diff options
author | Shawn Willden <swillden@google.com> | 2015-10-14 14:57:50 -0600 |
---|---|---|
committer | Unsuk Jung <unsuk@google.com> | 2015-10-15 16:04:24 +0000 |
commit | 48289c61e03dd41c7f7a39bd1ae6fcebd5ed36da (patch) | |
tree | 9fc7f2a8106faee791e1dfcb659fc3408dc3ca0b | |
parent | 857d22c55e7f20e2a61b3a9248f27ed013e26743 (diff) | |
download | source.android.com-48289c61e03dd41c7f7a39bd1ae6fcebd5ed36da.tar.gz |
Change keymaster and gatekeeper requirements to strong recommendations.
The language as written required all devices with a TEE that are
upgraded to M to implement the new keymaster and gatekeeper modules.
This imposes a great burden on upgrading old devices, so this CL relaxes
the requirement.
Change-Id: Ia6313255ba78ac9be770a4b884bcf56c9838da82
-rw-r--r-- | src/compatibility/android-cdd.html | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/src/compatibility/android-cdd.html b/src/compatibility/android-cdd.html index e9a3eda4..e419c590 100644 --- a/src/compatibility/android-cdd.html +++ b/src/compatibility/android-cdd.html @@ -5009,21 +5009,24 @@ than 8,192 keys to be imported.</li> such as a Secure Element (SE) where a Trusted Execution Environment (TEE) can be implemented, then it: <ul> - <li>MUST back up the keystore implementation with the secure hardware. The upstream Android - Open Source Project provides the Keymaster Hardware Abstraction Layer (HAL) implementation - that can be used to satisfy this requirement.</li> - <li>MUST perform the lock screen authentication in the secure hardware and only when successful - allow the authentication-bound keys to be used. The upstream Android Open Source Project - provides the Gatekeeper Hardware Abstraction Layer (HAL) that can be used to satisfy this - requirement + <li>Is STRONGLY RECOMMENDED to back up the keystore implementation with the secure hardware. + The upstream Android Open Source Project provides the Keymaster Hardware Abstraction Layer + (HAL) implementation that can be used to satisfy this requirement.</li> + <li>MUST perform the lock screen authentication in the secure hardware if the device has a + hardware-backed keystore implementation and only when successful allow the authentication-bound + keys to be used. The upstream Android Open Source Project provides the Gatekeeper Hardware + Abstraction Layer (HAL) that can be used to satisfy this requirement [<a href="http://source.android.com/devices/tech/security/authentication/gatekeeper.html">Resources, 136</a>].</li> </ul> </li> </ul> -<p>Note that if a device implementation is already launched on an earlier Android version and has - not implemented a trusted operating system on the secure hardware, such a device cannot meet - the above TEE-related requirements through a system software update and thus is exempted from these TEE-related requirements.</p> +<p>Note that while the above TEE-related requirements are stated as STRONGLY RECOMMENDED, the + Compatibility Definition for the next API version is planned to changed these to REQIUIRED. If a + device implementation is already launched on an earlier Android version and has not implemented a + trusted operating system on the secure hardware, such a device might not be able to meet the + requirements through a system software update and thus is STRONGLY RECOMMENDED to implement a + TEE.</p> <h2 id="9_12_data_deletion">9.12. Data Deletion</h2> |