From 0f5953556c78681b27e387970683316739ee791e Mon Sep 17 00:00:00 2001 From: Subrahmanyaman Date: Fri, 29 Apr 2022 02:20:40 +0000 Subject: [PATCH] Updated the description on Root of Trust Binding. The root of trust consists of a bitstring that must be derived from the public key used by Verified Boot, from the lock state and from the Verified Boot state of the device. Test: VtsAidlKeyMintTarget Change-Id: Ib20bf17066f087c6fc050a498cc7ed4a4cb08ae6 --- .../hardware/security/keymint/IKeyMintDevice.aidl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl index da02d54662..43dc84cd56 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl +++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl @@ -196,12 +196,12 @@ import android.hardware.security.secureclock.TimeStampToken; * derive a key that is used to encrypt the private/secret key material. * * The root of trust consists of a bitstring that must be derived from the public key used by - * Verified Boot to verify the signature on the boot image and from the lock state of the - * device. If the public key is changed to allow a different system image to be used or if the - * lock state is changed, then all of the IKeyMintDevice-protected keys created by the previous - * system state must be unusable, unless the previous state is restored. The goal is to increase - * the value of the software-enforced key access controls by making it impossible for an attacker- - * installed operating system to use IKeyMintDevice keys. + * Verified Boot to verify the signature on the boot image, from the lock state and from the + * Verified Boot state of the device. If the public key is changed to allow a different system + * image to be used or if the lock state is changed, then all of the IKeyMintDevice-protected keys + * created by the previous system state must be unusable, unless the previous state is restored. + * The goal is to increase the value of the software-enforced key access controls by making it + * impossible for an attacker-installed operating system to use IKeyMintDevice keys. * * == Version Binding == *