| commit | 9caca7e7f071cf86233bd565c3932eb1f50eb8b2 | [log] [tgz] |
|---|---|---|
| author | Catherine Vlasov <cvlasov@google.com> | Mon Nov 18 09:43:17 2024 +0000 |
| committer | Catherine Vlasov <cvlasov@google.com> | Thu Nov 28 14:44:51 2024 +0000 |
| tree | 2e1f8d761a7f535b49ce5fd8b68ae328670bef34 | |
| parent | fe3b9bc59f753292aee4701c591c7a673c8759e3 [diff] |
Specify the expected contents of "verifiedBootKey". Bug: 220834466 Test: n/a, comment update Change-Id: Idedbc41a6277dc89ed74c61ff26753ceae67606b
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl index eb9d83d..2d2f307 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl +++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -153,6 +153,9 @@ * } * * RootOfTrust ::= SEQUENCE { + * -- verifiedBootKey must contain a SHA-256 digest of the public key embedded in the + * -- "vbmeta" partition if the device's bootloader is locked, or 32 bytes of zeroes if the + * -- device's bootloader is unlocked. * verifiedBootKey OCTET_STRING, * deviceLocked BOOLEAN, * verifiedBootState VerifiedBootState,