Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 82c115a87ce2359b13bb8bbc83e7bb651799943e^1..82c115a87ce2359b13bb8bbc83e7bb651799943e / .
commit82c115a87ce2359b13bb8bbc83e7bb651799943e[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Tue May 10 05:55:31 2022 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Tue May 10 05:55:31 2022 +0000
tree349b0cb6f5ba7b9c71e1e1be3db4d02c07b2cba7
parent4710ce822a3afa1f583ce820b9c27015d90bc27b [diff]
parent8d9d690f15e457729a3bdd0bc23495a393915be1 [diff]
Merge "Updated the description on Root of Trust Binding." am: 0ba8531279 am: f6c6fc7830 am: da91112339 am: dcbd1ef870 am: 8d9d690f15

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2080599

Change-Id: I079a00ff7ec2bb40224c4cfd074f7f10f9b89f45
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index da02d54..43dc84c 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl

@@ -196,12 +196,12 @@
  * derive a key that is used to encrypt the private/secret key material.
  *
  * The root of trust consists of a bitstring that must be derived from the public key used by
- * Verified Boot to verify the signature on the boot image and from the lock state of the
- * device.  If the public key is changed to allow a different system image to be used or if the
- * lock state is changed, then all of the IKeyMintDevice-protected keys created by the previous
- * system state must be unusable, unless the previous state is restored.  The goal is to increase
- * the value of the software-enforced key access controls by making it impossible for an attacker-
- * installed operating system to use IKeyMintDevice keys.
+ * Verified Boot to verify the signature on the boot image, from the lock state and from the
+ * Verified Boot state of the device.  If the public key is changed to allow a different system
+ * image to be used or if the lock state is changed, then all of the IKeyMintDevice-protected keys
+ * created by the previous system state must be unusable, unless the previous state is restored.
+ * The goal is to increase the value of the software-enforced key access controls by making it
+ * impossible for an attacker-installed operating system to use IKeyMintDevice keys.
  *
  * == Version Binding ==
  *