Merge "CDD: Clarified hardware-backed keystore requirement." into nougat-mr1-dev am: 83536f4d73 am: 06f0abad22 am: 8ab2128766 Change-Id: I593c0d90730a45900a06c70d117092401a48e319

commit: f98204d3d965a7a9013e40d85eaf3ff2cfaecd4c [log] [tgz]
author: Vikas Marwaha <vikasmarwaha@google.com> Thu Apr 20 18:10:22 2017 +0000
committer: android-build-merger <android-build-merger@google.com> Thu Apr 20 18:10:22 2017 +0000
tree: 367608cab9ecb960a1a0f55d0f44bd79a4d7935a
parent: 07b15253a1f923bb57d1de86caa09f629c738b0b [diff]
parent: 8ab21287661ded1ae8334ed619bc765ffdd6cc8b [diff]
diff --git a/9_security-model/9_11_keys-and-credentials.md b/9_security-model/9_11_keys-and-credentials.md
index 8cb497b..0d0dff2 100644
--- a/9_security-model/9_11_keys-and-credentials.md
+++ b/9_security-model/9_11_keys-and-credentials.md

@@ -24,9 +24,10 @@
     (HAL)](http://source.android.com/devices/tech/security/authentication/gatekeeper.html)
     that can be used to satisfy this requirement.
 
-Note that if a device implementation is already launched on an earlier Android version, and does
-not have a fingerprint scanner, such a device is exempted from the requirement to have a
-hardware-backed keystore.
+Note that if a device implementation is already launched on an earlier Android
+version, such a device is exempted from the requirement to have a
+hardware-backed keystore, unless it declares the `android.hardware.fingerprint`
+feature which requires a hardware-backed keystore.
 
 ### 9.11.1\. Secure Lock Screen
commit	f98204d3d965a7a9013e40d85eaf3ff2cfaecd4c	[log] [tgz]
author	Vikas Marwaha <vikasmarwaha@google.com>	Thu Apr 20 18:10:22 2017 +0000
committer	android-build-merger <android-build-merger@google.com>	Thu Apr 20 18:10:22 2017 +0000
tree	367608cab9ecb960a1a0f55d0f44bd79a4d7935a
parent	07b15253a1f923bb57d1de86caa09f629c738b0b [diff]
parent	8ab21287661ded1ae8334ed619bc765ffdd6cc8b [diff]