tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update ProtectedData DKCertChain to use X.509

Browse source 
This matches against what we're shipping in tm-dev.

Bug: 227350250
Test: N/A -- doc changes only
Change-Id: I3771c0fd45999e4204ba3964ed421641f02d6e7c
This commit is contained in:
Seth Moore 2022-04-25 17:03:09 -07:00
parent 50ead27609
commit 2c6790fe53
1 changed files with 3 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
View file

@ -100,15 +100,13 @@ parcelable ProtectedData {
* SignerName = tstr
*
* DKCertChain = [
* 2* Certificate // Root -> ... -> Leaf. "Root" is the vendor self-signed
* 2* X509Certificate // Root -> ... -> Leaf. "Root" is the vendor self-signed
* // cert, "Leaf" contains DK_pub. There may also be
* // intermediate certificates between Root and Leaf.
* ]
*
* // Certificates may be either:
* // 1. COSE_Sign1, with payload containing PubKeyEd25519 or PubKeyECDSA256
* // 2. a bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)
* Certificate = COSE_Sign1 / bstr
* // A bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)
* X509Certificate = bstr
*
* // The SignedMac, which authenticates the MAC key that is used to authenticate the
* // keysToSign.