Clean up description of IRemotelyProvisionedComponent uniqueId
The identifier is to be used in telemetry to identify problematic
implementations. Thus, it needs to be globally consistent, at least
within a given device type.
Test: None -- doc only changes
Bug: 231495834
Change-Id: Ia55db336fa099d8e1196f6bfe2bafb6fa5ead329
diff --git a/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl
index 3a4c233..0cb33ce 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl
@@ -59,13 +59,17 @@
* client should NOT interpret the content of the identifier in any way. The client can only
* compare identifiers to determine if two IRemotelyProvisionedComponents share the same
* implementation. Each IRemotelyProvisionedComponent implementation must have a distinct
- * identifier from all other implementations on the same device.
+ * identifier from all other implementations, and it must be consistent across all devices.
+ * It's critical that this identifier not be usable to uniquely identify a specific device.
*
* This identifier must be consistent across reboots, as it is used to store and track
* provisioned keys in a persistent, on-device database.
*
* uniqueId may not be empty, and must not be any longer than 32 characters.
*
+ * A recommended construction for this value is "[Vendor] [Component Name] [Major Version]",
+ * e.g. "Google Trusty KeyMint 1".
+ *
* This field was added in API version 2.
*
*/