diff --git a/compatibility_matrices/compatibility_matrix.202504.xml b/compatibility_matrices/compatibility_matrix.202504.xml
index e019902e9f..1cd49bb531 100644
--- a/compatibility_matrices/compatibility_matrix.202504.xml
+++ b/compatibility_matrices/compatibility_matrix.202504.xml
@@ -507,6 +507,14 @@
             <instance>nonsecure</instance>
         </interface>
     </hal>
+    <hal format="aidl">
+        <name>android.hardware.security.see.hwcrypto</name>
+        <version>1</version>
+        <interface>
+            <name>IHwCryptoKey</name>
+            <instance>default</instance>
+        </interface>
+    </hal>
     <hal format="aidl" updatable-via-apex="true">
         <name>android.hardware.security.secureclock</name>
         <version>1</version>
diff --git a/compatibility_matrices/exclude/fcm_exclude.cpp b/compatibility_matrices/exclude/fcm_exclude.cpp
index 79dd0bbb95..61fb2b3d85 100644
--- a/compatibility_matrices/exclude/fcm_exclude.cpp
+++ b/compatibility_matrices/exclude/fcm_exclude.cpp
@@ -156,6 +156,7 @@ bool ShouldCheckMissingAidlHalsInFcm(const std::string& packageAndVersion) {
             // Fastboot HAL is only used by recovery. Recovery is owned by OEM. Framework
             // does not depend on this HAL, hence it is not declared in any manifests or matrices.
             "android.hardware.fastboot@",
+            "android.hardware.security.see.hwcrypto.types",
             "android.hardware.security.see.storage",
     };
 
diff --git a/staging/security/see/hwcrypto/aidl/Android.bp b/security/see/hwcrypto/aidl/Android.bp
similarity index 77%
rename from staging/security/see/hwcrypto/aidl/Android.bp
rename to security/see/hwcrypto/aidl/Android.bp
index 2da59a49c0..e15f4943d8 100644
--- a/staging/security/see/hwcrypto/aidl/Android.bp
+++ b/security/see/hwcrypto/aidl/Android.bp
@@ -8,10 +8,8 @@ package {
 }
 
 aidl_interface {
-    name: "android.hardware.security.see",
-    unstable: false,
-    // TODO Remove this owner field when this interface is moved out of /staging
-    owner: "google_while_staging",
+    name: "android.hardware.security.see.hwcrypto",
+    stability: "vintf",
     host_supported: true,
     srcs: [
         "android/hardware/security/see/hwcrypto/*.aidl",
@@ -22,11 +20,15 @@ aidl_interface {
             enabled: false,
         },
         cpp: {
-            enabled: false,
+            enabled: true,
         },
         rust: {
             enabled: true,
         },
+        ndk: {
+            enabled: true,
+        },
     },
     frozen: false,
+    system_ext_specific: true,
 }
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
index 0a7e7a217c..fd2904b88e 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto;
+@VintfStability
 union CryptoOperation {
   android.hardware.security.see.hwcrypto.MemoryBufferParameter setMemoryBuffer;
   android.hardware.security.see.hwcrypto.OperationParameters setOperationParameters;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
index 05780e199d..66bed55788 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto;
+@VintfStability
 parcelable CryptoOperationErrorAdditionalInfo {
   long failingCommandIndex;
 }
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
index 1088e279b1..7996b9a592 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto;
+@VintfStability
 parcelable CryptoOperationResult {
   @nullable android.hardware.security.see.hwcrypto.ICryptoOperationContext context;
 }
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
index f3b9b43e68..75bb0dcbcc 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto;
+@VintfStability
 parcelable CryptoOperationSet {
   @nullable android.hardware.security.see.hwcrypto.ICryptoOperationContext context;
   android.hardware.security.see.hwcrypto.CryptoOperation[] operations;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
index 472215f565..7646656e29 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
@@ -32,5 +32,6 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto;
+@VintfStability
 interface ICryptoOperationContext {
 }
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
index 5b34572b87..83b849687c 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto;
+@VintfStability
 interface IHwCryptoKey {
   android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundDerivationKey derivationKey);
   android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundKeyResult deriveDicePolicyBoundKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
index 5c26cc235b..7c87dd37d2 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto;
+@VintfStability
 interface IHwCryptoOperations {
   android.hardware.security.see.hwcrypto.CryptoOperationResult[] processCommandList(inout android.hardware.security.see.hwcrypto.CryptoOperationSet[] operations, out android.hardware.security.see.hwcrypto.CryptoOperationErrorAdditionalInfo additionalErrorInfo);
 }
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
index 88dbdf1c1f..1121f01145 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto;
+@VintfStability
 interface IOpaqueKey {
   byte[] exportWrappedKey(in android.hardware.security.see.hwcrypto.IOpaqueKey wrappingKey);
   android.hardware.security.see.hwcrypto.KeyPolicy getKeyPolicy();
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
index 0e3896e8a0..ca114c3662 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto;
+@VintfStability
 parcelable KeyPolicy {
   android.hardware.security.see.hwcrypto.types.KeyUse usage;
   android.hardware.security.see.hwcrypto.types.KeyLifetime keyLifetime = android.hardware.security.see.hwcrypto.types.KeyLifetime.EPHEMERAL;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
index d88d5c8896..1c49297680 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto;
+@VintfStability
 parcelable MemoryBufferParameter {
   android.hardware.security.see.hwcrypto.MemoryBufferParameter.MemoryBuffer bufferHandle;
   int sizeBytes;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
index e069610cf5..d6f57abc14 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto;
+@VintfStability
 union OperationParameters {
   android.hardware.security.see.hwcrypto.types.SymmetricAuthOperationParameters symmetricAuthCrypto;
   android.hardware.security.see.hwcrypto.types.SymmetricOperationParameters symmetricCrypto;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
index 0fd1ee74a7..7b9924e18a 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto;
+@VintfStability
 parcelable PatternParameters {
   long numberBlocksProcess;
   long numberBlocksCopy;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
index e7501ffda7..6ad2c09e34 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 union AesCipherMode {
   android.hardware.security.see.hwcrypto.types.CipherModeParameters cbc;
   android.hardware.security.see.hwcrypto.types.CipherModeParameters ctr;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
index 4084abba6b..68ad142508 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 union AesGcmMode {
   android.hardware.security.see.hwcrypto.types.AesGcmMode.AesGcmModeParameters gcmTag16;
   parcelable AesGcmModeParameters {
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
index f4bf786570..78b1ff8788 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 union AesKey {
   byte[16] aes128 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
   byte[32] aes256;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
index 7a775219a0..83713ff26d 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 parcelable CipherModeParameters {
   byte[16] nonce;
 }
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
index 99706785e1..45cb234632 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 union ExplicitKeyMaterial {
   android.hardware.security.see.hwcrypto.types.AesKey aes;
   android.hardware.security.see.hwcrypto.types.HmacKey hmac;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
index 742314c041..969e9c83c9 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 parcelable HalErrorCode {
   const int NO_ERROR = 0;
   const int GENERIC_ERROR = (-1) /* -1 */;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
index f8de94a376..4d4e65df9e 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 union HmacKey {
   byte[32] sha256 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
   byte[64] sha512;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
index 532cd8d603..33a518d957 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 parcelable HmacOperationParameters {
   android.hardware.security.see.hwcrypto.IOpaqueKey key;
 }
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
similarity index 97%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
index db5964c961..ddee337198 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
@@ -32,7 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
-@Backing(type="byte")
+@Backing(type="byte") @VintfStability
 enum KeyLifetime {
   EPHEMERAL,
   HARDWARE,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
index ea3a173619..919be32290 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 enum KeyPermissions {
   ALLOW_EPHEMERAL_KEY_WRAPPING,
   ALLOW_HARDWARE_KEY_WRAPPING,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
index 59b83c40e4..07a7ce43b6 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 enum KeyType {
   AES_128_CBC_NO_PADDING,
   AES_128_CBC_PKCS7_PADDING,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
index e888bdf2a5..b607fd59c5 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
@@ -32,7 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
-@Backing(type="int")
+@Backing(type="int") @VintfStability
 enum KeyUse {
   ENCRYPT = 1,
   DECRYPT = 2,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
similarity index 97%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
index 59c8757a0f..184e21f1d2 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
@@ -32,7 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
-@RustDerive(Clone=true, Copy=true)
+@RustDerive(Clone=true, Copy=true) @VintfStability
 parcelable MemoryBufferReference {
   int startOffset;
   int sizeBytes;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
index fc2dd63e3d..6dfefcb837 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 parcelable OpaqueKeyToken {
   byte[] keyToken;
 }
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
index aad3ac18a5..858ef1c456 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 union OperationData {
   android.hardware.security.see.hwcrypto.types.MemoryBufferReference memoryBufferReference;
   byte[] dataBuffer;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
index ca8b3eb601..03c2bba66a 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 enum OperationType {
   READ,
   WRITE,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
index 1e304ab584..cb963eef37 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 enum ProtectionId {
   WIDEVINE_OUTPUT_BUFFER = 1,
 }
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
index d3d17636e9..e42190e7ab 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 union SymmetricAuthCryptoParameters {
   android.hardware.security.see.hwcrypto.types.AesGcmMode aes;
 }
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
index 8a8ef09fae..78c4a4f793 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 parcelable SymmetricAuthOperationParameters {
   android.hardware.security.see.hwcrypto.IOpaqueKey key;
   android.hardware.security.see.hwcrypto.types.SymmetricOperation direction;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
index cc93094b4b..8fd5e85c6f 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 union SymmetricCryptoParameters {
   android.hardware.security.see.hwcrypto.types.AesCipherMode aes;
 }
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
index 1a17525bba..40fd2d504e 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 enum SymmetricOperation {
   ENCRYPT,
   DECRYPT,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
index 769833b8e8..7007074068 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
@@ -32,6 +32,7 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 parcelable SymmetricOperationParameters {
   android.hardware.security.see.hwcrypto.IOpaqueKey key;
   android.hardware.security.see.hwcrypto.types.SymmetricOperation direction;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/Void.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/Void.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/Void.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/Void.aidl
index b37848ba59..80c91eea96 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/Void.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/Void.aidl
@@ -32,5 +32,6 @@
 // later when a module using the interface is updated, e.g., Mainline modules.
 
 package android.hardware.security.see.hwcrypto.types;
+@VintfStability
 parcelable Void {
 }
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
index 2fdbc78b2e..0859d2a71c 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
@@ -25,6 +25,7 @@ import android.hardware.security.see.hwcrypto.types.Void;
  * Type that describes the different operations that can be performed along with its required
  * parameters. It will be used to construct a vector of operation that are executed sequentially.
  */
+@VintfStability
 union CryptoOperation {
     /*
      * Sets a memory buffer to operate on. References to positions of this memory buffer can be used
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
index f3ac8ea024..cc94b02a07 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
@@ -18,6 +18,7 @@ package android.hardware.security.see.hwcrypto;
 /*
  * Type that provides more information about failures when processing a list of commands.
  */
+@VintfStability
 parcelable CryptoOperationErrorAdditionalInfo {
     /*
      * Index indicating the first step of <code>CryptoOperationSet::operations</code> that failed
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
index 07c2983cc8..5c3b81e882 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
@@ -20,6 +20,7 @@ import android.hardware.security.see.hwcrypto.ICryptoOperationContext;
 /*
  * Type that describes the result of a set of crypto operations.
  */
+@VintfStability
 parcelable CryptoOperationResult {
     /*
      * Token that can be passed on a CryptoOperationSet to issue more operations on the same context
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
index 9aff1e8951..285ed3689e 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
@@ -21,6 +21,7 @@ import android.hardware.security.see.hwcrypto.ICryptoOperationContext;
 /*
  * Type that describes a set of crypto operations to execute
  */
+@VintfStability
 parcelable CryptoOperationSet {
     /*
      * Token to be used to issue the operations. If NULL, a new context will be created and
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
index 68d0c03575..8cfa735eab 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
@@ -22,4 +22,5 @@ package android.hardware.security.see.hwcrypto;
  * operation in progress context includes any memory buffer previously mapped by a
  * <code>CryptoOperation::SetMemoryBuffer</code> call.
  */
+@VintfStability
 interface ICryptoOperationContext {}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
new file mode 100644
index 0000000000..44ec32fa29
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -0,0 +1,298 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.IHwCryptoOperations;
+import android.hardware.security.see.hwcrypto.IOpaqueKey;
+import android.hardware.security.see.hwcrypto.KeyPolicy;
+import android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial;
+import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
+
+/*
+ * Higher level interface to access and generate keys.
+ */
+@VintfStability
+interface IHwCryptoKey {
+    /*
+     * Identifier for the requested device provided key. The currently supported identifiers are:
+     *
+     */
+    enum DeviceKeyId {
+        /*
+         * This is a key unique to the device.
+         */
+        DEVICE_BOUND_KEY,
+        /*
+         * This is a shared by a set of devices.
+         */
+        BATCH_KEY,
+    }
+
+    /*
+     * Identifier for the requested key slot. The currently supported identifiers are:
+     *
+     */
+    enum KeySlot {
+        /*
+         * This is the shared HMAC key that will now be computed by HwCryptoKey after participating
+         * in the ISharedSecret protocol that can be shared with KeyMint and authenticators. See
+         * ISharedSecret.aidl for more information.
+         */
+        KEYMINT_SHARED_HMAC_KEY,
+    }
+
+    union DiceBoundDerivationKey {
+        /*
+         * Opaque to be used to derive the DICE bound key.
+         */
+        IOpaqueKey opaqueKey;
+
+        /*
+         * Device provided key to be used to derive the DICE bound key.
+         */
+        DeviceKeyId keyId;
+    }
+
+    parcelable DiceCurrentBoundKeyResult {
+        /*
+         * Key cryptographically bound to a DICE policy.
+         */
+        IOpaqueKey diceBoundKey;
+
+        /*
+         * Current dice policy which was used to generate the returned key. This policy is opaque
+         * from this service perspective (it will be sent to an Authentication Manager Service to be
+         * verified). It follows the structure defined on DicePolicy.cddl, located under
+         * hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/ with the
+         * caveat that it could be encrypted if the client does not have enough permissions to see
+         * the device dice policy information.
+         */
+        byte[] dicePolicyForKeyVersion;
+    }
+
+    parcelable DiceBoundKeyResult {
+        /*
+         * Key cryptographically bound to a DICE policy.
+         */
+        IOpaqueKey diceBoundKey;
+
+        /*
+         * Indicates if the diceBoundKey returned was created using a current DICE policy. The
+         * caller can use this to detect if an old policy was provided and rotate its keys if so
+         * desired. Old, valid policies remain usable, but care needs to be taken to not continue to
+         * use a potentially compromised key.
+         */
+        boolean dicePolicyWasCurrent;
+    }
+
+    parcelable ClearKeyPolicy {
+        /*
+         * Indicates the desired key size. It will be used to calculate how many bytes of key
+         * material should be returned.
+         */
+        int keySizeBytes;
+    }
+
+    union DerivedKeyPolicy {
+        /*
+         * If used we will derive a clear key and pass it back as an array of bytes on
+         * <code>HwCryptoKeyMaterial::explicitKey</code>.
+         */
+        ClearKeyPolicy clearKey;
+
+        /*
+         * Policy for the newly derived opaque key. Defines how the key can be used and its type.
+         */
+        byte[] opaqueKey;
+    }
+
+    parcelable DerivedKeyParameters {
+        /*
+         * Key to be used to derive the new key using HKDF.
+         */
+        IOpaqueKey derivationKey;
+
+        /*
+         * Policy for the newly derived key. Depending on its type, either a clear or opaque key
+         * will be derived.
+         */
+        DerivedKeyPolicy keyPolicy;
+
+        /*
+         * An arbitrary set of bytes incorporated into the key derivation. May have an
+         * implementation-specific maximum length, but it is guaranteed to accept at least 32 bytes.
+         */
+        byte[] context;
+    }
+
+    union DerivedKey {
+        /*
+         * Derived key in clear format.
+         */
+        byte[] explicitKey = {};
+
+        /*
+         * Derived key as a key token to be used only through the HWCrypto service.
+         */
+        IOpaqueKey opaque;
+    }
+
+    /*
+     * Derives a versioned key tied to the caller's current DICE policy. It will return this current
+     * policy back to the caller along with the generated key.
+     *
+     * @param derivationKey:
+     *     Key to be used to derive the new key using HKDF.
+     *
+     * @return:
+     *     A DiceCurrentBoundKeyResult containint the versioned key tied the current client version
+     *     on success.
+     *
+     * @throws:
+     *      ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+     */
+    DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(
+            in DiceBoundDerivationKey derivationKey);
+
+    /*
+     * Derive a versioned key by checking the provided DICE policy against the caller and then using
+     * it as a context for deriving the returned key.
+     *
+     * @param derivationKey:
+     *     Key to be used to derive the new key using HKDF.
+     *
+     * @param dicePolicyForKeyVersion:
+     *     Policy used to derive keys tied to specific versions. Using this parameter the caller can
+     *     tie a derived key to a minimum version of itself, so in the future only itself or a more
+     *     recent version can derive the same key. This parameter is opaque to the caller and it
+     *     could be encrypted in the case the client doesn't have permission to know the dice chain.
+     *     When implementing this function, this parameter shall be one of the components fed to the
+     *     KDF context and it needs to be checked against the caller DICE certificate before being
+     *     used.
+     *
+     * @return:
+     *      A DiceBoundKeyResult containing the versioned key tied to the provided DICE policy on
+     *      success.
+     *
+     * @throws:
+     *      ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+     */
+    DiceBoundKeyResult deriveDicePolicyBoundKey(
+            in DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);
+
+    /*
+     * Derive a new key based on the given key, policy and context.
+     *
+     * @param parameters:
+     *      Parameters used for the key derivation. See <code>DerivedKeyParameters</code> on this
+     *      file for more information.
+     *
+     * @return:
+     *      A HwCryptoKeyMaterial containing the derived key on success.
+     *
+     * @throws:
+     *      ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+     */
+    DerivedKey deriveKey(in DerivedKeyParameters parameters);
+
+    /*
+     * Returns an interface used to work on opaque keys. This interface can also be used to operate
+     * on any opaque key generated by hwkeyDeriveVersioned, even if this key has been generated
+     * after retrieving a IHwCryptoOperations binder object, as long as the parent
+     * IHwCryptoDeviceKeyAccess is not dropped between retrieving the IHwCryptoOperations binder
+     * object and deriving the key. IHwCryptoOperations can also be used to create opaque keys that
+     * are not bound to the device.
+     *
+     * @return:
+     *      IHwCryptoOperations on success
+     */
+    IHwCryptoOperations getHwCryptoOperations();
+
+    /*
+     * Imports a SW clear key into the secure environment.
+     *
+     * @param keyMaterial:
+     *     key to be imported.
+     *
+     * @param newKeyPolicy:
+     *      Policy of the new key. Defines how the newly created key can be used. Because any clear
+     *      key imported into the system is considered to have a <code>KeyLifetime::PORTABLE</code>
+     *      lifetime, a call to this function will return an error if
+     *      <code>newKeyPolicy.newKeyPolicy</code> is not set to portable.
+     *
+     * @return:
+     *      IOpaqueKey on success.
+     *
+     * @throws:
+     *      ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+     */
+    IOpaqueKey importClearKey(in ExplicitKeyMaterial keyMaterial, in KeyPolicy newKeyPolicy);
+
+    /*
+     * Returns the client current DICE policy. This policy is encrypted and considered opaque from
+     * the client perspective. This policy is the same used to create DICE bound keys and will also
+     * be used to seal secrets that can only be retrieved by the DICE policy owner. The first use of
+     * this seal operation will be <code>IOpaqueKey::getShareableToken</code> and will call this
+     * <code>IHwCryptoKey::keyTokenImport</code>. To start this process, the intended key receiver
+     * function and then pass the generated DICE policy to the owner of the key that the receiver
+     * wants to import. The key owner will then call <code>IOpaqueKey::getShareableToken</code>
+     * passing the receiver DICE policy to insure that only that receiver can import the key.
+     *
+     * @return:
+     *      byte[] on success, which is the caller encrypted DICE policy.
+     */
+    byte[] getCurrentDicePolicy();
+
+    /*
+     * Imports a key from a different client service instance. Because IOpaqueKey are binder objects
+     * that cannot be directly shared between binder rpc clients, this method provide a way to send
+     * a key to another client. Keys to be imported by the receiver are represented by a token
+     * created using <code>IOpaqueKey::getShareableToken</code>. The flow to create this token is
+     * described in <code>IHwCryptoKey::getCurrentDicePolicy</code>.
+     *
+     * @param requested_key:
+     *      Handle to the key to be imported to the caller service.
+     *
+     * @param sealingDicePolicy:
+     *      DICE policy used to seal the exported key.
+     *
+     * @return:
+     *      An IOpaqueKey that can be directly be used on the local HWCrypto service on success.
+     *
+     * @throws:
+     *      ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+     */
+    IOpaqueKey keyTokenImport(in OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);
+
+    /*
+     * Gets the keyslot key material referenced by slotId. This interface is used to access device
+     * specific keys with known types and uses. Because the returned key is opaque, it can only be
+     * used through the different HwCrypto interfaces. Because the keys live in a global namespace
+     * the identity of the caller needs to be checked to verify that it has permission to access the
+     * requested key.
+     *
+     * @param slotId:
+     *      Identifier for the requested keyslot
+     *
+     * @return:
+     *      An IOpaqueKey corresponding to the requested key slot on success.
+     *
+     * @throws:
+     *      ServiceSpecificException <code>UNAUTHORIZED</code> if the caller cannot access the
+     *      requested key, another specific error based on <code>HalErrorCode</code> otherwise.
+     */
+    IOpaqueKey getKeyslotData(KeySlot slotId);
+}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
similarity index 84%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
index 4d394edd12..9df6d672b5 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
@@ -24,20 +24,25 @@ import android.hardware.security.see.hwcrypto.CryptoOperationSet;
  * cryptographic keys. Interactions with this interface are done through a command-base API,
  * which allow callers to execute a large set of operations on a single call.
  */
+@VintfStability
 interface IHwCryptoOperations {
     /*
-     * processCommandList() - Executes a list of cryptographic commands in order
+     * Executes a list of cryptographic commands in order
      *
-     * @operations:
+     * @param operations:
      *      Parameter containing 1 or more set of commands to execute. Additionally, each set can
      *      also contain a context on which the commands will be executed.
-     * @additionalErrorInfo:
+     *
+     * @param additionalErrorInfo:
      *      Structure containing additional info when errors are encountered. Only valid if the
      *      function failed its execution.
-     * Return:
+     *
+     * @return:
      *      CryptoOperationResult[] on success, which can contain a context to continue executing
-     *      each of the provided operations sets, service specific error based on
-     *      <code>HalErrorCode</code> otherwise.
+     *      each of the provided operations sets.
+     *
+     * @throws:
+     *      ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
      */
     CryptoOperationResult[] processCommandList(inout CryptoOperationSet[] operations,
             out CryptoOperationErrorAdditionalInfo additionalErrorInfo);
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
similarity index 52%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
index 9a726394b5..318a27e272 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
@@ -20,71 +20,80 @@ import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
 import android.hardware.security.see.hwcrypto.types.OperationType;
 import android.hardware.security.see.hwcrypto.types.ProtectionId;
 
+@VintfStability
 interface IOpaqueKey {
     /*
-     * exportWrappedKey() - Exports this key as a wrapped (encrypted) blob.
+     * Exports this key as a wrapped (encrypted) blob.
      *
-     * @wrapping_key:
+     * @param wrapping_key:
      *     wrapping key. It needs to be an opaque key and its policy needs to indicate that it can
      *     be used for key wrapping.
      *
-     * Return:
+     * @return:
      *      Wrapped key blob as a byte array on success. Format of the blob is opaque to the service
      *      but has to match the command accepted by
-     *      <code>IHwCryptoKeyGeneration::importWrappedKey</code>, service specific error based on
-     *      <code>HalErrorCode</code> otherwise.
+     *      <code>IHwCryptoKeyGeneration::importWrappedKey</code>
+     *
+     * @throws:
+     *      ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
      */
     byte[] exportWrappedKey(in IOpaqueKey wrappingKey);
 
     /*
-     * getKeyPolicy() - Returns the key policy.
+     * Returns the key policy.
      *
-     * Return:
-     *      A <code>KeyPolicy</code> on success, service specific error based on
-     *      <code>HalErrorCode</code> otherwise.
+     * @return:
+     *      A <code>KeyPolicy</code> on success
+     *
+     * @throws:
+     *      ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
      */
     KeyPolicy getKeyPolicy();
 
     /*
-     * getPublicKey() - Returns the public key portion of this OpaqueKey. This operation is only
-     *                  valid for asymmetric keys
+     * Returns the public key portion of this OpaqueKey. This operation is only valid for asymmetric
+     * keys.
      *
-     * Return:
-     *      public key as a byte array on success, service specific error based on
-     *      <code>HalErrorCode</code> otherwise. Format used for the returned public key is COSE.
+     * @return:
+     *      public key as a byte array on success. Format used for the returned public key is COSE.
+     *
+     * @throws:
+     *      ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
      */
     byte[] getPublicKey();
 
     /*
-     * getShareableToken() - Returns a token that can shared with another HWCrypto client.
+     * Returns a token that can shared with another HWCrypto client.
      *
-     * @sealingDicePolicy:
+     * @param sealingDicePolicy:
      *      Token to be used to protect the returned OpaqueKeyToken. It will be used so only
      *      the owner of the sealingDicePolicy can import the key.
-     * Return:
-     *      <code>OpaqueKeyMaterial</code> token on success, service specific error based on
-     *      <code>HalErrorCode</code> otherwise.
+     *
+     * @return:
+     *      <code>OpaqueKeyMaterial</code> token on success.
+     *
+     * @throws:
+     *      ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
      */
     OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);
 
     /*
-     * setProtectionId() - Sets the protectionID associated with the buffers where the operation
-     *                     will be performed. A protection ID serves as a limitation on the key so
-     *                     it can only operate on buffers with a matching protection ID.
-     *                     The client calling this functions needs to have the necessary permissions
-     *                     to read and/or write to this buffer. Setting this parameter means that
-     *                     if the key is shared with a different client, the client receiving the
-     *                     key will be limited in which buffers can be used to read/write data for
-     *                     this operation.
+     * Sets the protectionID associated with the buffers where the operation will be performed. A
+     * protection ID serves as a limitation on the key so it can only operate on buffers with a
+     * matching protection ID. The client calling this functions needs to have the necessary
+     * permissions to read and/or write to this buffer. Setting this parameter means that if the key
+     * is shared with a different client, the client receiving the key will be limited in which
+     * buffers can be used to read/write data for this operation.
      *
-     * @protectionId:
+     * @param protectionId:
      *      ID of the given use case to provide protection for. The method of protecting the buffer
      *      will be platform dependent.
-     * @allowedOperations:
+     *
+     * @param allowedOperations:
      *      array of allowed operations. Allowed operations are either READ or WRITE.
      *
-     * Return:
-     *      service specific error based on <code>HalErrorCode</code> on failure.
+     * @throws:
+     *      ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
      */
     void setProtectionId(in ProtectionId protectionId, in OperationType[] allowedOperations);
 }
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
index 9266bfa8da..a20e99b921 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
@@ -23,6 +23,7 @@ import android.hardware.security.see.hwcrypto.types.KeyUse;
 /*
  * Parcelable that specified how a key can be used.
  */
+@VintfStability
 parcelable KeyPolicy {
     /*
      * Enum specifying the operations the key can perform (encryption, decryption, etc.).
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
similarity index 100%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
index c5a6a5cec1..efc5767bd9 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
@@ -18,6 +18,7 @@ package android.hardware.security.see.hwcrypto;
 /*
  * Parcelable representing a memory buffer.
  */
+@VintfStability
 parcelable MemoryBufferParameter {
     union MemoryBuffer {
         ParcelFileDescriptor input;
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
index a977f569f8..bf0b720aec 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
@@ -22,6 +22,7 @@ import android.hardware.security.see.hwcrypto.types.SymmetricOperationParameters
 /*
  * Type that describes the parameters for the different operations that can be performed.
  */
+@VintfStability
 union OperationParameters {
     /*
      * Parameters for authenticated symmetric cryptography (AES GCM).
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
index 3f62abe7bf..9f8950fd62 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
@@ -18,6 +18,7 @@ package android.hardware.security.see.hwcrypto;
 /*
  * Parcelable that specifies a pattern to process data.
  */
+@VintfStability
 parcelable PatternParameters {
     /*
      * Number of blocks that will be processed. The size of the block matches the size of the
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
index ac315575c2..8ce83aa29e 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
@@ -21,6 +21,7 @@ import android.hardware.security.see.hwcrypto.types.Void;
 /*
  * Type used for the parameters needed to run a non-authenticated AES operation.
  */
+@VintfStability
 union AesCipherMode {
     /*
      * Cipher Block Chaining mode. Padding will either be none or PKCS#7 depending on the key policy
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
index 4025553b1f..1c6551c5f5 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
@@ -18,6 +18,7 @@ package android.hardware.security.see.hwcrypto.types;
 /*
  * Type used for the parameters needed to run an authenticated AES operation (GCM).
  */
+@VintfStability
 union AesGcmMode {
     parcelable AesGcmModeParameters {
         /*
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
index cf9082d0a1..ae62ef9ea7 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
@@ -18,6 +18,7 @@ package android.hardware.security.see.hwcrypto.types;
 /*
  * Type that represents an AES key.
  */
+@VintfStability
 union AesKey {
     /*
      * Raw AES 128 bit key material.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
similarity index 89%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
index bfa5daaf60..e7ede574cd 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
@@ -19,6 +19,10 @@ package android.hardware.security.see.hwcrypto.types;
 /*
  * Type encapsulating nonce used on non-authenticated AES symmetric encryption.
  */
+@VintfStability
 parcelable CipherModeParameters {
+    /*
+     * nonce to be used as IV for AES-CBC or as the nonce in AES-CTR
+     */
     byte[16] nonce;
 }
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
similarity index 88%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
index 3aa56115c5..a5bf594753 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
@@ -21,7 +21,15 @@ import android.hardware.security.see.hwcrypto.types.HmacKey;
 /*
  * Type encapsulating a clear key.
  */
+@VintfStability
 union ExplicitKeyMaterial {
+    /*
+     * AES key in clear format.
+     */
     AesKey aes;
+
+    /*
+     * HMAC key in clear format.
+     */
     HmacKey hmac;
 }
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
index f536c0e415..df12262ff7 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
@@ -18,6 +18,7 @@ package android.hardware.security.see.hwcrypto.types;
 /*
  * Service error codes. Will be returned as service specific errors.
  */
+@VintfStability
 parcelable HalErrorCode {
     /* Success */
     const int NO_ERROR = 0;
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
index a0b6ba785f..b1a988ed4c 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
@@ -18,6 +18,7 @@ package android.hardware.security.see.hwcrypto.types;
 /*
  * Type that represents an Hmac key.
  */
+@VintfStability
 union HmacKey {
     /*
      * Raw Hmac key for use with sha256.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
index da09a2caa8..faa3072f91 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
@@ -19,6 +19,7 @@ import android.hardware.security.see.hwcrypto.IOpaqueKey;
 /*
  * Data needed to perform HMAC operations.
  */
+@VintfStability
 parcelable HmacOperationParameters {
     /*
      * Key to be used for the HMAC operation.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
index 9958a0bf81..b03b85099a 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
@@ -20,6 +20,7 @@ package android.hardware.security.see.hwcrypto.types;
  * represented as a bitmask to allow us to internally combine them on a single property to describe
  * a set of allowed lifetimes.
  */
+@VintfStability
 @Backing(type="byte")
 enum KeyLifetime {
     /*
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
index a1e4f2166f..c48ef8be17 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
@@ -18,6 +18,7 @@ package android.hardware.security.see.hwcrypto.types;
 /*
  * Additional characteristics and permissions of the key.
  */
+@VintfStability
 enum KeyPermissions {
     /*
      * Key can be wrapped by an ephemeral key.
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
new file mode 100644
index 0000000000..ed90899fb2
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Enum describing all supported key types. Key types are strongly bound to the algorithm to
+ * prevent reusing the same key on different algorithms (e.g. using the same key for 2 different AES
+ * 128 Cipher modes).
+ */
+@VintfStability
+enum KeyType {
+    /*
+     * AES with key size 128 bits using CBC mode of operation and no padding.
+     */
+    AES_128_CBC_NO_PADDING,
+
+    /*
+     * AES with key size 128 bits using CBC mode of operation and PKCS7 padding.
+     */
+    AES_128_CBC_PKCS7_PADDING,
+
+    /*
+     * AES with key size 128 bits using counter mode.
+     */
+    AES_128_CTR,
+
+    /*
+     * AES with key size 128 bits using GCM mode for authenticated encryption.
+     */
+    AES_128_GCM,
+
+    /*
+     * AES with key size 128 bits for CMAC calculation.
+     */
+    AES_128_CMAC,
+
+    /*
+     * AES with key size 256 bits using CBC mode of operation and no padding.
+     */
+    AES_256_CBC_NO_PADDING,
+
+    /*
+     * AES with key size 256 bits using CBC mode of operation and PKCS7 padding.
+     */
+    AES_256_CBC_PKCS7_PADDING,
+
+    /*
+     * AES with key size 128 bits using counter mode.
+     */
+    AES_256_CTR,
+
+    /*
+     * AES with key size 128 bits using GCM mode for authenticated encryption.
+     */
+    AES_256_GCM,
+
+    /*
+     * AES with key size 128 bits for CMAC calculation.
+     */
+    AES_256_CMAC,
+
+    /*
+     * Key of length of 32 bytes for HMAC operations using SHA256.
+     */
+    HMAC_SHA256,
+
+    /*
+     * Key of length of 64 bytes for HMAC operations using SHA512.
+     */
+    HMAC_SHA512,
+
+    /*
+     * RSA of key size of 2048 bits for signing using PSS.
+     */
+    RSA2048_PSS_SHA256,
+
+    /*
+     * RSA of key size of 2048 bits for signing with padding PKCS 1.5 and SHA256 as the digest
+     * algorithm.
+     */
+    RSA2048_PKCS1_5_SHA256,
+
+    /*
+     * ECC key for signing using curve P-256 and no padding.
+     */
+    ECC_NIST_P256_SIGN_NO_PADDING,
+
+    /*
+     * ECC key for signing using curve P-256 and SHA256 as hashing algorithm.
+     */
+    ECC_NIST_P256_SIGN_SHA256,
+
+    /*
+     * ECC key for signing using curve P-521 and no padding.
+     */
+    ECC_NIST_P521_SIGN_NO_PADDING,
+
+    /*
+     * ECC key for signing using curve P-512 and SHA512 as hashing algorithm.
+     */
+    ECC_NIST_P521_SIGN_SHA512,
+
+    /*
+     * ECC key for signing using EdDSA.
+     */
+    ECC_ED25519_SIGN,
+}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
similarity index 77%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
index 76bfd62c92..60bfd06d52 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
@@ -18,12 +18,24 @@ package android.hardware.security.see.hwcrypto.types;
 /*
  * Enum describing the allowed operations that can be performed with the given key.
  */
+@VintfStability
 @Backing(type="int")
 enum KeyUse {
+    /* Key can be used to encrypt */
     ENCRYPT = 1,
+
+    /* Key can be used to decrypt */
     DECRYPT = 2,
+
+    /* Key can be used to encrypt or decrypt */
     ENCRYPT_DECRYPT = ENCRYPT | DECRYPT,
+
+    /* Key can be used to sign */
     SIGN = 4,
+
+    /* Key can be used to derive other keys */
     DERIVE = 8,
+
+    /* Key can be used to wrap other keys */
     WRAP = 16,
 }
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
index 1175dc555b..0f3c099963 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
@@ -18,6 +18,7 @@ package android.hardware.security.see.hwcrypto.types;
 /*
  * Structure representing a section of a memory buffer.
  */
+@VintfStability
 @RustDerive(Copy=true, Clone=true)
 parcelable MemoryBufferReference {
     /*
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
index db95c180e1..25cc6fb82f 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
@@ -20,6 +20,7 @@ package android.hardware.security.see.hwcrypto.types;
  * valid on the current boot, and its reuse after a session is closed (or between sessions) is not
  * guaranteed.
  */
+@VintfStability
 parcelable OpaqueKeyToken {
     /*
      * Opaque type used to send IOpaqueKeys keys to different clients. Its format is implementation
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
index 642d05e7c8..8dfca72a81 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
@@ -20,6 +20,7 @@ import android.hardware.security.see.hwcrypto.types.MemoryBufferReference;
 /*
  * Union holding buffers to be used by the cryptographic operation.
  */
+@VintfStability
 union OperationData {
     /*
      * Reference (offset, size) to the active operations' MemoryBuffer.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
similarity index 90%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
index 76878a3533..2dc9ae9383 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
@@ -18,7 +18,11 @@ package android.hardware.security.see.hwcrypto.types;
 /*
  * Enum describing the different types of operations allowed on a buffer.
  */
+@VintfStability
 enum OperationType {
+    /* Read operations allowed*/
     READ,
+
+    /* Write operations allowed*/
     WRITE,
 }
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
index 86868826a1..8fd0551cad 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
@@ -19,6 +19,7 @@ package android.hardware.security.see.hwcrypto.types;
  * Enum describing the different types of protected buffers. Protected buffers are named by its
  * corresponding use case and its underlaying implementation is platform dependant.
  */
+@VintfStability
 enum ProtectionId {
     /*
      * ProtectionID used by HwCrypto to enable Keys that can be used for Widevine video buffers.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
index 278e48daa7..79c39f9149 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
@@ -20,6 +20,7 @@ import android.hardware.security.see.hwcrypto.types.AesGcmMode;
 /*
  * Data needed to perform authenticated symmetric cryptographic operations.
  */
+@VintfStability
 union SymmetricAuthCryptoParameters {
     /*
      * AES (Advanced Encryption Standard) GCM parameters.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
index 46568c3098..844a3bc508 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
@@ -23,6 +23,7 @@ import android.hardware.security.see.hwcrypto.types.SymmetricOperation;
  * Parameters needed to perform an authenticated symmetric cryptographic operation. Currently only
  * AES-GCM is supported.
  */
+@VintfStability
 parcelable SymmetricAuthOperationParameters {
     /*
      * Key to be used on the operation.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
index 235024232d..679fe6a44e 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
@@ -20,6 +20,7 @@ import android.hardware.security.see.hwcrypto.types.AesCipherMode;
 /*
  * Data needed to perform non-authenticated symmetric cryptographic operations.
  */
+@VintfStability
 union SymmetricCryptoParameters {
     /*
      * AES (Advanced Encryption Standard) parameters.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
similarity index 92%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
index 27174723ec..d88d4e96a9 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
@@ -18,4 +18,4 @@ package android.hardware.security.see.hwcrypto.types;
 /*
  * Enum describing the type of symmetric operation desired.
  */
-enum SymmetricOperation { ENCRYPT, DECRYPT }
+@VintfStability enum SymmetricOperation { ENCRYPT, DECRYPT }
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
index 1d1554d126..509d416fd0 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
@@ -22,6 +22,7 @@ import android.hardware.security.see.hwcrypto.types.SymmetricOperation;
 /*
  * Parameters needed to perform a non-authenticated symmetric cryptographic operation.
  */
+@VintfStability
 parcelable SymmetricOperationParameters {
     /*
      * Key to be used on the operation.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
similarity index 92%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
index f9f608d90e..243fb45bf9 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
@@ -15,4 +15,8 @@
  */
 package android.hardware.security.see.hwcrypto.types;
 
+/*
+ * Type used to represent no data.
+ */
+@VintfStability
 parcelable Void {}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
deleted file mode 100644
index bb194a3631..0000000000
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
+++ /dev/null
@@ -1,289 +0,0 @@
-/*
- * Copyright 2023 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.hardware.security.see.hwcrypto;
-
-import android.hardware.security.see.hwcrypto.IHwCryptoOperations;
-import android.hardware.security.see.hwcrypto.IOpaqueKey;
-import android.hardware.security.see.hwcrypto.KeyPolicy;
-import android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial;
-import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
-
-/*
- * Higher level interface to access and generate keys.
- */
-interface IHwCryptoKey {
-    /*
-     * Identifier for the requested device provided key. The currently supported identifiers are:
-     *
-     * DEVICE_BOUND_KEY:
-     *      This is a key unique to the device.
-     * BATCH_KEY:
-     *      This is a shared by a set of devices.
-     */
-    enum DeviceKeyId {
-        DEVICE_BOUND_KEY,
-        BATCH_KEY,
-    }
-
-    /*
-     * Identifier for the requested key slot. The currently supported identifiers are:
-     *
-     * KEYMINT_SHARED_HMAC_KEY:
-     *      This is the shared HMAC key that will now be computed by HwCryptoKey after participating
-     *      in the ISharedSecret protocol that can be shared with KeyMint and authenticators. See
-     *      ISharedSecret.aidl for more information.
-     */
-    enum KeySlot {
-        KEYMINT_SHARED_HMAC_KEY,
-    }
-
-    union DiceBoundDerivationKey {
-        /*
-         * Opaque to be used to derive the DICE bound key.
-         */
-        IOpaqueKey opaqueKey;
-
-        /*
-         * Device provided key to be used to derive the DICE bound key.
-         */
-        DeviceKeyId keyId;
-    }
-
-    parcelable DiceCurrentBoundKeyResult {
-        /*
-         * Key cryptographically bound to a DICE policy.
-         */
-        IOpaqueKey diceBoundKey;
-
-        /*
-         * Current dice policy which was used to generate the returned key. This policy is
-         * opaque from this service perspective (it will be sent to an Authentication Manager
-         * Service to be verified). It follows the structure defined on DicePolicy.cddl, located
-         * under hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/
-         * with the caveat that it could be encrypted if the client does not have enough permissions
-         * to see the device dice policy information.
-         */
-        byte[] dicePolicyForKeyVersion;
-    }
-
-    parcelable DiceBoundKeyResult {
-        /*
-         * Key cryptographically bound to a DICE policy.
-         */
-        IOpaqueKey diceBoundKey;
-
-        /*
-         * Indicates if the diceBoundKey returned was created using a current DICE policy. The
-         * caller can use this to detect if an old policy was provided and rotate its keys if so
-         * desired. Old, valid policies remain usable, but care needs to be taken to not continue to
-         * use a potentially compromised key.
-         */
-        boolean dicePolicyWasCurrent;
-    }
-
-    parcelable ClearKeyPolicy {
-        /*
-         * Indicates the desired key size. It will be used to calculate how many bytes of key
-         * material should be returned.
-         */
-        int keySizeBytes;
-    }
-
-    union DerivedKeyPolicy {
-        /*
-         * If used we will derive a clear key and pass it back as an array of bytes on
-         * <code>HwCryptoKeyMaterial::explicitKey</code>.
-         */
-        ClearKeyPolicy clearKey;
-
-        /*
-         * Policy for the newly derived opaque key. Defines how the key can be used and its type.
-         */
-        byte[] opaqueKey;
-    }
-
-    parcelable DerivedKeyParameters {
-        /*
-         * Key to be used to derive the new key using HKDF.
-         */
-        IOpaqueKey derivationKey;
-
-        /*
-         * Policy for the newly derived key. Depending on its type, either a clear or opaque key
-         * will be derived.
-         */
-        DerivedKeyPolicy keyPolicy;
-
-        /*
-         * An arbitrary set of bytes incorporated into the key derivation. May have
-         * an implementation-specific maximum length, but it is guaranteed to accept
-         * at least 32 bytes.
-         */
-        byte[] context;
-    }
-
-    union DerivedKey {
-        /*
-         * Derived key in clear format.
-         */
-        byte[] explicitKey = {};
-
-        /*
-         * Derived key as a key token to be used only through the HWCrypto service.
-         */
-        IOpaqueKey opaque;
-    }
-
-    /*
-     * deriveCurrentDicePolicyBoundKey() - Derives a versioned key tied to the caller's current DICE
-     *                              policy. It will return this current policy back to the caller
-     *                              along with the generated key.
-     *
-     * @derivationKey:
-     *     Key to be used to derive the new key using HKDF.
-     *
-     * Return:
-     *      Ok(DiceCurrentBoundKeyResult) on success, service specific error based on
-     *      <code>HalErrorCode</code> otherwise.
-     */
-    DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(
-            in DiceBoundDerivationKey derivationKey);
-
-    /*
-     * deriveDicePolicyBoundKey() - Derive a versioned key by checking the provided DICE policy
-     *                              against the caller and then using it as a context for deriving
-     *                              the returned key.
-     *
-     * @derivationKey:
-     *     Key to be used to derive the new key using HKDF.
-     *
-     * @dicePolicyForKeyVersion:
-     *     Policy used to derive keys tied to specific versions. Using this parameter
-     *     the caller can tie a derived key to a minimum version of itself, so in the future only
-     *     itself or a more recent version can derive the same key. This parameter is opaque to the
-     *     caller and it could be encrypted in the case the client doesn't have permission to know
-     *     the dice chain.
-     *     When implementing this function, this parameter shall be one of the components fed
-     *     to the KDF context and it needs to be checked against the caller DICE certificate before
-     *     being used.
-     *
-     * Return:
-     *      Ok(DiceBoundKeyResult) on success, service specific error based on
-     *      <code>HalErrorCode</code> otherwise.
-     */
-    DiceBoundKeyResult deriveDicePolicyBoundKey(
-            in DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);
-
-    /*
-     * deriveKey() - Derive a new key based on the given key, policy and context.
-     *
-     * @parameters:
-     *      Parameters used for the key derivation. See <code>DerivedKeyParameters</code> on this
-     *      file for more information.
-     *
-     * Return:
-     *      Ok(HwCryptoKeyMaterial) on success, service specific error based on
-     *      <code>HalErrorCode</code> otherwise.
-     */
-    DerivedKey deriveKey(in DerivedKeyParameters parameters);
-
-    /*
-     * getHwCryptoOperations() - Returns an interface used to work on opaque keys. This interface
-     *                           can also be used to operate on any opaque key generated by
-     *                           hwkeyDeriveVersioned, even if this key has been generated after
-     *                           retrieving a IHwCryptoOperations binder object, as long as the
-     *                           parent IHwCryptoDeviceKeyAccess is not dropped between retrieving
-     *                           the IHwCryptoOperations binder object and deriving the key.
-     *                           IHwCryptoOperations can also be used to create opaque keys that
-     *                           are not bound to the device.
-     *
-     * Return:
-     *      IHwCryptoOperations on success
-     */
-    IHwCryptoOperations getHwCryptoOperations();
-
-    /*
-     * importClearKey() - Imports a SW clear key into the secure environment.
-     *
-     * @keyMaterial:
-     *     key to be imported.
-     * @newKeyPolicy:
-     *      Policy of the new key. Defines how the newly created key can be used. Because any
-     *      clear key imported into the system is considered to have a
-     *      <code>KeyLifetime::PORTABLE</code> lifetime, a call to this function will return an
-     *      error if <code>newKeyPolicy.newKeyPolicy</code> is not set to portable.
-     *
-     * Return:
-     *      IOpaqueKey on success, service specific error based on <code>HalErrorCode</code>
-     *      otherwise.
-     */
-    IOpaqueKey importClearKey(in ExplicitKeyMaterial keyMaterial, in KeyPolicy newKeyPolicy);
-
-    /*
-     * getCurrentDicePolicy() - Returns the client current DICE policy. This policy is encrypted and
-     *                          considered opaque from the client perspective. This policy is the
-     *                          same used to create DICE bound keys and will also be used to seal
-     *                          secrets that can only be retrieved by the DICE policy owner. The
-     *                          first use of this seal operation will be
-     *                          <code>IOpaqueKey::getShareableToken</code> and
-     *                          <code>IHwCryptoKey::keyTokenImport</code>. To start this process,
-     *                          the intended key receiver will call this function and then pass the
-     *                          generated DICE policy to the owner of the key that the receiver
-     *                          wants to import. The key owner will then call
-     *                          <code>IOpaqueKey::getShareableToken</code> passing the receiver DICE
-     *                          policy to insure that only that receiver can import the key.
-     *
-     * Return:
-     *      byte[] on success, which is the caller encrypted DICE policy.
-     */
-    byte[] getCurrentDicePolicy();
-
-    /*
-     * key_token_import() - Imports a key from a different client service instance. Because
-     *                      IOpaqueKey are binder objects that cannot be directly shared between
-     *                      binder rpc clients, this method provide a way to send a key to another
-     *                      client. Keys to be imported by the receiver are represented by a token
-     *                      created using <code>IOpaqueKey::getShareableToken</code>. The flow
-     *                      to create this token is described in
-     *                      <code>IHwCryptoKey::getCurrentDicePolicy</code>.
-     *
-     * @requested_key:
-     *      Handle to the key to be imported to the caller service.
-     * @sealingDicePolicy:
-     *      DICE policy used to seal the exported key.
-     * Return:
-     *      A IOpaqueKey that can be directly be used on the local HWCrypto service on
-     *      success, service specific error based on <code>HalErrorCode</code> otherwise.
-     */
-    IOpaqueKey keyTokenImport(in OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);
-
-    /*
-     * getKeyslotData() - Gets the keyslot key material referenced by slotId.
-     *
-     * @slotId:
-     *      Identifier for the requested keyslot
-     *
-     * This interface is used to access device specific keys with known types and uses. Because the
-     * returned key is opaque, it can only be used through the different HwCrypto interfaces.
-     * Because the keys live in a global namespace the identity of the caller needs to be
-     * checked to verify that it has permission to accesses the requested key.
-     *
-     * Return:
-     *      Ok(IOpaqueKey) on success, UNAUTHORIZED if the caller cannot access the requested key,
-     *      another specific error code otherwise.
-     */
-    IOpaqueKey getKeyslotData(KeySlot slotId);
-}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
deleted file mode 100644
index 3cf467069c..0000000000
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.hardware.security.see.hwcrypto.types;
-
-/*
- * Enum describing all supported key types. Key types are strongly bound to the algorithm to
- * prevent reusing the same key on different algorithms (e.g. using the same key for 2 different AES
- * 128 Cipher modes).
- */
-enum KeyType {
-    AES_128_CBC_NO_PADDING,
-    AES_128_CBC_PKCS7_PADDING,
-    AES_128_CTR,
-    AES_128_GCM,
-    AES_128_CMAC,
-    AES_256_CBC_NO_PADDING,
-    AES_256_CBC_PKCS7_PADDING,
-    AES_256_CTR,
-    AES_256_GCM,
-    AES_256_CMAC,
-    HMAC_SHA256,
-    HMAC_SHA512,
-    RSA2048_PSS_SHA256,
-    RSA2048_PKCS1_5_SHA256,
-    ECC_NIST_P256_SIGN_NO_PADDING,
-    ECC_NIST_P256_SIGN_SHA256,
-    ECC_NIST_P521_SIGN_NO_PADDING,
-    ECC_NIST_P521_SIGN_SHA512,
-    ECC_ED25519_SIGN,
-}