OEMCrypto v18.3
Updates to OEMCrypto API, OPK, ODK, and unit tests. See the file CHANGELOG.md for details.
This commit is contained in:
Fred Gylys-Colwell
55
CHANGELOG.md
55
CHANGELOG.md
@@ -2,6 +2,61 @@
|
||||
|
||||
[TOC]
|
||||
|
||||
## [Version 18.3][v18.3]
|
||||
|
||||
Version 18.3 includes a major feature (Cast with Provisioning 4.0) and various
|
||||
minor changes. Version 18.2 was an internal version bump for the ODK that
|
||||
included changes used by the provisioning server. Since we keep the ODK and OPK
|
||||
version numbers in sync, the OPK version effectively skipped 18.2.
|
||||
|
||||
## Cast with Provisioning 4.0
|
||||
|
||||
The OPK now supports devices that wish to act as cast receivers while using
|
||||
Provisioning 4.0. Previously, only devices using Provisioning 2.0 or devices
|
||||
with factory provisioned certs could do this. These changes span the OPK, CDM,
|
||||
and provisioning server code.
|
||||
|
||||
The OPK changes are included in this release. The CDM changes are part of
|
||||
Android U. The provisioning server changes are live on Widevine staging servers,
|
||||
and will be pushed to production by August 2023.
|
||||
|
||||
## OP-TEE port changes
|
||||
|
||||
- Added CSR and DeviceInformation implementations for Provisioning 4.0.
|
||||
- Bugfix: REE->TEE message shared memory was sized based on the incoming request
|
||||
length, yet the response could be larger than the request and crash the TA if it
|
||||
did not fit in the nearest page boundary. Fixed by setting the shared memory
|
||||
size to the maximum allowed and passing in the request size as a separate
|
||||
TEE_Param.
|
||||
|
||||
## Other changes
|
||||
|
||||
- Updated BoringSSL dependency to
|
||||
https://boringssl.googlesource.com/boringssl/+/e1b8685770d0e82e5a4a3c5d24ad1602e05f2e83
|
||||
- Removed WTPI_MaxBufferSizeForDecrypt() and WTPI_ApplyCGMS() from
|
||||
wtpi_config_interface.h. These functions are not called by any of the OPK code.
|
||||
- Updated the documentation for WTPI_GetDeviceKey() to be clearer.
|
||||
- Added new optional fields to OEMCrypto_BuildInformation() output.
|
||||
- Removed v15 functions OEMCrypto_LoadKeys() and OEMCrypto_RefreshKeys(), which
|
||||
were replaced by OEMCrypto_LoadLicense() and OEMCrypto_LoadRenewal() in v16.
|
||||
- Three new optional fields have been added to OEMCrypto_BuildInformation()
|
||||
output JSON: `git_commit` and `build_timestamp`, and `ree` information.
|
||||
- OEMCrypto_GenerateCertificateKeyPair() documentation has been improved to be
|
||||
clearer.
|
||||
- New function OEMCrypto_FactoryInstallBCCSignature() added to OEMCrypto API.
|
||||
Not implemented in OPK.
|
||||
- OPK can be used with license servers that send more than `MAX_NUM_KEYS` in the
|
||||
license response. The client-side value of `MAX_NUM_KEYS` must be changed in
|
||||
`odk/include/odk_target.h` to match the server's value. This is only intended
|
||||
for closed network systems.
|
||||
|
||||
## Known issues
|
||||
|
||||
- CdmOtaKeyboxTest.BasicTest may fail due to server issues
|
||||
- The ODK renewal clock is not correctly checked for all circumstances. This
|
||||
will be changed in v19 since the existing implementation is already in
|
||||
production devices.
|
||||
|
||||
## [Version 18.1][v18.1]
|
||||
|
||||
OEMCrypto V18.0 consisted of header files only. This release includes tests and
|
||||
|
||||
Reference in New Issue
Block a user