diff --git a/security/rkp/README.md b/security/rkp/README.md index 15ea817870..71f70cbf66 100644 --- a/security/rkp/README.md +++ b/security/rkp/README.md @@ -190,3 +190,30 @@ following links: * [RpcHardwareInfo](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl) * [DeviceInfo](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl) +### Support for Android Virtualization Framework + +The Android Virtualization Framwork (AVF) relies on RKP to provision keys for VMs. A +privileged vm, the RKP VM, is reponsible for generating and managing the keys for client +VMs that run virtualized workloads. See the following for more background information on the +RKP VM: +* [rkp-vm]: https://android.googlesource.com/platform/packages/modules/Virtualization/+/main/service_vm/README.md#rkp-vm-remote-key-provisioning-virtual-machine +* [rkp-service]: https://source.android.com/docs/core/ota/modular-system/remote-key-provisioning#stack-architecture + +It is important to distinquish the RKP VM from other components, such as KeyMint. An +[RKP VM marker](https://pigweed.googlesource.com/open-dice/+/HEAD/docs/android.md#configuration-descriptor) +(key `-70006) is used for this purpose. The existence or absence of this marker is used to +identify the type of component decribed by a given DICE chain. + +The following describes which certificate types may be request based on the RKP VM marker: +1. "rkp-vm": If a DICE chain has zero or more certificates without the RKP VM + marker followed by one or more certificates with the marker, then that chain + describes an RKP VM. If there are further certificates without the RKP VM + marker, then the chain does not describe an RKP VM. + + Implementations must include the first RPK VM marker as early as possible + after the point of divergence between TEE and non-TEE components in the DICE + chain, prior to loading the Android Bootloader (ABL). +2. "widevine" or "keymint": If there are no certificates with the RKP VM + marker then it describes a TEE component. +3. None: Any component described by a DICE chain that does not match the above + two categories. \ No newline at end of file diff --git a/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl b/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl index 61404d4758..3c43238381 100644 --- a/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl +++ b/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl @@ -14,8 +14,9 @@ CsrPayload = [ ; CBOR Array defining the payload for Csr ; be extended without requiring a version bump of the HAL. Custom certificate types may ; be used, but the provisioning server may reject the request for an unknown certificate ; type. The currently defined certificate types are: -; - "widevine" -; - "keymint" +; * "widevine" -- Widevine content protection system +; * "keymint" -- KeyMint HAL +; * "rkp-vm" -- See "Support for Android Virtualization Framework" in the README.md file. CertificateType = tstr KeysToSign = [ * PublicKey ] ; Please see PublicKey.cddl for the PublicKey definition. @@ -112,6 +113,7 @@ ConfigurationDescriptor = { ; Configuration Descriptor ? -70003 : int / tstr, ; Component version ? -70004 : null, ; Resettable ? -70005 : uint, ; Security version + ? -70006 : null, ; RKP VM marker } ; Each entry in the DICE chain is a DiceChainEntryPayload signed by the key from the previous