From 9b7f79cbf66c62d9831d84563913ba8206e86ef1 Mon Sep 17 00:00:00 2001 From: Seth Moore Date: Thu, 5 May 2022 11:01:33 -0700 Subject: [PATCH] Clean up description of IRemotelyProvisionedComponent uniqueId The identifier is to be used in telemetry to identify problematic implementations. Thus, it needs to be globally consistent, at least within a given device type. Test: None -- doc only changes Bug: 231495834 Change-Id: Ia55db336fa099d8e1196f6bfe2bafb6fa5ead329 Merged-In: Ia55db336fa099d8e1196f6bfe2bafb6fa5ead329 --- .../android/hardware/security/keymint/RpcHardwareInfo.aidl | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl index 3a4c233cf5..0cb33ce91e 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl +++ b/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl @@ -59,13 +59,17 @@ parcelable RpcHardwareInfo { * client should NOT interpret the content of the identifier in any way. The client can only * compare identifiers to determine if two IRemotelyProvisionedComponents share the same * implementation. Each IRemotelyProvisionedComponent implementation must have a distinct - * identifier from all other implementations on the same device. + * identifier from all other implementations, and it must be consistent across all devices. + * It's critical that this identifier not be usable to uniquely identify a specific device. * * This identifier must be consistent across reboots, as it is used to store and track * provisioned keys in a persistent, on-device database. * * uniqueId may not be empty, and must not be any longer than 32 characters. * + * A recommended construction for this value is "[Vendor] [Component Name] [Major Version]", + * e.g. "Google Trusty KeyMint 1". + * * This field was added in API version 2. * */