Merge "Restore deleteAllKeys expectation for TEE KeyMint" into main am: 60aae9e91d
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/3517833
Change-Id: I97e68cd0cec07e558d5043fffc2d62f5805125d4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index 1908d05..0ae4b96 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -550,8 +550,14 @@
void deleteKey(in byte[] keyBlob);
/**
- * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After
- * this function is called all keys created previously must be rendered permanently unusable.
+ * Deletes all keys in the hardware keystore. Used when keystore is reset completely.
+ *
+ * For StrongBox KeyMint: After this function is called all keys created previously must be
+ * rendered permanently unusable.
+ *
+ * For TEE KeyMint: After this function is called all keys with Tag::ROLLBACK_RESISTANCE in
+ * their hardware-enforced authorization lists must be rendered permanently unusable. Keys
+ * without Tag::ROLLBACK_RESISTANCE may or may not be rendered unusable.
*/
void deleteAllKeys();