commit 192c575ffb193e1bcc7debf59b0a72a9dcc73ee0
author Seth Moore <sethmo@google.com> Fri Mar 17 15:33:30 2023 -0700
committer Seth Moore <sethmo@google.com> Fri Mar 17 15:36:11 2023 -0700
tree e76f9416ec818fa51bb23db0a1b9e65a9a5455e7
parent d0c02789ad67b0553c8d2888d2362bd4c6d08e37

Note the relationship of patchlevels with keymint

Some of the DeviceInfo must match existing tags in KeyMint, but this
was not documented.

Test: n/a
Change-Id: I7733e2a4b0c08b0b89ece41390c0ce0711459d82

security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl

diff --git a/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl b/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl
index bd27882..8456148 100644
--- a/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl
+++ b/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl
@@ -48,9 +48,9 @@
      *         ? "os_version" : tstr,                         ; Same as
      *                                                        ; android.os.Build.VERSION.release
      *                                                        ; Not optional for TEE.
-     *         "system_patch_level" : uint,                   ; YYYYMM
-     *         "boot_patch_level" : uint,                     ; YYYYMMDD
-     *         "vendor_patch_level" : uint,                   ; YYYYMMDD
+     *         "system_patch_level" : uint,     ; YYYYMM, must match KeyMint OS_PATCHLEVEL
+     *         "boot_patch_level" : uint,       ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
+     *         "vendor_patch_level" : uint,     ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
      *         "security_level" : "tee" / "strongbox",
      *         "fused": 1 / 0,  ; 1 if secure boot is enforced for the processor that the IRPC
      *                          ; implementation is contained in. 0 otherwise.
@@ -71,9 +71,9 @@
      *         ? "os_version" : tstr,                         ; Same as
      *                                                        ; android.os.Build.VERSION.release
      *                                                        ; Not optional for TEE.
-     *         "system_patch_level" : uint,                   ; YYYYMM
-     *         "boot_patch_level" : uint,                     ; YYYYMMDD
-     *         "vendor_patch_level" : uint,                   ; YYYYMMDD
+     *         "system_patch_level" : uint,     ; YYYYMM, must match KeyMint OS_PATCHLEVEL
+     *         "boot_patch_level" : uint,       ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
+     *         "vendor_patch_level" : uint,     ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
      *         "version" : 2,                                 ; The CDDL schema version.
      *         "security_level" : "tee" / "strongbox",
      *         "fused": 1 / 0,  ; 1 if secure boot is enforced for the processor that the IRPC
@@ -93,9 +93,9 @@
      *         ? "vbmeta_digest": bstr,                       ; Taken from the AVB values
      *         ? "os_version" : tstr,                         ; Same as
      *                                                        ; android.os.Build.VERSION.release
-     *         ? "system_patch_level" : uint,                 ; YYYYMM
-     *         ? "boot_patch_level" : uint,                   ; YYYYMMDD
-     *         ? "vendor_patch_level" : uint,                 ; YYYYMMDD
+     *         ? "system_patch_level" : uint,     ; YYYYMM, must match KeyMint OS_PATCHLEVEL
+     *         ? "boot_patch_level" : uint,       ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
+     *         ? "vendor_patch_level" : uint,     ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
      *         "version" : 1,                                 ; The CDDL schema version.
      *         "security_level" : "tee" / "strongbox"
      *         "att_id_state": "locked" / "open",  ; Attestation IDs State. If "locked", this