diff options
author | Alice Wang <aliceywang@google.com> | 2023-11-24 08:36:51 +0000 |
---|---|---|
committer | Alice Wang <aliceywang@google.com> | 2023-11-24 08:36:51 +0000 |
commit | f7148408b5e7afda00c6e741c5493e63974bf223 (patch) | |
tree | d4f85ac3db0452ba626964177079030b39c86688 | |
parent | 111900fbc6444290cf40083a3404977ea3790eb7 (diff) | |
download | security-f7148408b5e7afda00c6e741c5493e63974bf223.tar.gz |
[keystore2] Update comment when fetching rkpd attestation key
No code change.
Test: atest keystore2_test
Bug: 310047761
Change-Id: I4269bd4bc146ac0d0aa7b5ca9af93957399aa7b6
-rw-r--r-- | keystore2/src/remote_provisioning.rs | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs index c6c4dc2b..0ef8c953 100644 --- a/keystore2/src/remote_provisioning.rs +++ b/keystore2/src/remote_provisioning.rs @@ -130,8 +130,10 @@ fn get_rkpd_attestation_key( security_level: &SecurityLevel, caller_uid: u32, ) -> Result<RemotelyProvisionedKey> { - // The RPC name lookup logic should be encapsulated within this function - // to allow for fallback in case of an error. + // Depending on the Android release, RKP may not have been mandatory for the + // TEE or StrongBox KM instances. In such cases, lookup failure for the IRPC + // HAL service is WAI and should not cause a failure. The error should be caught + // by the calling function and allow for natural fallback to the factory key. let rpc_name = get_remotely_provisioned_component_name(security_level) .context(ks_err!("Trying to get IRPC name."))?; let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500); |