Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit deaa5dd8 authored by Shawn Willden's avatar Shawn Willden
Browse files

Remove reference to factory reset of K 

The ISharedSecret.aidl description of the pre-shared secret K
mentioned that K was set up during factory reset.  While that could be
done, it is almost never done; most OEMs inject K in the factory.
Removed the reference to setup in factory reset to reduce confusion.

Test: N/A, comment-only change
Change-Id: Idbbd5a8d64197ef4713a75075a9730d06162ad05
parent f814c977

security/sharedsecret/aidl/android/hardware/security/sharedsecret/ISharedSecret.aidl

+3 −8
Original line number Diff line number Diff line
@@ -81,14 +81,9 @@ interface ISharedSecret { 
     *           defined in the standard.  The counter is prefixed and length L appended, as shown

     *           in the construction on page 12 of the standard.  The label string is UTF-8 encoded.

     *

     *     ``K'' is a pre-established shared secret, set up during factory reset.  The mechanism for

     *           establishing this shared secret is implementation-defined.Any method of securely

     *           establishing K that ensures that an attacker cannot obtain or derive its value is

     *           acceptable.

     *

     *           CRITICAL SECURITY REQUIREMENT: All keys created by a IKeymintDevice instance must

     *           be cryptographically bound to the value of K, such that establishing a new K

     *           permanently destroys them.

     *     ``K'' is a pre-established shared secret.  The mechanism for establishing this shared

     *           secret is implementation-defined.  Any method of securely establishing K that

     *           ensures that an attacker cannot obtain or derive its value is acceptable.

     *

     *     ``||'' represents concatenation.

     *