xref: /aosp_15_r20/external/open-dice/docs/android.md (revision 60b67249c2e226f42f35cc6cfe66c6048e0bae6b)

# Android Profile for DICE

[TOC]

## Background

The Android Profile for DICE is a specialization of the [Open Profile for
DICE](specification.md) that provides additional detail around algorithms,
certificates, and configuration descriptor. The choices are made to meet the
needs of the Android ecosystem.

This profile is not always a strict refinement of the Open Profile for DICE as
it also forced to address practical concerns such as workarounds for errata in
ROMs that require a relaxation of the base specification. However, the objective
is to avoid these where practical.

## Cryptographic Algorithms

The choice of algorithm must remain consistent with any given certificate e.g.
if SHA-256 is the hash algorithm used for the code hash then the authority hash,
config hash, etc. must also use SHA-256.

See the Open Profile for DICE's [acceptable cryptographic
algorithms](specification.md#acceptable-cryptographic-algorithms) for more
detail on specific algorithms.

### Hash Algorithms

Acceptable hash algorithms are:

*   SHA-256, SHA-384, SHA-512

Unlike the Open Profile for DICE, digests can be used as DICE inputs at their
output size without needing to be resized to 64 bytes. The value that is used as
the DICE input must be listed in the certificate. E.g. SHA-256 digests can be
used as 32-byte DICE inputs with the same 32 bytes encoded as a byte string in
the certificate.

### Key Derivation Functions

HKDF with a [supported hash algorithm](#hash-algorithms), or
[CKDF](https://datatracker.ietf.org/doc/html/draft-agl-ckdf-00) for all key
derivation.

### Digital Signatures

Ed25519 is recommended for performance and memory usage reasons. ECDSA with
curves P-256 or P-384 are acceptable.

## Certificate Details

Only CBOR certificates are allowed by this profile. Other certificate types,
such as X.509, must not be used.

### Mode

A certificate must only set the mode to `normal` when all of the following
conditions are met when loading and verifying the software component that is
being described by the certificate:

*   secure/verified boot with anti-rollback protection is enabled
*   only the secure/verified boot authorities for production images are enabled
*   debug ports, fuses, or other debug facilities are disabled
*   device booted software from the normal primary source e.g. internal flash

The mode should never be `not configured`.

### Configuration descriptor

The configuration descriptor is a CBOR map. Only key values less than -65536
are used as this is conventionally reserved for private use in IANA
assignments. The key value range \[-70000, -70999\] is reserved for use by this
profile. Implementation-specific fields may be added using key values outside
of the reserved range.

Unless explicitly stated as required in the [versions](#versions) section, each
field is optional. If no fields are relevant, an empty map should be encoded.

Name                   | Key    | Value type      | Meaning
---                    | ---    | ---                  | ---
Component name    | -70002 | tstr                 | Name of the component
Component version | -70003 | int / tstr | Version of the component
Resettable             | -70004 | null                 | If present, key changes on factory reset
Security version  | -70005 | uint                 | Machine-comparable, monotonically increasing version of the component where a greater value indicates a newer version. This value must increment for every update that changes the code hash, for example by using the timestamp of the version's release.
[RKP VM][rkp-vm] marker | -70006 | null      | See the [Android HAL documentation][rkp-hal-readme] for precise semantics, as they vary by Android version.
Component instance name | -70007 | tstr      | When component is meant as a type, class or category, one can further specify the particular instance of that component.

[rkp-vm]: https://android.googlesource.com/platform/packages/modules/Virtualization/+/main/docs/service_vm.md#rkp-vm-remote-key-provisioning-virtual-machine
[rkp-hal-readme]: https://android.googlesource.com/platform/hardware/interfaces/+/main/security/rkp/README.md

### Versions

Android is an evolving ecosystem with compatibility requirements that enable
devices to continue being updated. Explicit versioning of certificates in the
DICE chain allows continued compatibility between higher-level software that
updates and lower-level software (such as ROM) that might not update.

Versions of this profile are identified by their profile name which is composed
of the prefix `"android."` followed by the Android version number it aligns
with. Certificates declare which profile they are following in the `profileName`
field defined by the [Open Profile for DICE](specification.md). If no profile
name is included in the certificate, `"android.14"` is assumed.

Within a DICE chain, the version of the profile used in each certificate must
be the same or greater than the version used in the previous certificate. This
ensures the all certificates are aware of, and can maintain, any chain
invariants that can be added in any version of the profile.

Android provides the [`hwtrust`][hwtrust-tool] tool which can validate that
certificate chains conform to this profile and can assist in diagnosing
problems.

[hwtrust-tool]: https://cs.android.com/android/platform/superproject/main/+/main:tools/security/remote_provisioning/hwtrust/README.md

The version-specific details listed below are non-cumulative so only apply to
the version they are listed under.

#### `"android.14"`

The profile named `"android.14"` aligns with Android 14.

*   Based on the [Open Profile for DICE v2.4][open-dice-v2.4].
*   The `configurationHash` field is permitted to be missing rather than being
    required, as specified by the Open Profile for DICE.
*   The `mode` field is permitted to be encoded as an integer rather than the
    byte string that is specified by the Open Profile for DICE.
*   The `keyUsage` field is permitted to be encoded in big-endian byte order as
    well as the little-endian byte order that is specified by the Open Profile
    for DICE. As a result of this erratum workaround, the value is ambiguous and
    verifiers might not be able to rely on this value.

#### `"android.15"`

The profile named `"android.15"` aligns with Android 15. It is backwards
compatible with the previous versions of the Andorid Profile for DICE.

*   Based on the [Open Profile for DICE v2.5][open-dice-v2.5].
*   The `configurationHash` field is permitted to be missing rather than being
    required, as specified by the Open Profile for DICE.

#### `"android.16"`

The profile named `"android.16"` aligns with Android 16 and is still subject to
change. It is backwards compatible with the previous versions of the Android
Profile for DICE.

*   Based on the [Open Profile for DICE v2.5][open-dice-v2.5].
*   The security version field of the [configuration
    descriptor](#configuration-descriptor) is required.

[open-dice-v2.4]: https://pigweed.googlesource.com/open-dice/+/f9f454ae493bfe76ec2af8011eb7543c20c5ffc2/docs/specification.md
[open-dice-v2.5]: https://pigweed.googlesource.com/open-dice/+/0b5044098bf9b40128927d675dea4ec1fb75c510/docs/specification.md