Add KM_TRUSTED_CONFIRMATION_REQUIRED
This was added in KM4, but didn't make it into this header.
Additionally, KM_TAG_UNLOCKED_DEVICE_REQUIRED was squatting on
KM_TRUSTED_CONFIRMATION_REQUIRED's number.
See hardware/interfaces/keymaster/4.0/types.hal for correct numbering.
Bug: 128851722
Test: Keymaster VTS 4.0 + Trusty
Change-Id: I89117ffe91602884edb8dd19ffd22e659f40fb1c
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h
index 196062e..eca484c 100644
--- a/include/hardware/keymaster_defs.h
+++ b/include/hardware/keymaster_defs.h
@@ -112,7 +112,9 @@
KM_TAG_ALLOW_WHILE_ON_BODY = KM_BOOL | 506, /* Allow key to be used after authentication timeout
* if device is still on-body (requires secure
* on-body sensor. */
- KM_TAG_UNLOCKED_DEVICE_REQUIRED = KM_BOOL | 508, /* Require the device screen to be unlocked if the
+ KM_TAG_TRUSTED_CONFIRMATION_REQUIRED = KM_BOOL | 508, /* Require user confirmation through a
+ * trusted UI to use this key */
+ KM_TAG_UNLOCKED_DEVICE_REQUIRED = KM_BOOL | 509, /* Require the device screen to be unlocked if the
* key is used. */
/* Application access control */
@@ -454,6 +456,7 @@
KM_ERROR_KEYMASTER_NOT_CONFIGURED = -64,
KM_ERROR_ATTESTATION_APPLICATION_ID_MISSING = -65,
KM_ERROR_CANNOT_ATTEST_IDS = -66,
+ KM_ERROR_NO_USER_CONFIRMATION = -71,
KM_ERROR_DEVICE_LOCKED = -72,
KM_ERROR_UNIMPLEMENTED = -100,