blob: edc695d301b50392bd7981b70cf384d934448cd5 [file] [log] [blame]
* Copyright (C) 2019 The Android Open Source Project
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* See the License for the specific language governing permissions and
* limitations under the License.
package android.hardware.rebootescrow;
* This HAL defines the interface to the device-specific implementation
* of retaining a secret to unlock the Synthetic Password stored during
* a reboot to perform an OTA update. The implementation of this interface
* should never store the key on any non-volatile medium. The key should be
* overwritten with zeroes when destroyKey() is called. All care should be given
* to provide the shortest lifetime for the storage of the key in volatile and
* erasable storage.
* This HAL is optional so does not require an implementation on device.
interface IRebootEscrow {
* Store the key for reboot.
void storeKey(in byte[] kek);
* Retrieve the possible keys. If the implementation is probabalistic, it
* should return the keys in order from most-probable to least-probable.
* There is not a hard limit to the number of keys, but it is suggested to
* keep the number of key possibilities less than 32.
byte[] retrieveKey();