diff --git a/compatibility_matrices/compatibility_matrix.7.xml b/compatibility_matrices/compatibility_matrix.7.xml
index 56949455bd..67dd7170a2 100644
--- a/compatibility_matrices/compatibility_matrix.7.xml
+++ b/compatibility_matrices/compatibility_matrix.7.xml
@@ -399,14 +399,6 @@
strongbox
-
- android.hardware.security.dice
- 1
-
- IDiceDevice
- default
-
- android.hardware.security.keymint1-2
diff --git a/compatibility_matrices/compatibility_matrix.8.xml b/compatibility_matrices/compatibility_matrix.8.xml
index c7b05e8028..f5a1b2031b 100644
--- a/compatibility_matrices/compatibility_matrix.8.xml
+++ b/compatibility_matrices/compatibility_matrix.8.xml
@@ -402,14 +402,6 @@
default
-
- android.hardware.security.dice
- 1
-
- IDiceDevice
- default
-
- android.hardware.security.keymint1-3
diff --git a/security/dice/aidl/Android.bp b/security/dice/aidl/Android.bp
deleted file mode 100644
index 5625d70269..0000000000
--- a/security/dice/aidl/Android.bp
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright 2021, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package {
- // See: http://go/android-license-faq
- // A large-scale-change added 'default_applicable_licenses' to import
- // all of the 'license_kinds' from "hardware_interfaces_license"
- // to get the below license kinds:
- // SPDX-license-identifier-Apache-2.0
- default_applicable_licenses: ["hardware_interfaces_license"],
-}
-
-aidl_interface {
- name: "android.hardware.security.dice",
- vendor_available: true,
- srcs: [
- "android/hardware/security/dice/*.aidl",
- ],
- stability: "vintf",
- backend: {
- java: {
- enabled: false,
- platform_apis: false,
- },
- ndk: {
- apps_enabled: false,
- apex_available: [
- "//apex_available:platform",
- "com.android.compos",
- ],
- },
- rust: {
- enabled: true,
- apex_available: [
- "//apex_available:platform",
- "com.android.compos",
- ],
- },
- },
- versions_with_info: [
- {
- version: "1",
- imports: [],
- },
- ],
-
- // versions: ["1"],
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/.hash b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/.hash
deleted file mode 100644
index 3f08fd85f5..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/.hash
+++ /dev/null
@@ -1 +0,0 @@
-02994f275fd7b1b40610c10eaeb0573f4312e358
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Bcc.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Bcc.aidl
deleted file mode 100644
index 5af73583aa..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Bcc.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable Bcc {
- byte[] data;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/BccHandover.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/BccHandover.aidl
deleted file mode 100644
index 8baca94ce8..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/BccHandover.aidl
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable BccHandover {
- byte[32] cdiAttest;
- byte[32] cdiSeal;
- android.hardware.security.dice.Bcc bcc;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Config.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Config.aidl
deleted file mode 100644
index 78dd2f886c..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Config.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable Config {
- byte[] desc;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/IDiceDevice.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/IDiceDevice.aidl
deleted file mode 100644
index 383f4d1f26..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/IDiceDevice.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@SensitiveData @VintfStability
-interface IDiceDevice {
- android.hardware.security.dice.Signature sign(in android.hardware.security.dice.InputValues[] id, in byte[] payload);
- android.hardware.security.dice.Bcc getAttestationChain(in android.hardware.security.dice.InputValues[] inputValues);
- android.hardware.security.dice.BccHandover derive(in android.hardware.security.dice.InputValues[] inputValues);
- void demote(in android.hardware.security.dice.InputValues[] inputValues);
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/InputValues.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/InputValues.aidl
deleted file mode 100644
index e43c4292e4..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/InputValues.aidl
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable InputValues {
- byte[64] codeHash;
- android.hardware.security.dice.Config config;
- byte[64] authorityHash;
- @nullable byte[] authorityDescriptor;
- android.hardware.security.dice.Mode mode = android.hardware.security.dice.Mode.NOT_INITIALIZED;
- byte[64] hidden;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Mode.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Mode.aidl
deleted file mode 100644
index 295c32ec0c..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Mode.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@Backing(type="int") @VintfStability
-enum Mode {
- NOT_INITIALIZED = 0,
- NORMAL = 1,
- DEBUG = 2,
- RECOVERY = 3,
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/ResponseCode.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/ResponseCode.aidl
deleted file mode 100644
index c13afa6d95..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/ResponseCode.aidl
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-@Backing(type="int") @VintfStability
-enum ResponseCode {
- PERMISSION_DENIED = 1,
- SYSTEM_ERROR = 2,
- NOT_IMPLEMENTED = 3,
- DEMOTION_FAILED = 4,
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Signature.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Signature.aidl
deleted file mode 100644
index 294170d11f..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Signature.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable Signature {
- byte[] data;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Bcc.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Bcc.aidl
deleted file mode 100644
index 5af73583aa..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Bcc.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable Bcc {
- byte[] data;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/BccHandover.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/BccHandover.aidl
deleted file mode 100644
index 8baca94ce8..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/BccHandover.aidl
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable BccHandover {
- byte[32] cdiAttest;
- byte[32] cdiSeal;
- android.hardware.security.dice.Bcc bcc;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Config.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Config.aidl
deleted file mode 100644
index 78dd2f886c..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Config.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable Config {
- byte[] desc;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/IDiceDevice.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/IDiceDevice.aidl
deleted file mode 100644
index 383f4d1f26..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/IDiceDevice.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@SensitiveData @VintfStability
-interface IDiceDevice {
- android.hardware.security.dice.Signature sign(in android.hardware.security.dice.InputValues[] id, in byte[] payload);
- android.hardware.security.dice.Bcc getAttestationChain(in android.hardware.security.dice.InputValues[] inputValues);
- android.hardware.security.dice.BccHandover derive(in android.hardware.security.dice.InputValues[] inputValues);
- void demote(in android.hardware.security.dice.InputValues[] inputValues);
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/InputValues.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/InputValues.aidl
deleted file mode 100644
index e43c4292e4..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/InputValues.aidl
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable InputValues {
- byte[64] codeHash;
- android.hardware.security.dice.Config config;
- byte[64] authorityHash;
- @nullable byte[] authorityDescriptor;
- android.hardware.security.dice.Mode mode = android.hardware.security.dice.Mode.NOT_INITIALIZED;
- byte[64] hidden;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Mode.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Mode.aidl
deleted file mode 100644
index 295c32ec0c..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Mode.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@Backing(type="int") @VintfStability
-enum Mode {
- NOT_INITIALIZED = 0,
- NORMAL = 1,
- DEBUG = 2,
- RECOVERY = 3,
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/ResponseCode.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/ResponseCode.aidl
deleted file mode 100644
index c13afa6d95..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/ResponseCode.aidl
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-@Backing(type="int") @VintfStability
-enum ResponseCode {
- PERMISSION_DENIED = 1,
- SYSTEM_ERROR = 2,
- NOT_IMPLEMENTED = 3,
- DEMOTION_FAILED = 4,
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Signature.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Signature.aidl
deleted file mode 100644
index 294170d11f..0000000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Signature.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m -update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable Signature {
- byte[] data;
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/Bcc.aidl b/security/dice/aidl/android/hardware/security/dice/Bcc.aidl
deleted file mode 100644
index 983915e618..0000000000
--- a/security/dice/aidl/android/hardware/security/dice/Bcc.aidl
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-/**
- * A DICE certificate chain following the Boot Certificate Chain (BCC) specification.
- * @hide
- */
-@VintfStability
-@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
-parcelable Bcc {
- /**
- * The DICE certificate chain CBOR encoded following the BCC specification. The CDDL
- * specification for BCC can be found here [1].
- *
- * @see
- * BCC CDDL specification
- *
- */
- byte[] data;
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/BccHandover.aidl b/security/dice/aidl/android/hardware/security/dice/BccHandover.aidl
deleted file mode 100644
index 6ca862cdf9..0000000000
--- a/security/dice/aidl/android/hardware/security/dice/BccHandover.aidl
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-import android.hardware.security.dice.Bcc;
-
-/**
- * Represents one set of DICE artifacts.
- *
- * @hide
- */
-@VintfStability
-@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
-parcelable BccHandover {
- /**
- * CDI_attest. Must be exactly 32 bytes of data.
- */
- byte[32] cdiAttest;
- /**
- * CDI_seal. Must be exactly 32 bytes of data.
- */
- byte[32] cdiSeal;
- /**
- * CBOR encoded BCC.
- *
- * @see
- * BCC CDDL specification
- *
- */
- Bcc bcc;
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/Config.aidl b/security/dice/aidl/android/hardware/security/dice/Config.aidl
deleted file mode 100644
index 6decfc562d..0000000000
--- a/security/dice/aidl/android/hardware/security/dice/Config.aidl
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-/**
- * DICE config descriptor as described in at
- *
- * input-values
- *
- * @hide
- */
-@VintfStability
-@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
-parcelable Config {
- /**
- * A free form descriptor. This should follow the BCC Configuration Descriptor.
- * @see
- * BccPayload field -4670548
- *
- */
- byte[] desc;
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/IDiceDevice.aidl b/security/dice/aidl/android/hardware/security/dice/IDiceDevice.aidl
deleted file mode 100644
index 709aede7ef..0000000000
--- a/security/dice/aidl/android/hardware/security/dice/IDiceDevice.aidl
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-import android.hardware.security.dice.Bcc;
-import android.hardware.security.dice.BccHandover;
-import android.hardware.security.dice.InputValues;
-import android.hardware.security.dice.Signature;
-
-/**
- * IDiceDevice specifies an interface that allows access to the Android instance's DICE artifacts.
- *
- *
Features
- *
- * The dice device provides access to the component's CDI_SEAL and CDI_ATTEST secrets as well
- * as to its attestation certificate chain. The "component" is the Android instance running this
- * HAL service and the secrets and attestation chain must include all boot stage components,
- * the kernel, and the verified boot information (VBA).
- *
- * Implementations provide the following operations:
- *
sign - Signing a payload with a key derived from CDI_ATTEST.
- *
getAttestationChain - Retrieve the component's attestation certificate chain.
- *
derive - Retrieve the component's DICE artifacts.
- *
- * @see
- * Open-dice Specification
- *
- * @see
- * Boot Certificate Chain (BCC) CDDL specification
- *
- * @hide
- */
-@SensitiveData
-@VintfStability
-interface IDiceDevice {
- /**
- * Uses the a key derived from the component's, or a child's given by inputValues,
- * attestation secret to sign the payload using RFC 8032 Pure Ed25519 and returns the
- * signature. The payload is limited to 1024 bytes.
- *
- * @see RFC 8032
- */
- Signature sign(in InputValues[] id, in byte[] payload);
-
- /**
- * Returns the attestation chain of the component if inputValues is empty or the
- * chain to the given child of the component identified by the inputValues vector.
- *
- * ## Error as service specific exception:
- * ResponseCode::PERMISSION_DENIED if the caller is not sufficiently privileged.
- */
- Bcc getAttestationChain(in InputValues[] inputValues);
-
- /**
- * This function allows a client to become a resident node. A resident node is a node that
- * manages its own dice secrets as opposed to using them by proxy, i.e., by calling sign
- * and getAttestationChain. Called with empty inputValues vectors, an
- * implementation returns the component's DICE secrets. If the inputValues vector
- * is given the appropriate derivations are performed starting from the component's level.
- *
- * ## Error as service specific exception:
- * ResponseCode::PERMISSION_DENIED if the implementation does not allow resident nodes
- * at the client's level.
- */
- BccHandover derive(in InputValues[] inputValues);
-
- /**
- * This demotes the implementation of this interface.
- * When called, the implementation performs appropriate derivation steps using
- * inputValues, traversing the vector in ascending order. Then it replaces its
- * stored DICE artifacts with the newly derived ones.
- *
- * IMPORTANT: When the function returns, all remnants of the previous DICE artifacts must
- * have been purged from memory.
- *
- * This operation is not reversible until the next reboot. Further demotion is always
- * possible.
- *
- * ## Error as service specific exception:
- * ResponseCode::DEMOTION_FAILED if the implementation failed to demote itself
- * or was unable to purge previous DICE artifacts from memory.
- */
- void demote(in InputValues[] inputValues);
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/InputValues.aidl b/security/dice/aidl/android/hardware/security/dice/InputValues.aidl
deleted file mode 100644
index 711d5232c5..0000000000
--- a/security/dice/aidl/android/hardware/security/dice/InputValues.aidl
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-import android.hardware.security.dice.Config;
-import android.hardware.security.dice.Mode;
-
-/**
- * DICE input values for certificate and CDI generation.
- *
- * @see
- * Open-dice input-values
- *
- * @hide
- */
-@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
-@VintfStability
-parcelable InputValues {
- /**
- * The target code hash. Must be exactly 64 bytes.
- */
- byte[64] codeHash;
- /**
- * The configuration data.
- */
- Config config;
- /**
- * The authority hash. Must be exactly 64 bytes. Must be all zero if unused.
- */
- byte[64] authorityHash;
- /**
- * Optional free form authorityDescriptor.
- */
- @nullable byte[] authorityDescriptor;
- /**
- * The mode of operation. Normal, Debug, Maintenance, or not initialized.
- */
- Mode mode = Mode.NOT_INITIALIZED;
- /**
- * Optional hidden values. Must be exactly 64 bytes. Must be all zero if unused.
- */
- byte[64] hidden;
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/Mode.aidl b/security/dice/aidl/android/hardware/security/dice/Mode.aidl
deleted file mode 100644
index 3b3bfdcfd9..0000000000
--- a/security/dice/aidl/android/hardware/security/dice/Mode.aidl
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-/**
- * DICE mode values as defined at
- *
- * @see
- * open-dice mode-value-details
- *
- * @hide
- */
-@Backing(type="int")
-@VintfStability
-enum Mode {
- NOT_INITIALIZED = 0,
- NORMAL = 1,
- DEBUG = 2,
- /**
- * The recovery mode is also referred to as "maintenance" mode.
- */
- RECOVERY = 3,
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/ResponseCode.aidl b/security/dice/aidl/android/hardware/security/dice/ResponseCode.aidl
deleted file mode 100644
index 3e77cf7d2c..0000000000
--- a/security/dice/aidl/android/hardware/security/dice/ResponseCode.aidl
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-@Backing(type="int")
-/**
- * These response codes are used as service specific exception codes by
- * IDiceDevice.
- * @hide
- */
-@VintfStability
-enum ResponseCode {
- /**
- * The caller has insufficient privilege to access the DICE API.
- */
- PERMISSION_DENIED = 1,
- /**
- * An unexpected error occurred, likely with IO or IPC.
- */
- SYSTEM_ERROR = 2,
- /**
- * Returned if the called function is not implemented.
- */
- NOT_IMPLEMENTED = 3,
- /**
- * An attempt to demote the implementation failed.
- */
- DEMOTION_FAILED = 4,
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/Signature.aidl b/security/dice/aidl/android/hardware/security/dice/Signature.aidl
deleted file mode 100644
index ea3594f83a..0000000000
--- a/security/dice/aidl/android/hardware/security/dice/Signature.aidl
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-/**
- * This parcelable represents a Signature. It is used as return value of IDiceNode::sign.
- *
- * @hide
- */
-@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
-@VintfStability
-parcelable Signature {
- /**
- * The RFC 8032 PureEd25519 signature.
- * @see RFC 8032
- */
- byte[] data;
-}
diff --git a/security/dice/aidl/default/Android.bp b/security/dice/aidl/default/Android.bp
deleted file mode 100644
index 5ff4847702..0000000000
--- a/security/dice/aidl/default/Android.bp
+++ /dev/null
@@ -1,29 +0,0 @@
-package {
- // See: http://go/android-license-faq
- // A large-scale-change added 'default_applicable_licenses' to import
- // all of the 'license_kinds' from "hardware_interfaces_license"
- // to get the below license kinds:
- // SPDX-license-identifier-Apache-2.0
- default_applicable_licenses: ["hardware_interfaces_license"],
-}
-
-rust_binary {
- name: "android.hardware.security.dice-service.non-secure-software",
- srcs: ["service.rs"],
- relative_install_path: "hw",
- vendor: true,
- rustlibs: [
- "android.hardware.security.dice-V1-rust",
- "libdiced_sample_inputs",
- "libdiced_vendor",
- "libandroid_logger",
- "libanyhow",
- "libbinder_rs",
- "liblog_rust",
- "libserde",
- ],
- init_rc: ["android.hardware.security.dice-service.non-secure-software.rc"],
- vintf_fragments: [
- "android.hardware.security.dice-service.non-secure-software.xml",
- ],
-}
diff --git a/security/dice/aidl/default/android.hardware.security.dice-service.non-secure-software.rc b/security/dice/aidl/default/android.hardware.security.dice-service.non-secure-software.rc
deleted file mode 100644
index 28e43c3bfa..0000000000
--- a/security/dice/aidl/default/android.hardware.security.dice-service.non-secure-software.rc
+++ /dev/null
@@ -1,9 +0,0 @@
-service vendor.dice /vendor/bin/hw/android.hardware.security.dice-service.non-secure-software
- class early_hal
- user nobody
- # The diced HAL cannot be allowed to restart. When it crashes for any reason.
- # it loses security critical state. The only remedy is to restart the device.
- # This may be implementation depended. It is safe to restart the HAL if the
- # state change during a call to "demote" is is preserved.
- # see android/hardware/security/dice/IDiceDevice.aidl for details on "demote".
- oneshot
diff --git a/security/dice/aidl/default/android.hardware.security.dice-service.non-secure-software.xml b/security/dice/aidl/default/android.hardware.security.dice-service.non-secure-software.xml
deleted file mode 100644
index 94ef24363b..0000000000
--- a/security/dice/aidl/default/android.hardware.security.dice-service.non-secure-software.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-
-
- android.hardware.security.dice
- IDiceDevice/default
-
-
\ No newline at end of file
diff --git a/security/dice/aidl/default/service.rs b/security/dice/aidl/default/service.rs
deleted file mode 100644
index 4363e91ec3..0000000000
--- a/security/dice/aidl/default/service.rs
+++ /dev/null
@@ -1,108 +0,0 @@
-// Copyright 2021, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! Main entry point for the android.hardware.security.dice service.
-
-use anyhow::{anyhow, Result};
-use diced::{
- dice,
- hal_node::{DiceArtifacts, DiceDevice, ResidentHal, UpdatableDiceArtifacts},
-};
-use diced_sample_inputs::make_sample_bcc_and_cdis;
-use serde::{Deserialize, Serialize};
-use std::panic;
-use std::sync::Arc;
-
-static DICE_HAL_SERVICE_NAME: &str = "android.hardware.security.dice.IDiceDevice/default";
-
-#[derive(Debug, Serialize, Deserialize, Clone)]
-struct InsecureSerializableArtifacts {
- cdi_attest: [u8; dice::CDI_SIZE],
- cdi_seal: [u8; dice::CDI_SIZE],
- bcc: Vec,
-}
-
-impl DiceArtifacts for InsecureSerializableArtifacts {
- fn cdi_attest(&self) -> &[u8; dice::CDI_SIZE] {
- &self.cdi_attest
- }
- fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE] {
- &self.cdi_seal
- }
- fn bcc(&self) -> Option<&[u8]> {
- Some(&self.bcc)
- }
-}
-
-impl UpdatableDiceArtifacts for InsecureSerializableArtifacts {
- fn with_artifacts(&self, f: F) -> Result
- where
- F: FnOnce(&dyn DiceArtifacts) -> Result,
- {
- f(self)
- }
- fn update(self, new_artifacts: &impl DiceArtifacts) -> Result {
- Ok(Self {
- cdi_attest: *new_artifacts.cdi_attest(),
- cdi_seal: *new_artifacts.cdi_seal(),
- bcc: new_artifacts
- .bcc()
- .ok_or_else(|| anyhow!("bcc is none"))?
- .to_vec(),
- })
- }
-}
-
-fn main() {
- android_logger::init_once(
- android_logger::Config::default()
- .with_tag("android.hardware.security.dice")
- .with_min_level(log::Level::Debug),
- );
- // Redirect panic messages to logcat.
- panic::set_hook(Box::new(|panic_info| {
- log::error!("{}", panic_info);
- }));
-
- // Saying hi.
- log::info!("android.hardware.security.dice is starting.");
-
- let dice_artifacts =
- make_sample_bcc_and_cdis().expect("Failed to construct sample dice chain.");
- let mut cdi_attest = [0u8; dice::CDI_SIZE];
- cdi_attest.copy_from_slice(dice_artifacts.cdi_attest());
- let mut cdi_seal = [0u8; dice::CDI_SIZE];
- cdi_seal.copy_from_slice(dice_artifacts.cdi_seal());
- let hal_impl = Arc::new(
- unsafe {
- // Safety: ResidentHal cannot be used in multi threaded processes.
- // This service does not start a thread pool. The main thread is the only thread
- // joining the thread pool, thereby keeping the process single threaded.
- ResidentHal::new(InsecureSerializableArtifacts {
- cdi_attest,
- cdi_seal,
- bcc: dice_artifacts.bcc().expect("bcc is none").to_vec(),
- })
- }
- .expect("Failed to create ResidentHal implementation."),
- );
-
- let hal = DiceDevice::new_as_binder(hal_impl).expect("Failed to construct hal service.");
-
- binder::add_service(DICE_HAL_SERVICE_NAME, hal.as_binder())
- .expect("Failed to register IDiceDevice Service");
-
- log::info!("Joining thread pool now.");
- binder::ProcessState::join_thread_pool();
-}
diff --git a/security/dice/aidl/vts/functional/Android.bp b/security/dice/aidl/vts/functional/Android.bp
deleted file mode 100644
index 2a85a19ca2..0000000000
--- a/security/dice/aidl/vts/functional/Android.bp
+++ /dev/null
@@ -1,54 +0,0 @@
-package {
- // See: http://go/android-license-faq
- // A large-scale-change added 'default_applicable_licenses' to import
- // all of the 'license_kinds' from "hardware_interfaces_license"
- // to get the below license kinds:
- // SPDX-license-identifier-Apache-2.0
- default_applicable_licenses: ["hardware_interfaces_license"],
-}
-
-rust_test {
- name: "VtsAidlDiceTargetTest",
- srcs: [
- "dice_test.rs",
- ],
- require_root: true,
- auto_gen_config: true,
- test_suites: [
- "general-tests",
- "vts",
- ],
-
- rustlibs: [
- "android.hardware.security.dice-V1-rust",
- "libanyhow",
- "libbinder_rs",
- "libdiced_open_dice",
- "libdiced_sample_inputs",
- "libdiced_utils",
- "libkeystore2_vintf_rust",
- ],
-}
-
-rust_test {
- name: "VtsAidlDiceDemoteTargetTest",
- srcs: [
- "dice_demote_test.rs",
- ],
-
- test_config: "VtsAidlDiceDemoteTargetTest.xml",
- test_suites: [
- "general-tests",
- "vts",
- ],
-
- rustlibs: [
- "android.hardware.security.dice-V1-rust",
- "libanyhow",
- "libbinder_rs",
- "libdiced_open_dice",
- "libdiced_sample_inputs",
- "libdiced_utils",
- "libkeystore2_vintf_rust",
- ],
-}
diff --git a/security/dice/aidl/vts/functional/VtsAidlDiceDemoteTargetTest.xml b/security/dice/aidl/vts/functional/VtsAidlDiceDemoteTargetTest.xml
deleted file mode 100644
index 2991580000..0000000000
--- a/security/dice/aidl/vts/functional/VtsAidlDiceDemoteTargetTest.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/security/dice/aidl/vts/functional/dice_demote_test.rs b/security/dice/aidl/vts/functional/dice_demote_test.rs
deleted file mode 100644
index 49aea6738b..0000000000
--- a/security/dice/aidl/vts/functional/dice_demote_test.rs
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright 2021, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-use diced_open_dice::DiceArtifacts;
-use diced_sample_inputs;
-use diced_utils;
-use std::convert::TryInto;
-
-mod utils;
-use utils::with_connection;
-
-// This test calls derive with an empty argument vector, then demotes the HAL using
-// a set of three input values, and then calls derive with empty argument vector again.
-// It then performs the same three derivation steps on the result of the former and compares
-// the result to the result of the latter.
-#[test]
-fn demote_test() {
- with_connection(|device| {
- let input_values = diced_sample_inputs::get_input_values_vector();
- let former = device.derive(&[]).expect("Trying to call derive.");
- device
- .demote(&input_values)
- .expect("Trying to call demote with input values.");
-
- let latter = device
- .derive(&[])
- .expect("Trying to call derive after demote.");
-
- let artifacts = diced_utils::ResidentArtifacts::new(
- former.cdiAttest[..].try_into().unwrap(),
- former.cdiSeal[..].try_into().unwrap(),
- &former.bcc.data,
- )
- .unwrap();
-
- let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();
- let from_former = diced_utils::make_bcc_handover(
- artifacts.cdi_attest(),
- artifacts.cdi_seal(),
- artifacts.bcc().expect("bcc is none"),
- )
- .unwrap();
- // TODO b/204938506 when we have a parser/verifier, check equivalence rather
- // than bit by bit equality.
- assert_eq!(latter, from_former);
- Ok(())
- })
-}
diff --git a/security/dice/aidl/vts/functional/dice_test.rs b/security/dice/aidl/vts/functional/dice_test.rs
deleted file mode 100644
index fbbdd8192c..0000000000
--- a/security/dice/aidl/vts/functional/dice_test.rs
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright 2021, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-use diced_open_dice::DiceArtifacts;
-use diced_sample_inputs;
-use diced_utils;
-
-mod utils;
-use utils::with_connection;
-
-static TEST_MESSAGE: &[u8] = &[
- // "My test message!"
- 0x4d, 0x79, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x21,
- 0x0a,
-];
-
-// This test calls derive with an empty argument vector and with a set of three input values.
-// It then performs the same three derivation steps on the result of the former and compares
-// the result to the result of the latter.
-#[test]
-fn equivalence_test() {
- with_connection(|device| {
- let input_values = diced_sample_inputs::get_input_values_vector();
- let former = device.derive(&[]).expect("Trying to call derive.");
- let latter = device
- .derive(&input_values)
- .expect("Trying to call derive with input values.");
- let artifacts = diced_utils::ResidentArtifacts::new(
- former.cdiAttest[..].try_into().unwrap(),
- former.cdiSeal[..].try_into().unwrap(),
- &former.bcc.data,
- )
- .unwrap();
-
- let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();
- let from_former = diced_utils::make_bcc_handover(
- artifacts.cdi_attest(),
- artifacts.cdi_seal(),
- artifacts.bcc().expect("bcc is none"),
- )
- .unwrap();
- // TODO b/204938506 when we have a parser/verifier, check equivalence rather
- // than bit by bit equality.
- assert_eq!(latter, from_former);
- Ok(())
- })
-}
-
-#[test]
-fn sign_and_verify() {
- with_connection(|device| {
- let _signature = device
- .sign(&[], TEST_MESSAGE)
- .expect("Trying to call sign.");
-
- let _bcc = device
- .getAttestationChain(&[])
- .expect("Trying to call getAttestationChain.");
- // TODO b/204938506 check the signature with the bcc when the verifier is available.
- Ok(())
- })
-}
diff --git a/security/dice/aidl/vts/functional/utils.rs b/security/dice/aidl/vts/functional/utils.rs
deleted file mode 100644
index 4e6708ec5e..0000000000
--- a/security/dice/aidl/vts/functional/utils.rs
+++ /dev/null
@@ -1,53 +0,0 @@
-// Copyright 2021, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-use android_hardware_security_dice::aidl::android::hardware::security::dice::IDiceDevice::IDiceDevice;
-use anyhow::Result;
-use binder::Strong;
-use keystore2_vintf::get_aidl_instances;
-use std::sync::Arc;
-
-static DICE_DEVICE_SERVICE_NAME: &str = &"android.hardware.security.dice";
-static DICE_DEVICE_INTERFACE_NAME: &str = &"IDiceDevice";
-
-/// This function iterates through all announced IDiceDevice services and runs the given test
-/// closure against connections to each of them. It also modifies the panic hook to indicate
-/// on which instance the test failed in case the test closure panics.
-pub fn with_connection(test: F)
-where
- F: Fn(&Strong) -> Result,
-{
- let instances = get_aidl_instances(DICE_DEVICE_SERVICE_NAME, 1, DICE_DEVICE_INTERFACE_NAME);
- let panic_hook = Arc::new(std::panic::take_hook());
- for i in instances.into_iter() {
- let panic_hook_clone = panic_hook.clone();
- let instance_clone = i.clone();
- std::panic::set_hook(Box::new(move |v| {
- println!("While testing instance: \"{}\"", instance_clone);
- panic_hook_clone(v)
- }));
- let connection: Strong = binder::get_interface(&format!(
- "{}.{}/{}",
- DICE_DEVICE_SERVICE_NAME, DICE_DEVICE_INTERFACE_NAME, i
- ))
- .unwrap();
- test(&connection).unwrap();
- drop(std::panic::take_hook());
- }
- // Cannot call unwrap here because the panic hook is not Debug.
- std::panic::set_hook(match Arc::try_unwrap(panic_hook) {
- Ok(hook) => hook,
- _ => panic!("Failed to unwrap and reset previous panic hook."),
- })
-}