Package: android.hardware.authsecret@1.0


interface IAuthSecret

This security HAL allows vendor components to be cryptographically tied to the primary user's credential.For example, security hardware could require proof that the credential is known before applying updates.

This HAL is optional so does not require an implementation on device.



oneway primaryUserCredential (vec<uint8_t> secret)

When the primary user is unlocked, this method is passed a secret to prove that is has been successfully unlocked.The primary user can either be unlocked by a person entering their credential or by another party using an escrow token e.g.a device administrator.

The first time this is called, the secret must be used to provision state that depends on the primary user's secret.The same secret must be passed on each call until the next factory reset.

Upon factory reset, any dependence on the secret must be removed as that secret is now lost and must never be derived again.A new secret must be created for the new primary user which must be used to newly provision state the first time this method is called after factory reset.

The secret must be at least 16 bytes.

RPC mode
blob derived from the primary user's credential.