2.5 KiB
2.5 KiB
Remote Provisioning Changelog
This document provides an exact description of which changes have occurred in the
IRemotelyProvisionedComponent
HAL interface in each Android release.
Releases
- Android S (12): IRemotelyProvisionedComponent v1
- Android T (13): IRemotelyProvisionedComponent v2
- Android U (14): IRemotelyProvisionedComponent v3
IRemotelyProvisionedComponent 1 -> 2
- DeviceInfo
- Most entries are no longer optional.
att_id_state
is nowfused
.fused
is used to indicate if SecureBoot is enabled.version
is now2
.board
has been removed.device
has been added.
- RpcHardwareInfo
uniqueId
String added as a field in order to differentiate IRPC instances on device.
IRemotelyProvisionedComponent 2 -> 3
- The RKP HAL now builds separately from KeyMint.
- The HAL remains under the
android.hardware.security.keymint
package for compatibility with previous releases. ABI compatibility requires this. - Dependencies on the RKP HAL must add a dependency on
"android.hardware.security.rkp"
generated code (instead of"android.hardward.security.keymint"
).
- The HAL remains under the
- ProtectedData has been removed.
- DeviceInfo
version
has moved to a top-level field within the CSR generated by the HAL.
- IRemotelyProvisionedComponent
- The need for an EEK has been removed. There is no longer an encrypted portion of the CSR.
- Keys for new CSR format must be generated with test mode set to false, effectively removing test mode in the new CSR flow.
- The schema for the CSR itself has been significantly simplified, please see
IRemotelyProvisionedComponent.aidl for more details. Notably,
- the chain of signing, MACing, and encryption operations has been replaced with a single COSE_Sign1 object.
- CertificateType has been added to identify the type of certificate being requested.
- The structure has been composed to enable a clear split between what is required to validate a
payload and the implementation-defined payload itself. This is done by creating a typed
AuthenticatedRequest<T>
object representing the top level data required to authenticate the data provided in the payload,T
.
- The new CSR format supports P-384 signing keys and SHA-384 hashes in the DICE chain.
- The component version can now be either an int or a string.
- RpcHardwareInfo
supportedNumKeysInCsr
added to report the maximum number of keys supported in a CSR.supportedEekCurve
is no longer used, due to the removal of the EEK from the scheme.