify that the certificate signing request crafted by an IRemotelyProvisionedComponent HAL * instance is coming from the expected device based on values initially uploaded during device * manufacture in the factory. * @hide */ @VintfStability Loading @@ -31,6 +31,34 @@ parcelable DeviceInfo { * canonicalized according to the specification in RFC 7049. The ordering presented here is * non-canonical to group similar entries semantically. * * The DeviceInfo has changed across versions 1, 2, and 3 of the HAL. All versions of the * DeviceInfo CDDL are described as follows. Please refer to the CDDL structure version * that corresponds to the HAL version you are working with: * * Version 3, introduced in Android 14: * DeviceInfo = { * "brand" : tstr, * "manufacturer" : tstr, * "product" : tstr, * "model" : tstr, * "device" : tstr, * "vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values * "bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values * "vbmeta_digest": bstr, ; Taken from the AVB values * ? "os_version" : tstr, ; Same as * ; android.os.Build.VERSION.release * ; Not optional for TEE. * "system_patch_level" : uint, ; YYYYMM * "boot_patch_level" : uint, ; YYYYMMDD * "vendor_patch_level" : uint, ; YYYYMMDD * "security_level" : "tee" / "strongbox", * "fused": 1 / 0, ; 1 if secure boot is enforced for the processor that the IRPC * ; implementation is contained in. 0 otherwise. * } * * --------------------------------------------------------------------------------------------- * * Version 2, introduced in Android 13: * DeviceInfo = { * "brand" : tstr, * "manufacturer" : tstr, Loading @@ -43,12 +71,39 @@ parcelable DeviceInfo { * ? "os_version" : tstr, ; Same as * ; android.os.Build.VERSION.release * ; Not optional for TEE. * "system_patch_level" : uint, ; YYYYMMDD * "system_patch_level" : uint, ; YYYYMM * "boot_patch_level" : uint, ; YYYYMMDD * "vendor_patch_level" : uint, ; YYYYMMDD * "version" : 2, ; The CDDL schema version. * "security_level" : "tee" / "strongbox", * "fused": 1 / 0, ; 1 if secure boot is enforced for the processor that the IRPC * ; implementation is contained in. 0 otherwise. * * --------------------------------------------------------------------------------------------- * * Version 1, introduced in Android 12: * DeviceInfo = { * ? "brand" : tstr, * ? "manufacturer" : tstr, * ? "product" : tstr, * ? "model" : tstr, * ? "board" : tstr, * ? "vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values * ? "bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values * ? "vbmeta_digest": bstr, ; Taken from the AVB values * ? "os_version" : tstr, ; Same as * ; android.os.Build.VERSION.release * ? "system_patch_level" : uint, ; YYYYMM * ? "boot_patch_level" : uint, ; YYYYMMDD * ? "vendor_patch_level" : uint, ; YYYYMMDD * "version" : 1, ; The CDDL schema version. * "security_level" : "tee" / "strongbox" * "att_id_state": "locked" / "open", ; Attestation IDs State. If "locked", this * ; indicates a device's attestable IDs are * ; factory-locked and immutable. If "open", * ; this indicates the device is still in a * ; provisionable state and the attestable IDs * ; are not yet frozen. * } */ byte[] deviceInfo; Loading
