From 2c6790fe5373c00c9ae981c8ee8e0b92bded6849 Mon Sep 17 00:00:00 2001
From: Seth Moore <sethmo@google.com>
Date: Mon, 25 Apr 2022 17:03:09 -0700
Subject: [PATCH] Update ProtectedData DKCertChain to use X.509

This matches against what we're shipping in tm-dev.

Bug: 227350250
Test: N/A -- doc changes only
Change-Id: I3771c0fd45999e4204ba3964ed421641f02d6e7c
---
 .../android/hardware/security/keymint/ProtectedData.aidl  | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
index 6db58f21b6..8b3875b551 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
@@ -100,15 +100,13 @@ parcelable ProtectedData {
      *     SignerName = tstr
      *
      *     DKCertChain = [
-     *         2* Certificate           // Root -> ... -> Leaf. "Root" is the vendor self-signed
+     *         2* X509Certificate       // Root -> ... -> Leaf. "Root" is the vendor self-signed
      *                                  // cert, "Leaf" contains DK_pub. There may also be
      *                                  // intermediate certificates between Root and Leaf.
      *     ]
      *
-     *     // Certificates may be either:
-     *     // 1. COSE_Sign1, with payload containing PubKeyEd25519 or PubKeyECDSA256
-     *     // 2. a bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)
-     *     Certificate = COSE_Sign1 / bstr
+     *     // A bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)
+     *     X509Certificate = bstr
      *
      *     // The SignedMac, which authenticates the MAC key that is used to authenticate the
      *     // keysToSign.