diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h index 8cd5ae66..46d1649d 100644 --- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h +++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h @@ -2952,10 +2952,12 @@ OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox_or_cert, * Install a factory generated signature for the BCC. This is for devices that * use Provisioning 4.0, with the signing option in the factory. With the * signing option, the BCC is extracted from the device in the factory. Instead - * of being uploaded to the Widevine server, the BCC is signed by a certificate - * that the manufacturer shares with Widevine. The signature is then installed - * on the device is a secure location. The signature must not be erased during - * factory reset. + * of being uploaded to the Widevine server, the BCC is signed by either a + * certificate that the manufacturer shares with Widevine, or the keybox on the + * device. The signature is then installed on the device in a secure location. + * The signature must not be erased during factory reset. Please work with your + * Widevine Partner Engineer before implementing this function to make sure the + * installed signature is in the expected format. * * This signature should be returned as `addition_signature` in a call to the * function `OEMCrypto_GetBootCertificateChain()`. @@ -4905,8 +4907,10 @@ OEMCryptoResult OEMCrypto_ShrinkUsageTableHeader(uint32_t new_entry_count, * output, the number of bytes written into the buffer. * @param[out] additional_signature: pointer to the buffer that receives * additional device key signature (certificate chain). This field is only - * used by the signing model where a vendor certificate is available on the - * device. + * used by the signing model where either a vendor certificate or a keybox is + * available on the device. Please work with your Widevine Partner Engineer + * before implementing this field to make sure the generated signature is in the + * expected format. * @param[in,out] additional_signature_length - on input, size of the caller's * additional_signature buffer. On output, the number of bytes written into * the buffer.