diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
index 97f64e15..d34b3098 100644
--- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
+++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
@@ -3094,10 +3094,11 @@ OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void);
 
 /**
  * Return a device unique id. For devices with a keybox, retrieve the
- * DeviceID from the Keybox. For devices that have an OEM Certificate instead
- * of a keybox, it should set the device ID to a device-unique string, such
- * as the device serial number. The ID should be device-unique and it should
- * be stable -- i.e. it should not change across a device reboot or a system
+ * DeviceID from the Keybox. For devices that have an OEM Certificate, or if
+ * provisioning 4 is used, it should set the device ID to a device-unique
+ * string, such as the device serial number or a hash of the device public key
+ * in boot certificate chain. The ID should be device-unique and it should be
+ * stable -- i.e. it should not change across a device reboot or a system
  * upgrade. This shall match the device id found in the core provisioning
  * request message. The maximum length of the device id is 64 bytes. The
  * device ID field in a keybox is 32 bytes.
diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
index fb7d73d7..631335f4 100644
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -1522,6 +1522,27 @@ TEST_F(OEMCryptoProv40Test, InstallOemPrivateKeyCanBeUsed) {
                            public_key_signature2.size(), kSign_RSASSA_PSS));
 }
 
+TEST_F(OEMCryptoProv40Test, GetDeviceId) {
+  OEMCryptoResult sts;
+  std::vector<uint8_t> dev_id;
+  size_t dev_id_len = dev_id.size();
+  sts = OEMCrypto_GetDeviceID(dev_id.data(), &dev_id_len);
+  if (sts == OEMCrypto_ERROR_SHORT_BUFFER) {
+    ASSERT_GT(dev_id_len, 0u);
+    dev_id.resize(dev_id_len);
+    sts = OEMCrypto_GetDeviceID(dev_id.data(), &dev_id_len);
+  }
+  ASSERT_EQ(OEMCrypto_SUCCESS, sts);
+  dev_id.resize(dev_id_len);
+  cout << "             NormalGetDeviceId: dev_id = " << MaybeHex(dev_id)
+       << " len = " << dev_id_len << endl;
+  // Device id should be stable. Query again.
+  std::vector<uint8_t> dev_id2(dev_id_len);
+  sts = OEMCrypto_GetDeviceID(dev_id2.data(), &dev_id_len);
+  ASSERT_EQ(OEMCrypto_SUCCESS, sts);
+  ASSERT_EQ(dev_id2, dev_id);
+}
+
 //
 // AddKey Tests
 //