From 0d520e8e1751fde5a3207c6f27be88a8bbc245dc Mon Sep 17 00:00:00 2001 From: Andrew Scull Date: Wed, 10 May 2023 22:08:04 +0000 Subject: [PATCH] Add security version to config descriptor Introduce a field to the configuration descriptor that provides a standard semantically-defined version number rather than the vendor-defined component version which acts more like a build ID. Test: n/a Bug: 282205139 Change-Id: Idb0c991ab12ae75687236f2489e639e4422a0225 --- security/rkp/README.md | 5 +++++ .../security/keymint/IRemotelyProvisionedComponent.aidl | 1 + 2 files changed, 6 insertions(+) diff --git a/security/rkp/README.md b/security/rkp/README.md index 7477f803b3..5a93734c11 100644 --- a/security/rkp/README.md +++ b/security/rkp/README.md @@ -324,6 +324,11 @@ the range \[-70000, -70999\] (these are reserved for future additions here). : : : : boot stage : | Resettable | -70004 | null | If present, key changes on factory| : : : : reset : +| Security version | -70005 | uint | Machine-comparable, monotonically | +: : : : increasing version of the firmware: +: : : : component / boot stage where a : +: : : : greater value indicates a newer : +: : : : version : ``` Please see diff --git a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl index 2a4cba1f0e..7fed3636f6 100644 --- a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl +++ b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl @@ -427,6 +427,7 @@ interface IRemotelyProvisionedComponent { * ? -70002 : tstr, ; Component name * ? -70003 : int / tstr, ; Component version * ? -70004 : null, ; Resettable + * ? -70005 : uint, ; Security version * }, * -4670549 : bstr, ; Authority Hash * ? -4670550 : bstr, ; Authority Descriptor