From 8ebb29078d27007ddfa65999717ddea555295483 Mon Sep 17 00:00:00 2001 From: Android HW Trust Team Date: Tue, 5 May 2026 13:22:51 -0700 Subject: [PATCH] Add `deviceLocked` to `VerificationResult.Success` PiperOrigin-RevId: 910876241 --- src/main/kotlin/Verifier.kt | 3 +++ src/test/kotlin/VerifierTest.kt | 2 ++ 2 files changed, 5 insertions(+) diff --git a/src/main/kotlin/Verifier.kt b/src/main/kotlin/Verifier.kt index 8b83a49..ed38e6d 100644 --- a/src/main/kotlin/Verifier.kt +++ b/src/main/kotlin/Verifier.kt @@ -48,6 +48,7 @@ sealed interface VerificationResult { val challenge: ByteString, val securityLevel: SecurityLevel, val verifiedBootState: VerifiedBootState, + val deviceLocked: Boolean, val deviceInformation: ProvisioningInfoMap?, val attestedDeviceIds: DeviceIdentity, ) : VerificationResult @@ -305,12 +306,14 @@ constructor( minOf(keyDescription.attestationSecurityLevel, keyDescription.keyMintSecurityLevel) val rootOfTrust = keyDescription.hardwareEnforced.rootOfTrust val verifiedBootState = rootOfTrust?.verifiedBootState ?: VerifiedBootState.UNVERIFIED + val deviceLocked = rootOfTrust?.deviceLocked ?: false return VerificationResult.Success( pathValidationResult.publicKey, keyDescription.attestationChallenge, securityLevel, verifiedBootState, + deviceLocked, deviceInformation, DeviceIdentity.parseFrom(keyDescription), ) diff --git a/src/test/kotlin/VerifierTest.kt b/src/test/kotlin/VerifierTest.kt index 7b88a06..7cd9eb1 100644 --- a/src/test/kotlin/VerifierTest.kt +++ b/src/test/kotlin/VerifierTest.kt @@ -82,6 +82,8 @@ class VerifierTest { assertThat(result.securityLevel).isEqualTo(json.attestationSecurityLevel) assertThat(result.verifiedBootState) .isEqualTo(json.hardwareEnforced.rootOfTrust?.verifiedBootState) + assertThat(result.deviceLocked) + .isEqualTo(json.hardwareEnforced.rootOfTrust?.deviceLocked ?: false) } enum class TestCase(val path: String, val timestamp: Instant) {