From 5b2949355512406baac82d92ec2e08c7bdde84eb Mon Sep 17 00:00:00 2001 From: sachiyo Date: Fri, 28 Jun 2019 14:03:22 -0700 Subject: CDD: Tighten keystore req - Tighten the security consistently for Android ecosystem. - Remove the condition of a secure lock screen for Keystore reqs for form-factors (i.e. Handheld, Auto, TV) that have adopted keystore reqs. Bug: 111748530 Change-Id: If7682e1410b52390135627d3edc9724d779a265f --- 9_security-model/9_11_keys-and-credentials.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to '9_security-model') diff --git a/9_security-model/9_11_keys-and-credentials.md b/9_security-model/9_11_keys-and-credentials.md index a9d664aa..76cc51d8 100644 --- a/9_security-model/9_11_keys-and-credentials.md +++ b/9_security-model/9_11_keys-and-credentials.md @@ -40,9 +40,6 @@ prevent the keys from being used as device identifiers. One way of meeting this requirement is to share the same attestation key unless at least 100,000 units of a given SKU are produced. If more than 100,000 units of an SKU are produced, a different key MAY be used for each 100,000 units. -* [C-1-5] MUST allow the user to choose the Sleep timeout for transition from - the unlocked to the locked state, with a minimum allowable timout up to - 15 seconds. Note that if a device implementation is already launched on an earlier Android version, such a device is exempted from the requirement to have a keystore @@ -50,6 +47,10 @@ backed by an isolated execution environment and support the key attestation, unless it declares the `android.hardware.fingerprint` feature which requires a keystore backed by an isolated execution environment. +* [C-1-5] MUST allow the user to choose the Sleep timeout for transition from + the unlocked to the locked state, with a minimum allowable timout up to + 15 seconds. + ### 9.11.1\. Secure Lock Screen The AOSP implementation follows a tiered authentication model where a -- cgit v1.2.3