1 files changed, 8 insertions, 16 deletions

diff --git a/identity/aidl/default/libeic/EicOps.h b/identity/aidl/default/libeic/EicOps.h
index df96c7db48..aa26e6202a 100644
--- a/identity/aidl/default/libeic/EicOps.h
+++ b/identity/aidl/default/libeic/EicOps.h
@@ -196,19 +196,13 @@ bool eicOpsCreateEcKey(uint8_t privateKey[EIC_P256_PRIV_KEY_SIZE],
 
 // Generates CredentialKey plus an attestation certificate.
 //
-// If |attestationKeyBlob| is non-NULL, the certificate must be signed by the
-// the provided attestation key. Else, the certificate must be signed by the
-// attestation key that the secure area has been factory provisioned with. The
-// given |challenge|, |applicationId|, and |testCredential| must be signed
-// into the attestation.
+// The attestation certificate will be signed by the attestation keys the secure
+// area has been provisioned with. The given |challenge| and |applicationId|
+// will be used as will |testCredential|.
 //
-// When |attestationKeyBlob| is non-NULL, then |attestationKeyCert| must
-// also be passed so that the underlying implementation can properly chain up
-// the newly-generated certificate to the existing chain.
-//
-// The generated certificate must be in X.509 format and returned in |cert|
-// and |certSize| must be set to the size of this array. This function must
-// set |certSize| to the size of the certification chain on successfully return.
+// The generated certificate will be in X.509 format and returned in |cert|
+// and |certSize| must be set to the size of this array and this function will
+// set it to the size of the certification chain on successfully return.
 //
 // This may return either a single certificate or an entire certificate
 // chain. If it returns only a single certificate, the implementation of
@@ -217,10 +211,8 @@ bool eicOpsCreateEcKey(uint8_t privateKey[EIC_P256_PRIV_KEY_SIZE],
 //
 bool eicOpsCreateCredentialKey(uint8_t privateKey[EIC_P256_PRIV_KEY_SIZE], const uint8_t* challenge,
                                size_t challengeSize, const uint8_t* applicationId,
-                               size_t applicationIdSize, bool testCredential,
-                               const uint8_t* attestationKeyBlob, size_t attestationKeyBlobSize,
-                               const uint8_t* attestationKeyCert, size_t attestationKeyCertSize,
-                               uint8_t* /*out*/ cert, size_t* /*inout*/ certSize);
+                               size_t applicationIdSize, bool testCredential, uint8_t* cert,
+                               size_t* certSize);  // inout
 
 // Generate an X.509 certificate for the key identified by |publicKey| which
 // must be of the form returned by eicOpsCreateEcKey().