Merge "[keystore2] Update comment when fetching rkpd attestation key" into main am: 0ecec06af2 am: 7835719ca7

Original change: https://android-review.googlesource.com/c/platform/system/security/+/2845534 Change-Id: Ib956fa30be209ba3ac056b2434eb9a6108603a2a Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-24 16:49:59 +00:00 · 2023-11-24 16:49:59 +00:00 · 69059bb959
commit 69059bb959
parent 3f028b11e2 7835719ca7
1 changed files with 4 additions and 2 deletions
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@ -130,8 +130,10 @@ fn get_rkpd_attestation_key(
    security_level: &SecurityLevel,
    caller_uid: u32,
 ) -> Result<RemotelyProvisionedKey> {
-    // The RPC name lookup logic should be encapsulated within this function
-    // to allow for fallback in case of an error.
+    // Depending on the Android release, RKP may not have been mandatory for the
+    // TEE or StrongBox KM instances. In such cases, lookup failure for the IRPC
+    // HAL service is WAI and should not cause a failure. The error should be caught
+    // by the calling function and allow for natural fallback to the factory key.
    let rpc_name = get_remotely_provisioned_component_name(security_level)
        .context(ks_err!("Trying to get IRPC name."))?;
    let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500);