keymaster: add factory-setup methods
Add the ProvisionDeviceIds and ReadTeeBatchCertificate
methods which get invoked at the device factory.
Bug: 74503339
Change-Id: I35b9bdb21ebc8cce35488f0759906f3da5a50e43
diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto
index d20d4c5..603e041 100644
--- a/nugget/proto/nugget/app/keymaster/keymaster.proto
+++ b/nugget/proto/nugget/app/keymaster/keymaster.proto
@@ -75,6 +75,10 @@
rpc SetRootOfTrust (SetRootOfTrustRequest) returns (SetRootOfTrustResponse);
// Only callable by the Bootloader.
rpc SetBootState (SetBootStateRequest) returns (SetBootStateResponse);
+ // Only callable at the Device Factory.
+ rpc ProvisionDeviceIds (ProvisionDeviceIdsRequest) returns (ProvisionDeviceIdsResponse);
+ // Only callable at the Device Factory.
+ rpc ReadTeeBatchCertificate (ReadTeeBatchCertificateRequest) returns (ReadTeeBatchCertificateResponse);
}
/*
@@ -267,4 +271,33 @@
message SetBootStateResponse {
// Specified in keymaster_defs.proto:ErrorCode
ErrorCode error_code = 1;
-}
\ No newline at end of file
+}
+
+// ProvisionDeviceIds
+// Only callable at the Device Factory
+message ProvisionDeviceIdsRequest {
+ bytes product_brand = 1;
+ bytes product_device = 2;
+ bytes product_name = 3;
+ bytes serialno = 4;
+ bytes product_manufacturer = 5;
+ bytes product_model = 6;
+ bytes imei = 7;
+ bytes meid = 8;
+}
+message ProvisionDeviceIdsResponse {
+ // Specified in keymaster_defs.proto:ErrorCode
+ ErrorCode error_code = 1;
+}
+
+// ReadTeeBatchCertificate
+// Only callable at the Device Factory
+message ReadTeeBatchCertificateRequest {
+ Algorithm algorithm = 1;
+}
+message ReadTeeBatchCertificateResponse {
+ ErrorCode error_code = 1;
+ RSAKey rsa = 2; // rsa or ec set based on request algorithm selector.
+ ECKey ec = 3;
+ bytes batch_cert = 4;
+}