diff options
author | sachiyo <sachiyo@google.com> | 2019-06-28 14:03:22 -0700 |
---|---|---|
committer | Sachiyo Sugimoto <sachiyo@google.com> | 2019-08-24 01:17:07 +0000 |
commit | 5b2949355512406baac82d92ec2e08c7bdde84eb (patch) | |
tree | 2f847fb1fdf64538e579248ab3262d494aadfa12 /9_security-model | |
parent | 7c2e7933d0f27409890d9bb839fa6dca3af04f12 (diff) | |
download | platform_compatibility_cdd-5b2949355512406baac82d92ec2e08c7bdde84eb.tar.gz platform_compatibility_cdd-5b2949355512406baac82d92ec2e08c7bdde84eb.tar.bz2 platform_compatibility_cdd-5b2949355512406baac82d92ec2e08c7bdde84eb.zip |
CDD: Tighten keystore req
- Tighten the security consistently for Android ecosystem.
- Remove the condition of a secure lock screen for Keystore reqs for
form-factors (i.e. Handheld, Auto, TV) that have adopted keystore reqs.
Bug: 111748530
Change-Id: If7682e1410b52390135627d3edc9724d779a265f
Diffstat (limited to '9_security-model')
-rw-r--r-- | 9_security-model/9_11_keys-and-credentials.md | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/9_security-model/9_11_keys-and-credentials.md b/9_security-model/9_11_keys-and-credentials.md index a9d664aa..76cc51d8 100644 --- a/9_security-model/9_11_keys-and-credentials.md +++ b/9_security-model/9_11_keys-and-credentials.md @@ -40,9 +40,6 @@ prevent the keys from being used as device identifiers. One way of meeting this requirement is to share the same attestation key unless at least 100,000 units of a given SKU are produced. If more than 100,000 units of an SKU are produced, a different key MAY be used for each 100,000 units. -* [C-1-5] MUST allow the user to choose the Sleep timeout for transition from - the unlocked to the locked state, with a minimum allowable timout up to - 15 seconds. Note that if a device implementation is already launched on an earlier Android version, such a device is exempted from the requirement to have a keystore @@ -50,6 +47,10 @@ backed by an isolated execution environment and support the key attestation, unless it declares the `android.hardware.fingerprint` feature which requires a keystore backed by an isolated execution environment. +* [C-1-5] MUST allow the user to choose the Sleep timeout for transition from + the unlocked to the locked state, with a minimum allowable timout up to + 15 seconds. + ### 9.11.1\. Secure Lock Screen The AOSP implementation follows a tiered authentication model where a |