Specify the expected contents of "verifiedBootKey". am: 9caca7e7f0 am: 41839cdb8e Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/3359914 Change-Id: Iaff81f64b059835a6eba898103e3dbe9f89d2786 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: 85b1b84782b9c71ce358761fef407c888617c79e [log] [tgz]
author: Catherine Vlasov <cvlasov@google.com> Thu Nov 28 18:09:06 2024 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Nov 28 18:09:06 2024 +0000
tree: 787dfd1469f72e12832ccde5f218e8589d45b95e
parent: 9d0972d41210458ee8ec7f2d9a52b5536e56baf6 [diff]
parent: 41839cdb8ee74d5fe69794d615b6f940c3f2c5c3 [diff]
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index eb9d83d..2d2f307 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl

@@ -153,6 +153,9 @@
      * }
      *
      * RootOfTrust ::= SEQUENCE {
+     *     -- verifiedBootKey must contain a SHA-256 digest of the public key embedded in the
+     *     -- "vbmeta" partition if the device's bootloader is locked, or 32 bytes of zeroes if the
+     *     -- device's bootloader is unlocked.
      *     verifiedBootKey            OCTET_STRING,
      *     deviceLocked               BOOLEAN,
      *     verifiedBootState          VerifiedBootState,
commit	85b1b84782b9c71ce358761fef407c888617c79e	[log] [tgz]
author	Catherine Vlasov <cvlasov@google.com>	Thu Nov 28 18:09:06 2024 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Thu Nov 28 18:09:06 2024 +0000
tree	787dfd1469f72e12832ccde5f218e8589d45b95e
parent	9d0972d41210458ee8ec7f2d9a52b5536e56baf6 [diff]
parent	41839cdb8ee74d5fe69794d615b6f940c3f2c5c3 [diff]