diff options
author | Alice Wang <aliceywang@google.com> | 2023-11-24 15:40:49 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2023-11-24 15:40:49 +0000 |
commit | 0ecec06af2aa809bb090b7fc389482db3d4045af (patch) | |
tree | d4f85ac3db0452ba626964177079030b39c86688 | |
parent | 111900fbc6444290cf40083a3404977ea3790eb7 (diff) | |
parent | f7148408b5e7afda00c6e741c5493e63974bf223 (diff) | |
download | security-0ecec06af2aa809bb090b7fc389482db3d4045af.tar.gz |
Merge "[keystore2] Update comment when fetching rkpd attestation key" into main
-rw-r--r-- | keystore2/src/remote_provisioning.rs | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs index c6c4dc2b..0ef8c953 100644 --- a/keystore2/src/remote_provisioning.rs +++ b/keystore2/src/remote_provisioning.rs @@ -130,8 +130,10 @@ fn get_rkpd_attestation_key( security_level: &SecurityLevel, caller_uid: u32, ) -> Result<RemotelyProvisionedKey> { - // The RPC name lookup logic should be encapsulated within this function - // to allow for fallback in case of an error. + // Depending on the Android release, RKP may not have been mandatory for the + // TEE or StrongBox KM instances. In such cases, lookup failure for the IRPC + // HAL service is WAI and should not cause a failure. The error should be caught + // by the calling function and allow for natural fallback to the factory key. let rpc_name = get_remotely_provisioned_component_name(security_level) .context(ks_err!("Trying to get IRPC name."))?; let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500); |