Note the relationship of patchlevels with keymint

Some of the DeviceInfo must match existing tags in KeyMint, but this was not documented. Test: n/a Change-Id: I7733e2a4b0c08b0b89ece41390c0ce0711459d82
2026-02-01 11:36:00 +00:00 · 2023-03-17 15:33:30 -07:00
parent d0c02789ad
commit 192c575ffb
1 changed files with 9 additions and 9 deletions
--- a/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl
+++ b/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl
@@ -48,9 +48,9 @@ parcelable DeviceInfo {
     *         ? "os_version" : tstr,                         ; Same as
     *                                                        ; android.os.Build.VERSION.release
     *                                                        ; Not optional for TEE.
-     *         "system_patch_level" : uint,                   ; YYYYMM
-     *         "boot_patch_level" : uint,                     ; YYYYMMDD
-     *         "vendor_patch_level" : uint,                   ; YYYYMMDD
+     *         "system_patch_level" : uint,     ; YYYYMM, must match KeyMint OS_PATCHLEVEL
+     *         "boot_patch_level" : uint,       ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
+     *         "vendor_patch_level" : uint,     ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
     *         "security_level" : "tee" / "strongbox",
     *         "fused": 1 / 0,  ; 1 if secure boot is enforced for the processor that the IRPC
     *                          ; implementation is contained in. 0 otherwise.
@@ -71,9 +71,9 @@ parcelable DeviceInfo {
     *         ? "os_version" : tstr,                         ; Same as
     *                                                        ; android.os.Build.VERSION.release
     *                                                        ; Not optional for TEE.
-     *         "system_patch_level" : uint,                   ; YYYYMM
-     *         "boot_patch_level" : uint,                     ; YYYYMMDD
-     *         "vendor_patch_level" : uint,                   ; YYYYMMDD
+     *         "system_patch_level" : uint,     ; YYYYMM, must match KeyMint OS_PATCHLEVEL
+     *         "boot_patch_level" : uint,       ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
+     *         "vendor_patch_level" : uint,     ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
     *         "version" : 2,                                 ; The CDDL schema version.
     *         "security_level" : "tee" / "strongbox",
     *         "fused": 1 / 0,  ; 1 if secure boot is enforced for the processor that the IRPC
@@ -93,9 +93,9 @@ parcelable DeviceInfo {
     *         ? "vbmeta_digest": bstr,                       ; Taken from the AVB values
     *         ? "os_version" : tstr,                         ; Same as
     *                                                        ; android.os.Build.VERSION.release
-     *         ? "system_patch_level" : uint,                 ; YYYYMM
-     *         ? "boot_patch_level" : uint,                   ; YYYYMMDD
-     *         ? "vendor_patch_level" : uint,                 ; YYYYMMDD
+     *         ? "system_patch_level" : uint,     ; YYYYMM, must match KeyMint OS_PATCHLEVEL
+     *         ? "boot_patch_level" : uint,       ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
+     *         ? "vendor_patch_level" : uint,     ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
     *         "version" : 1,                                 ; The CDDL schema version.
     *         "security_level" : "tee" / "strongbox"
     *         "att_id_state": "locked" / "open",  ; Attestation IDs State. If "locked", this