security/rkp/CHANGELOG.md - platform/hardware/interfaces - Git at Google

 # Remote Provisioning Changelog

 This document provides an exact description of which changes have occurred in the
 `IRemotelyProvisionedComponent` HAL interface in each Android release.

 ## Releases
 * **Android S (12):** IRemotelyProvisionedComponent v1
 * **Android T (13):** IRemotelyProvisionedComponent v2
 * **Android U (14):** IRemotelyProvisionedComponent v3

 ## IRemotelyProvisionedComponent 1 -> 2
 * DeviceInfo
   * Most entries are no longer optional.
   * `att_id_state` is now `fused`. `fused` is used to indicate if SecureBoot is enabled.
   * `version` is now `2`.
   * `board` has been removed.
   * `device` has been added.
 * RpcHardwareInfo
   * `uniqueId` String added as a field in order to differentiate IRPC instances on device.

 ## IRemotelyProvisionedComponent 2 -> 3
 * The RKP HAL now builds separately from KeyMint.
   * The HAL remains under the `android.hardware.security.keymint` package for
     compatibility with previous releases. ABI compatibility requires this.
   * Dependencies on the RKP HAL must add a dependency on
     `"android.hardware.security.rkp"` generated code (instead of
     `"android.hardward.security.keymint"`).
 * ProtectedData has been removed.
 * DeviceInfo
   * `version` has moved to a top-level field within the CSR generated by the HAL.
 * IRemotelyProvisionedComponent
   * The need for an EEK has been removed. There is no longer an encrypted portion of the CSR.
   * Keys for new CSR format must be generated with test mode set to false, effectively removing test
     mode in the new CSR flow.
   * The schema for the CSR itself has been significantly simplified, please see
     IRemotelyProvisionedComponent.aidl for more details. Notably,
     * the chain of signing, MACing, and encryption operations has been replaced with a single
       COSE_Sign1 object.
     * CertificateType has been added to identify the type of certificate being requested.
     * The structure has been composed to enable a clear split between what is required to validate a
       payload and the implementation-defined payload itself. This is done by creating a typed
       `AuthenticatedRequest<T>` object representing the top level data required to authenticate
       the data provided in the payload, `T`.
   * The new CSR format supports P-384 signing keys and SHA-384 hashes in the DICE chain.
   * The component version can now be either an int or a string.
 * RpcHardwareInfo
   * `supportedNumKeysInCsr` added to report the maximum number of keys supported in a CSR.
   * `supportedEekCurve` is no longer used, due to the removal of the EEK from the scheme.
	# Remote Provisioning Changelog

	This document provides an exact description of which changes have occurred in the
	`IRemotelyProvisionedComponent` HAL interface in each Android release.

	## Releases
	* Android S (12): IRemotelyProvisionedComponent v1
	* Android T (13): IRemotelyProvisionedComponent v2
	* Android U (14): IRemotelyProvisionedComponent v3

	## IRemotelyProvisionedComponent 1 -> 2
	* DeviceInfo
	* Most entries are no longer optional.
	* `att_id_state` is now `fused`. `fused` is used to indicate if SecureBoot is enabled.
	* `version` is now `2`.
	* `board` has been removed.
	* `device` has been added.
	* RpcHardwareInfo
	* `uniqueId` String added as a field in order to differentiate IRPC instances on device.

	## IRemotelyProvisionedComponent 2 -> 3
	* The RKP HAL now builds separately from KeyMint.
	* The HAL remains under the `android.hardware.security.keymint` package for
	compatibility with previous releases. ABI compatibility requires this.
	* Dependencies on the RKP HAL must add a dependency on
	`"android.hardware.security.rkp"` generated code (instead of
	`"android.hardward.security.keymint"`).
	* ProtectedData has been removed.
	* DeviceInfo
	* `version` has moved to a top-level field within the CSR generated by the HAL.
	* IRemotelyProvisionedComponent
	* The need for an EEK has been removed. There is no longer an encrypted portion of the CSR.
	* Keys for new CSR format must be generated with test mode set to false, effectively removing test
	mode in the new CSR flow.
	* The schema for the CSR itself has been significantly simplified, please see
	IRemotelyProvisionedComponent.aidl for more details. Notably,
	* the chain of signing, MACing, and encryption operations has been replaced with a single
	COSE_Sign1 object.
	* CertificateType has been added to identify the type of certificate being requested.
	* The structure has been composed to enable a clear split between what is required to validate a
	payload and the implementation-defined payload itself. This is done by creating a typed
	`AuthenticatedRequest<T>` object representing the top level data required to authenticate
	the data provided in the payload, `T`.
	* The new CSR format supports P-384 signing keys and SHA-384 hashes in the DICE chain.
	* The component version can now be either an int or a string.
	* RpcHardwareInfo
	* `supportedNumKeysInCsr` added to report the maximum number of keys supported in a CSR.
	* `supportedEekCurve` is no longer used, due to the removal of the EEK from the scheme.