Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 2c2972a157ea6ec47e72545bfb6b1c2425302bfc^1..2c2972a157ea6ec47e72545bfb6b1c2425302bfc / .
commit2c2972a157ea6ec47e72545bfb6b1c2425302bfc[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Mon May 09 17:49:31 2022 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Mon May 09 17:49:31 2022 +0000
tree9eba6c191f6089760c91a7fac081ccfc4a85dbe6
parent7d6e997d59677c7d6afb955cbdecf76acc56b181 [diff]
parente003ed061bda54040f10239ae8c5b6071698d261 [diff]
Merge "Update ProtectedData DKCertChain to use X.509" am: e003ed061b

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2089226

Change-Id: I2402a4c6fe80770c6159ebf171cb195a5bb80812
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
index 6db58f2..8b3875b 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl

@@ -100,15 +100,13 @@
      *     SignerName = tstr
      *
      *     DKCertChain = [
-     *         2* Certificate           // Root -> ... -> Leaf. "Root" is the vendor self-signed
+     *         2* X509Certificate       // Root -> ... -> Leaf. "Root" is the vendor self-signed
      *                                  // cert, "Leaf" contains DK_pub. There may also be
      *                                  // intermediate certificates between Root and Leaf.
      *     ]
      *
-     *     // Certificates may be either:
-     *     // 1. COSE_Sign1, with payload containing PubKeyEd25519 or PubKeyECDSA256
-     *     // 2. a bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)
-     *     Certificate = COSE_Sign1 / bstr
+     *     // A bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)
+     *     X509Certificate = bstr
      *
      *     // The SignedMac, which authenticates the MAC key that is used to authenticate the
      *     // keysToSign.