diff options
author | Andrew Scull <ascull@google.com> | 2023-11-28 14:23:01 +0000 |
---|---|---|
committer | CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-11-28 14:23:01 +0000 |
commit | 1ce7fb54be6d084f26a1faf1c0a00629d7c4a520 (patch) | |
tree | 1a9d4115cea3ab5fceac2ddf792199454d72f629 | |
parent | 0028ac547841feee4c9df47deddc406de72f9a7b (diff) | |
download | open-dice-1ce7fb54be6d084f26a1faf1c0a00629d7c4a520.tar.gz |
Clarify the security version field
Explain that the security version field must increment for every code
update. This intends to exclude implementations that only update the
security version selectively, possibly after multiple code updates have
been applied.
Change-Id: Ie47e85ddb2411a773f959be5bd953197c6c73af5
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/181132
Reviewed-by: Darren Krahn <dkrahn@google.com>
Commit-Queue: Auto-Submit <auto-submit@pigweed-service-accounts.iam.gserviceaccount.com>
Pigweed-Auto-Submit: Andrew Scull <ascull@google.com>
Reviewed-by: Max Bires <jbires@google.com>
-rw-r--r-- | docs/android.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/android.md b/docs/android.md index 6398996..11a8960 100644 --- a/docs/android.md +++ b/docs/android.md @@ -76,12 +76,12 @@ of the reserved range. Unless explicitly stated as required in the [versions](#versions) section, each field is optional. If no fields are relevant, an empty map should be encoded. -Name | Key | Value type | Meaning +Name | Key | Value type | Meaning --- | --- | --- | --- Component name | -70002 | tstr | Name of the component Component version | -70003 | int / tstr | Version of the component Resettable | -70004 | null | If present, key changes on factory reset -Security version | -70005 | uint | Machine-comparable, monotonically increasing version of the component where a greater value indicates a newer version, for example, the anti-rollback counter +Security version | -70005 | uint | Machine-comparable, monotonically increasing version of the component where a greater value indicates a newer version. This value must increment for every update that changes the code hash, for example by using the timestamp of the version's release. [RKP VM][rkp-vm] marker | -70006 | null | If present, the component can take part in running a VM that can receive an attestation certificate from an [RKP Service][rkp-service]. [rkp-vm]: https://android.googlesource.com/platform/packages/modules/Virtualization/+/main/service_vm/README.md#rkp-vm-remote-key-provisioning-virtual-machine |