Merge "Add new CertificateType for the RKP VM" into main am: 3cf2309b7b

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2850345

Change-Id: I2a27decd69b81103f2d5d9d1a57af97e560f6467
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

security/rkp/README.md

@@ -190,3 +190,30 @@ following links:
 *   [RpcHardwareInfo](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl)
 *   [DeviceInfo](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl)
 
+### Support for Android Virtualization Framework
+
+The Android Virtualization Framwork (AVF) relies on RKP to provision keys for VMs. A
+privileged vm, the RKP VM, is reponsible for generating and managing the keys for client
+VMs that run virtualized workloads. See the following for more background information on the
+RKP VM:
+*    [rkp-vm]: https://android.googlesource.com/platform/packages/modules/Virtualization/+/main/service_vm/README.md#rkp-vm-remote-key-provisioning-virtual-machine
+*    [rkp-service]: https://source.android.com/docs/core/ota/modular-system/remote-key-provisioning#stack-architecture
+
+It is important to distinquish the RKP VM from other components, such as KeyMint. An
+[RKP VM marker](https://pigweed.googlesource.com/open-dice/+/HEAD/docs/android.md#configuration-descriptor)
+(key `-70006) is used for this purpose. The existence or absence of this marker is used to
+identify the type of component decribed by a given DICE chain.
+
+The following describes which certificate types may be request based on the RKP VM marker:
+1. "rkp-vm": If a DICE chain has zero or more certificates without the RKP VM
+   marker followed by one or more certificates with the marker, then that chain
+   describes an RKP VM. If there are further certificates without the RKP VM
+   marker, then the chain does not describe an RKP VM.
+
+   Implementations must include the first RPK VM marker as early as possible
+   after the point of divergence between TEE and non-TEE components in the DICE
+   chain, prior to loading the Android Bootloader (ABL).
+2. "widevine" or "keymint": If there are no certificates with the RKP VM
+   marker then it describes a TEE component.
+3. None: Any component described by a DICE chain that does not match the above
+   two categories.

security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl

@@ -14,8 +14,9 @@ CsrPayload = [                      ; CBOR Array defining the payload for Csr
 ; be extended without requiring a version bump of the HAL. Custom certificate types may
 ; be used, but the provisioning server may reject the request for an unknown certificate
 ; type. The currently defined certificate types are:
-;  - "widevine"
-;  - "keymint"
+;  * "widevine" -- Widevine content protection system
+;  * "keymint"  -- KeyMint HAL
+;  * "rkp-vm"   -- See "Support for Android Virtualization Framework" in the README.md file.
 CertificateType = tstr
 
 KeysToSign = [ * PublicKey ]   ; Please see PublicKey.cddl for the PublicKey definition.
@@ -112,6 +113,7 @@ ConfigurationDescriptor = {                  ; Configuration Descriptor
     ? -70003 : int / tstr,                   ; Component version
     ? -70004 : null,                         ; Resettable
     ? -70005 : uint,                         ; Security version
+    ? -70006 : null,                         ; RKP VM marker
 }
 
 ; Each entry in the DICE chain is a DiceChainEntryPayload signed by the key from the previous