Merge "Add old DeviceInfo version documentation" am: d0c02789ad (ec275b18) · Commits · e / os / android_hardware_interfaces

security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl

+61 −6

Original line number	Original line	Diff line number	Diff line
	@@ -17,11 +17,11 @@
	package android.hardware.security.keymint;		package android.hardware.security.keymint;

	/**		/**
	* DeviceInfo contains information about the device that's fed in as AAD in the signature of the		* DeviceInfo contains information about the device that's signed by the
	* device private key over the MAC key used for the bundle of public keys. These values are intended		* IRemotelyProvisionedComponent HAL. These values are intended to be checked by the server to
	* to be checked by the server to verify that the certificate signing request crafted by		* verify that the certificate signing request crafted by an IRemotelyProvisionedComponent HAL
	* an IRemotelyProvisionedComponent HAL instance is coming from the expected device based		* instance is coming from the expected device based on values initially uploaded during device
	* on values initially uploaded during device manufacture in the factory.		* manufacture in the factory.
	* @hide		* @hide
	*/		*/
	@VintfStability		@VintfStability
	@@ -31,6 +31,34 @@ parcelable DeviceInfo {
	* canonicalized according to the specification in RFC 7049. The ordering presented here is		* canonicalized according to the specification in RFC 7049. The ordering presented here is
	* non-canonical to group similar entries semantically.		* non-canonical to group similar entries semantically.
	*		*
			* The DeviceInfo has changed across versions 1, 2, and 3 of the HAL. All versions of the
			* DeviceInfo CDDL are described as follows. Please refer to the CDDL structure version
			* that corresponds to the HAL version you are working with:
			*
			* Version 3, introduced in Android 14:
			* DeviceInfo = {
			* "brand" : tstr,
			* "manufacturer" : tstr,
			* "product" : tstr,
			* "model" : tstr,
			* "device" : tstr,
			* "vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values
			* "bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values
			* "vbmeta_digest": bstr, ; Taken from the AVB values
			* ? "os_version" : tstr, ; Same as
			* ; android.os.Build.VERSION.release
			* ; Not optional for TEE.
			* "system_patch_level" : uint, ; YYYYMM
			* "boot_patch_level" : uint, ; YYYYMMDD
			* "vendor_patch_level" : uint, ; YYYYMMDD
			* "security_level" : "tee" / "strongbox",
			* "fused": 1 / 0, ; 1 if secure boot is enforced for the processor that the IRPC
			* ; implementation is contained in. 0 otherwise.
			* }
			*
			* ---------------------------------------------------------------------------------------------
			*
			* Version 2, introduced in Android 13:
	* DeviceInfo = {		* DeviceInfo = {
	* "brand" : tstr,		* "brand" : tstr,
	* "manufacturer" : tstr,		* "manufacturer" : tstr,
	@@ -43,12 +71,39 @@ parcelable DeviceInfo {
	* ? "os_version" : tstr, ; Same as		* ? "os_version" : tstr, ; Same as
	* ; android.os.Build.VERSION.release		* ; android.os.Build.VERSION.release
	* ; Not optional for TEE.		* ; Not optional for TEE.
	* "system_patch_level" : uint, ; YYYYMMDD		* "system_patch_level" : uint, ; YYYYMM
	* "boot_patch_level" : uint, ; YYYYMMDD		* "boot_patch_level" : uint, ; YYYYMMDD
	* "vendor_patch_level" : uint, ; YYYYMMDD		* "vendor_patch_level" : uint, ; YYYYMMDD
			* "version" : 2, ; The CDDL schema version.
	* "security_level" : "tee" / "strongbox",		* "security_level" : "tee" / "strongbox",
	* "fused": 1 / 0, ; 1 if secure boot is enforced for the processor that the IRPC		* "fused": 1 / 0, ; 1 if secure boot is enforced for the processor that the IRPC
	* ; implementation is contained in. 0 otherwise.		* ; implementation is contained in. 0 otherwise.
			*
			* ---------------------------------------------------------------------------------------------
			*
			* Version 1, introduced in Android 12:
			* DeviceInfo = {
			* ? "brand" : tstr,
			* ? "manufacturer" : tstr,
			* ? "product" : tstr,
			* ? "model" : tstr,
			* ? "board" : tstr,
			* ? "vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values
			* ? "bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values
			* ? "vbmeta_digest": bstr, ; Taken from the AVB values
			* ? "os_version" : tstr, ; Same as
			* ; android.os.Build.VERSION.release
			* ? "system_patch_level" : uint, ; YYYYMM
			* ? "boot_patch_level" : uint, ; YYYYMMDD
			* ? "vendor_patch_level" : uint, ; YYYYMMDD
			* "version" : 1, ; The CDDL schema version.
			* "security_level" : "tee" / "strongbox"
			* "att_id_state": "locked" / "open", ; Attestation IDs State. If "locked", this
			* ; indicates a device's attestable IDs are
			* ; factory-locked and immutable. If "open",
			* ; this indicates the device is still in a
			* ; provisionable state and the attestable IDs
			* ; are not yet frozen.
	* }		* }
	*/		*/
	byte[] deviceInfo;		byte[] deviceInfo;