KeyMint: more warnings around non-secure test impl

Make it clearer that the default implementation is non-secure in
various ways, most notably because the TA code is running in-process
in the HAL service.

Bug: 314513765
Test: VtsAidlKeyMintTargetTest
Change-Id: I83509110c32a4df8df6c0b288d14659e022442ff
diff --git a/security/keymint/aidl/default/Android.bp b/security/keymint/aidl/default/Android.bp
index 0cf53cf..fbb6140 100644
--- a/security/keymint/aidl/default/Android.bp
+++ b/security/keymint/aidl/default/Android.bp
@@ -7,6 +7,13 @@
     default_applicable_licenses: ["hardware_interfaces_license"],
 }
 
+// The following target has an insecure implementation of KeyMint where the
+// trusted application (TA) code runs in-process alongside the HAL service
+// code.
+//
+// A real device is required to run the TA code in a secure environment, as
+// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
+// isolated execution environment."
 cc_binary {
     name: "android.hardware.security.keymint-service",
     relative_install_path: "hw",
@@ -46,6 +53,13 @@
     ],
 }
 
+// The following target has an insecure implementation of KeyMint where the
+// trusted application (TA) code runs in-process alongside the HAL service
+// code.
+//
+// A real device is required to run the TA code in a secure environment, as
+// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
+// isolated execution environment."
 rust_binary {
     name: "android.hardware.security.keymint-service.nonsecure",
     relative_install_path: "hw",