From 192c575ffb193e1bcc7debf59b0a72a9dcc73ee0 Mon Sep 17 00:00:00 2001
From: Seth Moore <sethmo@google.com>
Date: Fri, 17 Mar 2023 15:33:30 -0700
Subject: [PATCH] Note the relationship of patchlevels with keymint

Some of the DeviceInfo must match existing tags in KeyMint, but this
was not documented.

Test: n/a
Change-Id: I7733e2a4b0c08b0b89ece41390c0ce0711459d82
---
 .../hardware/security/keymint/DeviceInfo.aidl  | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl b/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl
index bd278824f6..8456148635 100644
--- a/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl
+++ b/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl
@@ -48,9 +48,9 @@ parcelable DeviceInfo {
      *         ? "os_version" : tstr,                         ; Same as
      *                                                        ; android.os.Build.VERSION.release
      *                                                        ; Not optional for TEE.
-     *         "system_patch_level" : uint,                   ; YYYYMM
-     *         "boot_patch_level" : uint,                     ; YYYYMMDD
-     *         "vendor_patch_level" : uint,                   ; YYYYMMDD
+     *         "system_patch_level" : uint,     ; YYYYMM, must match KeyMint OS_PATCHLEVEL
+     *         "boot_patch_level" : uint,       ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
+     *         "vendor_patch_level" : uint,     ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
      *         "security_level" : "tee" / "strongbox",
      *         "fused": 1 / 0,  ; 1 if secure boot is enforced for the processor that the IRPC
      *                          ; implementation is contained in. 0 otherwise.
@@ -71,9 +71,9 @@ parcelable DeviceInfo {
      *         ? "os_version" : tstr,                         ; Same as
      *                                                        ; android.os.Build.VERSION.release
      *                                                        ; Not optional for TEE.
-     *         "system_patch_level" : uint,                   ; YYYYMM
-     *         "boot_patch_level" : uint,                     ; YYYYMMDD
-     *         "vendor_patch_level" : uint,                   ; YYYYMMDD
+     *         "system_patch_level" : uint,     ; YYYYMM, must match KeyMint OS_PATCHLEVEL
+     *         "boot_patch_level" : uint,       ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
+     *         "vendor_patch_level" : uint,     ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
      *         "version" : 2,                                 ; The CDDL schema version.
      *         "security_level" : "tee" / "strongbox",
      *         "fused": 1 / 0,  ; 1 if secure boot is enforced for the processor that the IRPC
@@ -93,9 +93,9 @@ parcelable DeviceInfo {
      *         ? "vbmeta_digest": bstr,                       ; Taken from the AVB values
      *         ? "os_version" : tstr,                         ; Same as
      *                                                        ; android.os.Build.VERSION.release
-     *         ? "system_patch_level" : uint,                 ; YYYYMM
-     *         ? "boot_patch_level" : uint,                   ; YYYYMMDD
-     *         ? "vendor_patch_level" : uint,                 ; YYYYMMDD
+     *         ? "system_patch_level" : uint,     ; YYYYMM, must match KeyMint OS_PATCHLEVEL
+     *         ? "boot_patch_level" : uint,       ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
+     *         ? "vendor_patch_level" : uint,     ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
      *         "version" : 1,                                 ; The CDDL schema version.
      *         "security_level" : "tee" / "strongbox"
      *         "att_id_state": "locked" / "open",  ; Attestation IDs State. If "locked", this