Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d78bb405 authored by David Drysdale's avatar David Drysdale Committed by Automerger Merge Worker
Browse files

Merge "RKP HAL: fix typos" am: 01929798 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2200737



Change-Id: I30f786c0493c3681238fc2c5774ae596c07a07d4
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 7ae04c06 01929798

security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl

+12 −12
Original line number Diff line number Diff line
@@ -29,7 +29,7 @@ import android.hardware.security.keymint.RpcHardwareInfo; 
 * validate the request and create certificates.

 *

 * This interface does not provide any way to use the generated and certified key pairs. It's

 * intended to be implemented by a HAL service that does other things with keys (e.g. Keymint).

 * intended to be implemented by a HAL service that does other things with keys (e.g. KeyMint).

 *

 * The root of trust for secure provisioning is something called the Device Identifier Composition

 * Engine (DICE) Chain. The DICE Chain is a chain of certificates, represented as COSE_Sign1 objects
@@ -79,9 +79,9 @@ import android.hardware.security.keymint.RpcHardwareInfo; 
 * While a proper DICE Chain, as described above, reflects the complete boot sequence from boot ROM

 * to the secure area image of the IRemotelyProvisionedComponent, it's also possible to use a

 * "degenerate" DICE Chain which consists only of a single, self-signed certificate containing the

 * public key of a hardware-bound key pair. This is an appopriate solution for devices which haven't

 * implemented everything necessary to produce a proper DICE Chain, but can derive a unique key pair

 * in the secure area. In this degenerate case, UDS_Pub is the same as CDI_Leaf_Pub.

 * public key of a hardware-bound key pair. This is an appropriate solution for devices which

 * haven't implemented everything necessary to produce a proper DICE Chain, but can derive a unique

 * key pair in the secure area. In this degenerate case, UDS_Pub is the same as CDI_Leaf_Pub.

 *

 * DICE Chain Privacy

 * ==================
@@ -171,7 +171,7 @@ interface IRemotelyProvisionedComponent { 
     *        If testMode is false, the keysToCertify array must not contain any keys flagged as

     *        test keys. Otherwise, the method must return STATUS_TEST_KEY_IN_PRODUCTION_REQUEST.

     *

     * @param in endpointEncryptionKey contains an X22519 public key which will be used to encrypt

     * @param in endpointEncryptionKey contains an X25519 public key which will be used to encrypt

     *        the BCC. For flexibility, this is represented as a certificate chain, represented as a

     *        CBOR array of COSE_Sign1 objects, ordered from root to leaf. The leaf contains the

     *        X25519 encryption key, each other element is an Ed25519 key signing the next in the
@@ -198,7 +198,7 @@ interface IRemotelyProvisionedComponent { 
     *                 -2 : bstr                      ; Ed25519 public key

     *            }

     *

     *            SignatureKeyP256 = {

     *            SignatureKeyP256 = {                ; COSE_Key

     *                 1 : 2,                         ; Key type : EC2

     *                 3 : AlgorithmES256,            ; Algorithm

     *                 -1 : 1,                        ; Curve: P256
@@ -228,7 +228,7 @@ interface IRemotelyProvisionedComponent { 
     *                2 : bstr             ; KID : EEK ID

     *                3 : -25,             ; Algorithm : ECDH-ES + HKDF-256

     *                -1 : 4,              ; Curve : X25519

     *                -2 : bstr            ; Ed25519 public key

     *                -2 : bstr            ; X25519 public key

     *            }

     *

     *            EekP256 = {              ; COSE_Key
@@ -247,8 +247,8 @@ interface IRemotelyProvisionedComponent { 
     *                payload: bstr .cbor EekX25519 / .cbor EekP256

     *            ]

     *

     *            AlgorithmES256 = -7

     *            AlgorithmEdDSA = -8

     *            AlgorithmES256 = -7      ; RFC 8152 section 8.1

     *            AlgorithmEdDSA = -8      ; RFC 8152 section 8.2

     *

     *        If the contents of endpointEncryptionKey do not match the SignedEek structure above,

     *        the method must return STATUS_INVALID_EEK.
@@ -257,7 +257,7 @@ interface IRemotelyProvisionedComponent { 
     *        in the chain, which implies that it must not attempt to validate the signature.

     *

     *        If testMode is false, the method must validate the chain signatures, and must verify

     *        that the public key in the root certifictate is in its pre-configured set of

     *        that the public key in the root certificate is in its pre-configured set of

     *        authorized EEK root keys. If the public key is not in the database, or if signature

     *        verification fails, the method must return STATUS_INVALID_EEK.

     *
@@ -271,7 +271,7 @@ interface IRemotelyProvisionedComponent { 
     * @param out ProtectedData contains the encrypted BCC and the ephemeral MAC key used to

     *        authenticate the keysToSign (see keysToSignMac output argument).

     *

     * @return The of KeysToSign in the CertificateRequest structure. Specifically, it contains:

     * @return The MAC of KeysToSign in the CertificateRequest structure. Specifically, it contains:

     *

     *            HMAC-256(EK_mac, .cbor KeysToMacStructure)

     *
@@ -366,7 +366,7 @@ interface IRemotelyProvisionedComponent { 
     *                              ; intermediate certificates between Root and Leaf.

     * ]

     *

     * ; A bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)

     * ; A bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or EdDSA)

     * X509Certificate = bstr

     *

     * ; The DICE Chain contains measurements about the device firmware.