From f479b4b902d25e79b8a464b4ed793ec328a962b0 Mon Sep 17 00:00:00 2001 From: Seth Moore Date: Fri, 4 Nov 2022 17:39:05 +0000 Subject: [PATCH] Update README and CHANGELOG for RKP Bug: 254112961 Test: vts_treble_vintf_vendor_test Merged-In: Ib66fcbdbaadda3f32cd8423f61bd31d5f43dc44b Change-Id: Ib66fcbdbaadda3f32cd8423f61bd31d5f43dc44b --- security/keymint/README.md | 10 ++++++++++ .../RKP_CHANGELOG.md => rkp/CHANGELOG.md} | 6 ++++++ .../{keymint/RKP_README.md => rkp/README.md} | 16 ++++++++-------- 3 files changed, 24 insertions(+), 8 deletions(-) create mode 100644 security/keymint/README.md rename security/{keymint/RKP_CHANGELOG.md => rkp/CHANGELOG.md} (79%) rename security/{keymint/RKP_README.md => rkp/README.md} (95%) diff --git a/security/keymint/README.md b/security/keymint/README.md new file mode 100644 index 0000000000..54647af659 --- /dev/null +++ b/security/keymint/README.md @@ -0,0 +1,10 @@ +# KeyMint HAL + +This directory contains the HAL definition for KeyMint. KeyMint provides +cryptographic services in a hardware-isolated environment. + +Note that the `IRemotelyProvisionedComponent` HAL, and it's associated types, +used to also be defined in this directory. As of Android U, this HAL has been +moved to a different directory (../rkp). This move is ABI compatible, as the +interfaces have been maintained. The build is split so that the generated +code may be built with different options. diff --git a/security/keymint/RKP_CHANGELOG.md b/security/rkp/CHANGELOG.md similarity index 79% rename from security/keymint/RKP_CHANGELOG.md rename to security/rkp/CHANGELOG.md index 243fc26525..eb2041d146 100644 --- a/security/keymint/RKP_CHANGELOG.md +++ b/security/rkp/CHANGELOG.md @@ -19,6 +19,12 @@ This document provides an exact description of which changes have occurred in th * `uniqueId` String added as a field in order to differentiate IRPC instances on device. ## IRemotelyProvisionedComponent 2 -> 3 +* The RKP HAL now builds separately from KeyMint. + * The HAL remains under the `android.hardware.security.keymint` package for + compatibility with previous releases. ABI compatibility requires this. + * Dependencies on the RKP HAL must add a dependency on + `"android.hardware.security.rkp"` generated code (instead of + `"android.hardward.security.keymint"`). * ProtectedData has been removed. * DeviceInfo * `version` has moved to a top-level field within the CSR generated by the HAL diff --git a/security/keymint/RKP_README.md b/security/rkp/README.md similarity index 95% rename from security/keymint/RKP_README.md rename to security/rkp/README.md index 89a2598f66..5fb49486ce 100644 --- a/security/keymint/RKP_README.md +++ b/security/rkp/README.md @@ -6,8 +6,8 @@ Design a HAL to support over-the-air provisioning of certificates for asymmetric keys. The HAL must interact effectively with Keystore (and other daemons) and protect device privacy and security. -Note that this API is designed for KeyMint, but with the intention that it -should be usable for other HALs that require certificate provisioning. +Note that this API was originally designed for KeyMint, with the intention that +it should be usable for other HALs that require certificate provisioning. Throughout this document we'll refer to the Keystore and KeyMint (formerly called Keymaster) components, but only for concreteness and convenience; those labels could be replaced with the names of any system and secure area @@ -312,7 +312,7 @@ the range \[-70000, -70999\] (these are reserved for future additions here). ``` Please see -[ProtectedData.aidl](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl) +[ProtectedData.aidl](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/ProtectedData.aidl) for a full CDDL definition of the BCC. ### `CertificateRequest` @@ -366,9 +366,9 @@ Please see the related HAL documentation directly in the source code at the following links: * [IRemotelyProvisionedComponent - HAL](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl) -* [ProtectedData](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl) -* [MacedPublicKey](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/MacedPublicKey.aidl) -* [RpcHardwareInfo](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl) -* [DeviceInfo](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl) + HAL](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl) +* [ProtectedData](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/ProtectedData.aidl) +* [MacedPublicKey](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/MacedPublicKey.aidl) +* [RpcHardwareInfo](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl) +* [DeviceInfo](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/DeviceInfo.aidl)