Clean up description of IRemotelyProvisionedComponent uniqueId

The identifier is to be used in telemetry to identify problematic implementations. Thus, it needs to be globally consistent, at least within a given device type. Test: None -- doc only changes Bug: 231495834 Change-Id: Ia55db336fa099d8e1196f6bfe2bafb6fa5ead329 Merged-In: Ia55db336fa099d8e1196f6bfe2bafb6fa5ead329
2026-02-01 15:58:43 +00:00 · 2022-05-05 11:01:33 -07:00
parent 7438610136
commit 9b7f79cbf6
1 changed files with 5 additions and 1 deletions
--- a/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl
@@ -59,13 +59,17 @@ parcelable RpcHardwareInfo {
     * client should NOT interpret the content of the identifier in any way. The client can only
     * compare identifiers to determine if two IRemotelyProvisionedComponents share the same
     * implementation. Each IRemotelyProvisionedComponent implementation must have a distinct
-     * identifier from all other implementations on the same device.
+     * identifier from all other implementations, and it must be consistent across all devices.
+     * It's critical that this identifier not be usable to uniquely identify a specific device.
     *
     * This identifier must be consistent across reboots, as it is used to store and track
     * provisioned keys in a persistent, on-device database.
     *
     * uniqueId may not be empty, and must not be any longer than 32 characters.
     *
+     * A recommended construction for this value is "[Vendor] [Component Name] [Major Version]",
+     * e.g. "Google Trusty KeyMint 1".
+     *
     * This field was added in API version 2.
     *
     */