Specify the use of SHA-256 for the "verifiedBootHash".

Bug: 309963984 Bug: 376832222 Test: n/a, comment update Change-Id: Iab9e0f2d28ae4ab56d104cab6031783f605fee21
2026-02-01 11:36:00 +00:00 · 2024-11-18 09:33:30 +00:00
parent b9c1291dfb
commit 501b63b0d0
1 changed files with 3 additions and 3 deletions
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -145,9 +145,9 @@ parcelable KeyCreationResult {
     *     verifiedBootKey            OCTET_STRING,
     *     deviceLocked               BOOLEAN,
     *     verifiedBootState          VerifiedBootState,
-     *     # verifiedBootHash must contain 32-byte value that represents the state of all binaries
-     *     # or other components validated by verified boot.  Updating any verified binary or
-     *     # component must cause this value to change.
+     *     # verifiedBootHash must contain a SHA-256 digest of all binaries and components validated
+     *     # by Verified Boot. Updating any verified binary or component must cause this value to
+     *     # change.
     *     verifiedBootHash           OCTET_STRING,
     * }
     *