widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update documentation for BCC signature generation

Browse Source 
Including the option of signing by keybox and some disclaimers..

Bug: 297918188
Change-Id: Ic6294ea9f04f6fa6dd721242c8539341157c1292
This commit is contained in:
Cong Lin
2023-12-11 10:47:15 -08:00
committed by Robert Shih
parent 746bab1712
commit f94a8dfac9
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
View File

@@ -2952,10 +2952,12 @@ OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox_or_cert,
* Install a factory generated signature for the BCC. This is for devices that
* use Provisioning 4.0, with the signing option in the factory. With the
* signing option, the BCC is extracted from the device in the factory. Instead
* of being uploaded to the Widevine server, the BCC is signed by a certificate
* that the manufacturer shares with Widevine. The signature is then installed
* on the device is a secure location. The signature must not be erased during
* factory reset.
* of being uploaded to the Widevine server, the BCC is signed by either a
* certificate that the manufacturer shares with Widevine, or the keybox on the
* device. The signature is then installed on the device in a secure location.
* The signature must not be erased during factory reset. Please work with your
* Widevine Partner Engineer before implementing this function to make sure the
* installed signature is in the expected format.
*
* This signature should be returned as `addition_signature` in a call to the
* function `OEMCrypto_GetBootCertificateChain()`.
@@ -4905,8 +4907,10 @@ OEMCryptoResult OEMCrypto_ShrinkUsageTableHeader(uint32_t new_entry_count,
* output, the number of bytes written into the buffer.
* @param[out] additional_signature: pointer to the buffer that receives
* additional device key signature (certificate chain). This field is only
* used by the signing model where a vendor certificate is available on the
* device.
* used by the signing model where either a vendor certificate or a keybox is
* available on the device. Please work with your Widevine Partner Engineer
* before implementing this field to make sure the generated signature is in the
* expected format.
* @param[in,out] additional_signature_length - on input, size of the caller's
* additional_signature buffer. On output, the number of bytes written into
* the buffer.