From 2fd15b0be2515668bb537f7ea73e6ff678e403d0 Mon Sep 17 00:00:00 2001
From: Eran Messeri <eranm@google.com>
Date: Wed, 21 Jun 2023 17:35:51 +0100
Subject: Update documentation regarding auth-bound keys.

When a key requires user authentication and one of the authentication
methods permitted is the device's screen lock credentials, the
root SID is added as an authenticator, and change of biometrics
enrollment will not invalidate the key.

Bug: 275900161
Test: m docs
Change-Id: I180f28883a5ac62e8bfa0b0596396085ff676637
---
 keystore/java/android/security/keystore/KeyGenParameterSpec.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'keystore/java')

diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
index ffd041f60e26..7afb890e6254 100644
--- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
@@ -1335,7 +1335,9 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
          * the key, it is also irreversibly invalidated once a new biometric is enrolled or once\
          * no more biometrics are enrolled, unless {@link
          * #setInvalidatedByBiometricEnrollment(boolean)} is used to allow validity after
-         * enrollment. Attempts to initialize cryptographic operations using such keys will throw
+         * enrollment, or {@code KeyProperties.AUTH_DEVICE_CREDENTIAL} is specified as part of
+         * the parameters to {@link #setUserAuthenticationParameters}.
+         * Attempts to initialize cryptographic operations using such keys will throw
          * {@link KeyPermanentlyInvalidatedException}.</li>
          * </ul>
          *
-- 
cgit v1.2.3-59-g8ed1b