diff --git a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
index 153a04f2b5..abb2a7b7cd 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
@@ -40,7 +40,9 @@ parcelable DeviceInfo {
      *         "vb_state" : "green" / "yellow" / "orange",    // Taken from the AVB values
      *         "bootloader_state" : "locked" / "unlocked",    // Taken from the AVB values
      *         "vbmeta_digest": bstr,                         // Taken from the AVB values
-     *         "os_version" : tstr,                      // Same as android.os.Build.VERSION.release
+     *         ? "os_version" : tstr,                         // Same as
+     *                                                        // android.os.Build.VERSION.release
+     *                                                        // Not optional for TEE.
      *         "system_patch_level" : uint,                   // YYYYMMDD
      *         "boot_patch_level" : uint,                     // YYYYMMDD
      *         "vendor_patch_level" : uint,                   // YYYYMMDD
diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 927d7d7daf..e2d75ce099 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -492,7 +492,6 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
                 ASSERT_NE(allowList.find(deviceInfo->get("bootloader_state")->asTstr()->value()),
                           allowList.end());
                 checkType(deviceInfo, cppbor::BSTR, "vbmeta_digest");
-                checkType(deviceInfo, cppbor::TSTR, "os_version");
                 checkType(deviceInfo, cppbor::UINT, "system_patch_level");
                 checkType(deviceInfo, cppbor::UINT, "boot_patch_level");
                 checkType(deviceInfo, cppbor::UINT, "vendor_patch_level");
@@ -502,6 +501,9 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
                 allowList = getAllowedSecurityLevels();
                 ASSERT_NE(allowList.find(deviceInfo->get("security_level")->asTstr()->value()),
                           allowList.end());
+                if (deviceInfo->get("security_level")->asTstr()->value() == "tee") {
+                    checkType(deviceInfo, cppbor::TSTR, "os_version");
+                }
                 break;
             case 1:
                 checkType(deviceInfo, cppbor::TSTR, "security_level");