Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 53cf63d1fd1d4a4bd238560d93706bdc7c6363af^2..53cf63d1fd1d4a4bd238560d93706bdc7c6363af / .
commit53cf63d1fd1d4a4bd238560d93706bdc7c6363af[log] [tgz]
authorDavid Drysdale <drysdale@google.com>Tue May 10 10:19:56 2022 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Tue May 10 10:19:56 2022 +0000
tree23b8efac006989437e0ae8ac32561f0a59aab493
parent0ba8531279beacebb8328a0eac3965440c5ccb00 [diff]
parenta410b770e98e0bd3764db83cc45f3f76c99529f7 [diff]
Merge "KeyMint VTS: x25519 pubkey as SubjectPublicKeyInfo"
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index da02d54..43dc84c 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl

@@ -196,12 +196,12 @@
  * derive a key that is used to encrypt the private/secret key material.
  *
  * The root of trust consists of a bitstring that must be derived from the public key used by
- * Verified Boot to verify the signature on the boot image and from the lock state of the
- * device.  If the public key is changed to allow a different system image to be used or if the
- * lock state is changed, then all of the IKeyMintDevice-protected keys created by the previous
- * system state must be unusable, unless the previous state is restored.  The goal is to increase
- * the value of the software-enforced key access controls by making it impossible for an attacker-
- * installed operating system to use IKeyMintDevice keys.
+ * Verified Boot to verify the signature on the boot image, from the lock state and from the
+ * Verified Boot state of the device.  If the public key is changed to allow a different system
+ * image to be used or if the lock state is changed, then all of the IKeyMintDevice-protected keys
+ * created by the previous system state must be unusable, unless the previous state is restored.
+ * The goal is to increase the value of the software-enforced key access controls by making it
+ * impossible for an attacker-installed operating system to use IKeyMintDevice keys.
  *
  * == Version Binding ==
  *

diff --git a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
index 6db58f2..8b3875b 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl

@@ -100,15 +100,13 @@
      *     SignerName = tstr
      *
      *     DKCertChain = [
-     *         2* Certificate           // Root -> ... -> Leaf. "Root" is the vendor self-signed
+     *         2* X509Certificate       // Root -> ... -> Leaf. "Root" is the vendor self-signed
      *                                  // cert, "Leaf" contains DK_pub. There may also be
      *                                  // intermediate certificates between Root and Leaf.
      *     ]
      *
-     *     // Certificates may be either:
-     *     // 1. COSE_Sign1, with payload containing PubKeyEd25519 or PubKeyECDSA256
-     *     // 2. a bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)
-     *     Certificate = COSE_Sign1 / bstr
+     *     // A bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)
+     *     X509Certificate = bstr
      *
      *     // The SignedMac, which authenticates the MAC key that is used to authenticate the
      *     // keysToSign.