Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dfbe1009 authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Update the UdsCertChain comment to reflect the latest recommendation."... 

Merge "Update the UdsCertChain comment to reflect the latest recommendation." into main am: 9471625f

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/3207215



Change-Id: I35335952f59f2c90204c0b38628d94df27913e70
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents faee05ba 9471625f

security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl

+7 −3
Original line number Diff line number Diff line
@@ -62,9 +62,13 @@ UdsCerts = { 
SignerName = tstr



UdsCertChain = [

    2* X509Certificate      ; Root -> ... -> Leaf. "Root" is the vendor self-signed

                            ; cert, "Leaf" contains UDS_Public. There may also be

                            ; intermediate certificates between Root and Leaf.

    + X509Certificate       ; Root -> ... -> Leaf. "Root" is the vendor self-signed

                            ; cert, "Leaf" contains UDS_Public. It's recommended to

                            ; have at least 3 certificates in the chain.

                            ; The Root certificate is recommended to be generated in an air-gapped,

                            ; HSM-based secure environment. The intermediate signing keys may be

                            ; online, and should be rotated regularly (e.g. annually). Additionally,

                            ; the intermediate certificates may contain product family identifiers.

]



; A bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or EdDSA)