Snap for 11169761 from 68758c7da3a7e738cc1ff588cc090090612be6fa to 24Q1-releaseandroid-14.0.0_r37android-14.0.0_r36android-14.0.0_r35android-14.0.0_r34android-14.0.0_r33android-14.0.0_r32android-14.0.0_r31android-14.0.0_r30android-14.0.0_r29android14-qpr2-s5-releaseandroid14-qpr2-s4-releaseandroid14-qpr2-s3-releaseandroid14-qpr2-s2-releaseandroid14-qpr2-s1-releaseandroid14-qpr2-release

Change-Id: I3985865d68a5d72c7277dbfe5fcc6692d27e7c6f

1 files changed, 4 insertions, 23 deletions

diff --git a/docs/android.md b/docs/android.md
index 6398996..8c40f27 100644
--- a/docs/android.md
+++ b/docs/android.md
@@ -76,35 +76,16 @@ of the reserved range.
 Unless explicitly stated as required in the [versions](#versions) section, each
 field is optional. If no fields are relevant, an empty map should be encoded.
 
-Name                   | Key    | Value type           | Meaning
+Name                   | Key    | Value type      | Meaning
 ---                    | ---    | ---                  | ---
 Component name    | -70002 | tstr                 | Name of the component
 Component version | -70003 | int / tstr | Version of the component
 Resettable             | -70004 | null                 | If present, key changes on factory reset
-Security version  | -70005 | uint                 | Machine-comparable, monotonically increasing version of the component where a greater value indicates a newer version, for example, the anti-rollback counter
-[RKP VM][rkp-vm] marker | -70006 | null      | If present, the component can take part in running a VM that can receive an attestation certificate from an [RKP Service][rkp-service].
+Security version  | -70005 | uint                 | Machine-comparable, monotonically increasing version of the component where a greater value indicates a newer version. This value must increment for every update that changes the code hash, for example by using the timestamp of the version's release.
+[RKP VM][rkp-vm] marker | -70006 | null      | See the [Android HAL documentation][rkp-hal-readme] for precise semantics, as they vary by Android version.
 
 [rkp-vm]: https://android.googlesource.com/platform/packages/modules/Virtualization/+/main/service_vm/README.md#rkp-vm-remote-key-provisioning-virtual-machine
-[rkp-service]: https://source.android.com/docs/core/ota/modular-system/remote-key-provisioning#stack-architecture
-
-### RKP VM
-
-The RKP VM marker is used to distinguish the RKP VM from other components.
-
-When parsing a DICE chain compliant with this profile, there are multiple types
-of components that may be described by a given chain:
-1. RKP VM: If a DICE chain has zero or more certificates without the RKP VM
-   marker followed by one or more certificates with the marker, then that chain
-   describes an RKP VM. If there are further certificates without the RKP VM
-   marker, then the chain does not describe an RKP VM.
-
-   Implementations must include the first RPK VM marker as early as possible
-   after the point of divergence between TEE and non-TEE components in the DICE
-   chain, prior to loading the Android Bootloader (ABL).
-2. A TEE Component (e.g. KeyMint): If there are no certificates with the RKP VM
-   marker then it describes a TEE component.
-3. Other: Any component described by a DICE chain that does not match the above
-   two categories.
+[rkp-hal-readme]: https://android.googlesource.com/platform/hardware/interfaces/+/main/security/rkp/README.md
 
 ### Versions