From 1f71f2c4128e4970524508945c337535aa2d93fa Mon Sep 17 00:00:00 2001
From: Shawn Willden <swillden@google.com>
Date: Tue, 23 Mar 2021 12:29:04 +0000
Subject: [PATCH] Fix documentation of EARLY_BOOT_ONLY tag in KeyMint

Change-Id: Ib49ee844e43fc10d83e0dd8d3b3b92914059f6f8
Test: VtsAidlKeyMintTargetTest
---
 .../aidl/android/hardware/security/keymint/Tag.aidl        | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index 6243bb9b78..cde1fc0f60 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -249,8 +249,11 @@ enum Tag {
     HARDWARE_TYPE = (1 << 28) /* TagType:ENUM */ | 304,
 
     /**
-     * Keys tagged with EARLY_BOOT_ONLY may only be used, or created, during early boot, until
-     * IKeyMintDevice::earlyBootEnded() is called.
+     * Keys tagged with EARLY_BOOT_ONLY may only be used during early boot, until
+     * IKeyMintDevice::earlyBootEnded() is called.  Early boot keys may be created after
+     * early boot.  Early boot keys may not be imprted at all, if Tag::EARLY_BOOT_ONLY is
+     * provided to IKeyMintDevice::importKey, the import must fail with
+     * ErrorCode::INVALID_ARGUMENT.
      */
     EARLY_BOOT_ONLY = (7 << 28) /* TagType:BOOL */ | 305,