Clean up description of IRemotelyProvisionedComponent uniqueId

The identifier is to be used in telemetry to identify problematic
implementations. Thus, it needs to be globally consistent, at least
within a given device type.

Test: None -- doc only changes
Bug: 231495834
Change-Id: Ia55db336fa099d8e1196f6bfe2bafb6fa5ead329
Merged-In: Ia55db336fa099d8e1196f6bfe2bafb6fa5ead329

1 files changed, 5 insertions, 1 deletions

diff --git a/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl
index 3a4c233cf5..0cb33ce91e 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl
@@ -59,13 +59,17 @@ parcelable RpcHardwareInfo {
      * client should NOT interpret the content of the identifier in any way. The client can only
      * compare identifiers to determine if two IRemotelyProvisionedComponents share the same
      * implementation. Each IRemotelyProvisionedComponent implementation must have a distinct
-     * identifier from all other implementations on the same device.
+     * identifier from all other implementations, and it must be consistent across all devices.
+     * It's critical that this identifier not be usable to uniquely identify a specific device.
      *
      * This identifier must be consistent across reboots, as it is used to store and track
      * provisioned keys in a persistent, on-device database.
      *
      * uniqueId may not be empty, and must not be any longer than 32 characters.
      *
+     * A recommended construction for this value is "[Vendor] [Component Name] [Major Version]",
+     * e.g. "Google Trusty KeyMint 1".
+     *
      * This field was added in API version 2.
      *
      */