[keystore2] Update comment when fetching rkpd attestation key

No code change. Test: atest keystore2_test Bug: 310047761 Change-Id: I4269bd4bc146ac0d0aa7b5ca9af93957399aa7b6
author: Alice Wang <aliceywang@google.com> 2023-11-24 08:36:51 +0000
committer: Alice Wang <aliceywang@google.com> 2023-11-24 08:36:51 +0000
commit: f7148408b5e7afda00c6e741c5493e63974bf223 (patch)
tree: d4f85ac3db0452ba626964177079030b39c86688
parent: 111900fbc6444290cf40083a3404977ea3790eb7 (diff)
download: security-f7148408b5e7afda00c6e741c5493e63974bf223.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index c6c4dc2b..0ef8c953 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@@ -130,8 +130,10 @@ fn get_rkpd_attestation_key(
     security_level: &SecurityLevel,
     caller_uid: u32,
 ) -> Result<RemotelyProvisionedKey> {
-    // The RPC name lookup logic should be encapsulated within this function
-    // to allow for fallback in case of an error.
+    // Depending on the Android release, RKP may not have been mandatory for the
+    // TEE or StrongBox KM instances. In such cases, lookup failure for the IRPC
+    // HAL service is WAI and should not cause a failure. The error should be caught
+    // by the calling function and allow for natural fallback to the factory key.
     let rpc_name = get_remotely_provisioned_component_name(security_level)
         .context(ks_err!("Trying to get IRPC name."))?;
     let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500);
author	Alice Wang <aliceywang@google.com>	2023-11-24 08:36:51 +0000
committer	Alice Wang <aliceywang@google.com>	2023-11-24 08:36:51 +0000
commit	f7148408b5e7afda00c6e741c5493e63974bf223 (patch)
tree	d4f85ac3db0452ba626964177079030b39c86688
parent	111900fbc6444290cf40083a3404977ea3790eb7 (diff)
download	security-f7148408b5e7afda00c6e741c5493e63974bf223.tar.gz