Update ProtectedData DKCertChain to use X.509
This matches against what we're shipping in tm-dev.
Bug: 227350250
Test: N/A -- doc changes only
Change-Id: I3771c0fd45999e4204ba3964ed421641f02d6e7c
diff --git a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
index 6db58f2..8b3875b 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
@@ -100,15 +100,13 @@
* SignerName = tstr
*
* DKCertChain = [
- * 2* Certificate // Root -> ... -> Leaf. "Root" is the vendor self-signed
+ * 2* X509Certificate // Root -> ... -> Leaf. "Root" is the vendor self-signed
* // cert, "Leaf" contains DK_pub. There may also be
* // intermediate certificates between Root and Leaf.
* ]
*
- * // Certificates may be either:
- * // 1. COSE_Sign1, with payload containing PubKeyEd25519 or PubKeyECDSA256
- * // 2. a bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)
- * Certificate = COSE_Sign1 / bstr
+ * // A bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)
+ * X509Certificate = bstr
*
* // The SignedMac, which authenticates the MAC key that is used to authenticate the
* // keysToSign.