commit 501b63b0d05e2f54977e76f424e95675bf2d80d9
author Catherine Vlasov <cvlasov@google.com> Mon Nov 18 09:33:30 2024 +0000
committer Catherine Vlasov <cvlasov@google.com> Mon Nov 18 09:33:30 2024 +0000
tree 273a7c67649b2c07e37a940efb99c8697e177a32
parent b9c1291dfb250b7620cf02185182b14d0c470315

Specify the use of SHA-256 for the "verifiedBootHash".

Bug: 309963984
Bug: 376832222
Test: n/a, comment update
Change-Id: Iab9e0f2d28ae4ab56d104cab6031783f605fee21

security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl

diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index 294c205..da8b513 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -145,9 +145,9 @@
      *     verifiedBootKey            OCTET_STRING,
      *     deviceLocked               BOOLEAN,
      *     verifiedBootState          VerifiedBootState,
-     *     # verifiedBootHash must contain 32-byte value that represents the state of all binaries
-     *     # or other components validated by verified boot.  Updating any verified binary or
-     *     # component must cause this value to change.
+     *     # verifiedBootHash must contain a SHA-256 digest of all binaries and components validated
+     *     # by Verified Boot. Updating any verified binary or component must cause this value to
+     *     # change.
      *     verifiedBootHash           OCTET_STRING,
      * }
      *