Merge "Clarify Secretkeeper comments" into main am: 99cf847175 am: 5605362e10

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2885127 Change-Id: I18dd3b8ff043e2ab2b0bacbb2814b36a9d0bbd65 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2026-02-01 11:36:00 +00:00 · 2023-12-20 19:17:15 +00:00
parent 38e4d70130 5605362e10
commit e0ef257a9c
2 changed files with 11 additions and 6 deletions
--- a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl
+++ b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl
@@ -39,9 +39,14 @@ interface ISecretkeeper {

    /**
     * Retrieve the instance of the `IAuthGraphKeyExchange` HAL that should be used for shared
-     * session key establishment.  These keys are used to perform encryption of messages as
+     * session key establishment. These keys are used to perform encryption of messages as
     * described in SecretManagement.cddl, allowing the client and Secretkeeper to have a
-     * cryptographically secure channel.
+     * cryptographically secure channel. In the key exchange protocol the client acts as P1
+     * (source) and Secretkeeper as P2 (sink). The interface returned here can be used to invoke
+     * methods on the sink.
+     *
+     * The client's identity is its DICE chain; Secretkeeper's identity is a
+     * per-boot key pair.
     */
    IAuthGraphKeyExchange getAuthGraphKe();

@@ -56,8 +61,8 @@ interface ISecretkeeper {
     * ProtectedRequestPacket & ProtectedResponsePacket using symmetric keys agreed between
     * the client & service. This cryptographic protection is required because the messages are
     * ferried via Android, which is allowed to be outside the TCB of clients (for example protected
-     * Virtual Machines). For this, service (& client) must implement a key exchange protocol, which
-     * is critical for establishing the secure channel.
+     * Virtual Machines). For this, service (& client) must implement the AuthGraph key exchange
+     * protocol to establish a secure channel between them.
     *
     * If an encrypted response cannot be generated, then a service-specific Binder error using one
     * of the ERROR_ codes above will be returned.
--- a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl
+++ b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl
@@ -91,7 +91,7 @@ ErrorCode = &(
    ; Requested Entry not found.
    ErrorCode_EntryNotFound: 3,
    ; Error happened while serialization or deserialization.
-    SerializationError: 4,
+    ErrorCode_SerializationError: 4,
    ; Indicates that Dice Policy matching did not succeed & hence access not granted.
    ErrorCode_DicePolicyError: 5,
 )
@@ -104,7 +104,7 @@ Result = &(
    GetSecretResult,
 )

-GetVersionResult = (version : uint)
+GetVersionResult = (1)

 StoreSecretResult = ()