Merge "[keystore2] Update comment when fetching rkpd attestation key" into main am: 0ecec06af2
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2845534
Change-Id: Ic9875170ce43bd7cce719d53daeb77e978f22e6b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index c6c4dc2..0ef8c95 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@@ -130,8 +130,10 @@
security_level: &SecurityLevel,
caller_uid: u32,
) -> Result<RemotelyProvisionedKey> {
- // The RPC name lookup logic should be encapsulated within this function
- // to allow for fallback in case of an error.
+ // Depending on the Android release, RKP may not have been mandatory for the
+ // TEE or StrongBox KM instances. In such cases, lookup failure for the IRPC
+ // HAL service is WAI and should not cause a failure. The error should be caught
+ // by the calling function and allow for natural fallback to the factory key.
let rpc_name = get_remotely_provisioned_component_name(security_level)
.context(ks_err!("Trying to get IRPC name."))?;
let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500);