tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_hardware_interfaces/security/rkp/CHANGELOG.md
Tri Vo 9cab73c8bd Add an implementation defined limit on number of keys in CSR 
Rationale here is that many IRPC implementations are memory constrained.
We add a way for implementations to report the maximum number of
supported keys. This way we can guarantee consistent behavior across
different devices.

For implementation of IRPC version 3 and later we define the lowest
number of keys supported to be 20. This specific value was chosen
because the current implementation of RemoteProvisioner already combines
keys into batches of exactly 20.

Bug: 254137722
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ib6fb6d6ec7c74004524a5505a37aa82c9e44ef91
2022-11-15 14:19:55 -08:00

1.9 KiB
Raw Blame History

Remote Provisioning Changelog

This document provides an exact description of which changes have occurred in the IRemotelyProvisionedComponent HAL interface in each Android release.

Releases

  • Android S (12): IRemotelyProvisionedComponent v1
  • Android T (13): IRemotelyProvisionedComponent v2
  • Android U (14): IRemotelyProvisionedComponent v3

IRemotelyProvisionedComponent 1 -> 2

  • DeviceInfo
    • Most entries are no longer optional.
    • att_id_state is now fused. fused is used to indicate if SecureBoot is enabled.
    • version is now 2.
    • board has been removed.
    • device has been added.
  • RpcHardwareInfo
    • uniqueId String added as a field in order to differentiate IRPC instances on device.

IRemotelyProvisionedComponent 2 -> 3

  • The RKP HAL now builds separately from KeyMint.
    • The HAL remains under the android.hardware.security.keymint package for compatibility with previous releases. ABI compatibility requires this.
    • Dependencies on the RKP HAL must add a dependency on "android.hardware.security.rkp" generated code (instead of "android.hardward.security.keymint").
  • ProtectedData has been removed.
  • DeviceInfo
    • version has moved to a top-level field within the CSR generated by the HAL
  • IRemotelyProvisionedComponent
    • The need for an EEK has been removed. There is no longer an encrypted portion of the CSR.
    • Test mode has been removed.
    • The schema for the CSR itself has been significantly simplified, please see IRemotelyProvisionedComponent.aidl for more details. Notably,
      • the chain of signing, MACing, and encryption operations has been replaced with a single COSE_Sign1 object.
      • CertificateType has been added to identify the type of certificate being requested.
  • RpcHardwareInfo
    • supportedNumKeysInCsr added to report the maximum number of keys supported in a CSR.