docs: Added note about limited support for hardware key attestation
Most devices running Android N support only software-based key
attestation, so added several notes to the pages describing this
tool to help developers understand how to tell whether a device
supports only software-based key attestation and the associated
effects of this support level.
Bug: 28851641
Change-Id: I16c8ad7702814eba1e4b8b3ee7e9a569d08c3ff4
diff --git a/docs/html/preview/api-overview.jd b/docs/html/preview/api-overview.jd
index 3373fc4..90b4e39 100644
--- a/docs/html/preview/api-overview.jd
+++ b/docs/html/preview/api-overview.jd
@@ -755,6 +755,20 @@
on the device.
</p>
+<p class="note">
+ <strong>Note: </strong>Only a small number of devices running Android N
+ support hardware-level key attestation; all other devices running Android N
+ use software-level key attestation instead. Before you verify the properties
+ of a device's hardware-backed keys in a production-level environment, you
+ should make sure that the device supports hardware-level key attestation. To
+ do so, you should check that the attestation certificate chain contains a root
+ certificate that is signed by the Google attestation root key and that the
+ <code>attestationSecurityLevel</code> element within the <a
+ href="{@docRoot}preview/features/key-attestation.html#certificate_schema_keydescription">key
+ description</a> data structure is set to the TrustedEnvironment security
+ level.
+</p>
+
<p>
For more information, see the
<a href="{@docRoot}preview/features/key-attestation.html">Key Attestation</a>