xref: /aosp_15_r20/hardware/interfaces/security/rkp/CHANGELOG.md (revision 4d7e907c777eeecc4c5bd7cf640a754fac206ff7) 
1# Remote Provisioning Changelog
2
3This document provides an exact description of which changes have occurred in the
4`IRemotelyProvisionedComponent` HAL interface in each Android release.
5
6## Releases
7* **Android S (12):** IRemotelyProvisionedComponent v1
8* **Android T (13):** IRemotelyProvisionedComponent v2
9* **Android U (14):** IRemotelyProvisionedComponent v3
10
11## IRemotelyProvisionedComponent 1 -> 2
12* DeviceInfo
13  * Most entries are no longer optional.
14  * `att_id_state` is now `fused`. `fused` is used to indicate if SecureBoot is enabled.
15  * `version` is now `2`.
16  * `board` has been removed.
17  * `device` has been added.
18* RpcHardwareInfo
19  * `uniqueId` String added as a field in order to differentiate IRPC instances on device.
20
21## IRemotelyProvisionedComponent 2 -> 3
22* The RKP HAL now builds separately from KeyMint.
23  * The HAL remains under the `android.hardware.security.keymint` package for
24    compatibility with previous releases. ABI compatibility requires this.
25  * Dependencies on the RKP HAL must add a dependency on
26    `"android.hardware.security.rkp"` generated code (instead of
27    `"android.hardward.security.keymint"`).
28* ProtectedData has been removed.
29* DeviceInfo
30  * `version` has moved to a top-level field within the CSR generated by the HAL.
31* IRemotelyProvisionedComponent
32  * The need for an EEK has been removed. There is no longer an encrypted portion of the CSR.
33  * Keys for new CSR format must be generated with test mode set to false, effectively removing test
34    mode in the new CSR flow.
35  * The schema for the CSR itself has been significantly simplified, please see
36    IRemotelyProvisionedComponent.aidl for more details. Notably,
37    * the chain of signing, MACing, and encryption operations has been replaced with a single
38      COSE_Sign1 object.
39    * CertificateType has been added to identify the type of certificate being requested.
40    * The structure has been composed to enable a clear split between what is required to validate a
41      payload and the implementation-defined payload itself. This is done by creating a typed
42      `AuthenticatedRequest<T>` object representing the top level data required to authenticate
43      the data provided in the payload, `T`.
44  * The new CSR format supports P-384 signing keys and SHA-384 hashes in the DICE chain.
45  * The component version can now be either an int or a string.
46* RpcHardwareInfo
47  * `supportedNumKeysInCsr` added to report the maximum number of keys supported in a CSR.
48  * `supportedEekCurve` is no longer used, due to the removal of the EEK from the scheme.
49