# Remote Provisioning Changelog This document provides an exact description of which changes have occurred in the `IRemotelyProvisionedComponent` HAL interface in each Android release. ## Releases * **Android S (12):** IRemotelyProvisionedComponent v1 * **Android T (13):** IRemotelyProvisionedComponent v2 * **Android U (14):** IRemotelyProvisionedComponent v3 ## IRemotelyProvisionedComponent 1 -> 2 * DeviceInfo * Most entries are no longer optional. * `att_id_state` is now `fused`. `fused` is used to indicate if SecureBoot is enabled. * `version` is now `2`. * `board` has been removed. * `device` has been added. * RpcHardwareInfo * `uniqueId` String added as a field in order to differentiate IRPC instances on device. ## IRemotelyProvisionedComponent 2 -> 3 * The RKP HAL now builds separately from KeyMint. * The HAL remains under the `android.hardware.security.keymint` package for compatibility with previous releases. ABI compatibility requires this. * Dependencies on the RKP HAL must add a dependency on `"android.hardware.security.rkp"` generated code (instead of `"android.hardward.security.keymint"`). * ProtectedData has been removed. * DeviceInfo * `version` has moved to a top-level field within the CSR generated by the HAL. * IRemotelyProvisionedComponent * The need for an EEK has been removed. There is no longer an encrypted portion of the CSR. * Keys for new CSR format must be generated with test mode set to false, effectively removing test mode in the new CSR flow. * The schema for the CSR itself has been significantly simplified, please see IRemotelyProvisionedComponent.aidl for more details. Notably, * the chain of signing, MACing, and encryption operations has been replaced with a single COSE_Sign1 object. * CertificateType has been added to identify the type of certificate being requested. * The structure has been composed to enable a clear split between what is required to validate a payload and the implementation-defined payload itself. This is done by creating a typed `AuthenticatedRequest` object representing the top level data required to authenticate the data provided in the payload, `T`. * The new CSR format supports P-384 signing keys and SHA-384 hashes in the DICE chain. * The component version can now be either an int or a string. * RpcHardwareInfo * `supportedNumKeysInCsr` added to report the maximum number of keys supported in a CSR. * `supportedEekCurve` is no longer used, due to the removal of the EEK from the scheme.