From 501b63b0d05e2f54977e76f424e95675bf2d80d9 Mon Sep 17 00:00:00 2001
From: Catherine Vlasov <cvlasov@google.com>
Date: Mon, 18 Nov 2024 09:33:30 +0000
Subject: [PATCH] Specify the use of SHA-256 for the "verifiedBootHash".

Bug: 309963984
Bug: 376832222
Test: n/a, comment update
Change-Id: Iab9e0f2d28ae4ab56d104cab6031783f605fee21
---
 .../hardware/security/keymint/KeyCreationResult.aidl        | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index 294c205fa0..da8b513667 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -145,9 +145,9 @@ parcelable KeyCreationResult {
      *     verifiedBootKey            OCTET_STRING,
      *     deviceLocked               BOOLEAN,
      *     verifiedBootState          VerifiedBootState,
-     *     # verifiedBootHash must contain 32-byte value that represents the state of all binaries
-     *     # or other components validated by verified boot.  Updating any verified binary or
-     *     # component must cause this value to change.
+     *     # verifiedBootHash must contain a SHA-256 digest of all binaries and components validated
+     *     # by Verified Boot. Updating any verified binary or component must cause this value to
+     *     # change.
      *     verifiedBootHash           OCTET_STRING,
      * }
      *