Merge "Add RKP VM marker information to remote attestation doc" into main

commit: b0d12a730913dfaad9bea2ae81f5058d898aa996 [log] [tgz]
author: Alice Wang <aliceywang@google.com> Mon Apr 29 19:53:58 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Apr 29 19:53:58 2024 +0000
tree: bc0646f91177874b3886cdc9ffe0ad1606fbc8f7
parent: 0c5e1960150ace38d31c9d640302a432ff4e12f4 [diff]
parent: 3dfb78e4e5443bff040fa676a483eb909608abed [diff]
diff --git a/docs/vm_remote_attestation.md b/docs/vm_remote_attestation.md
index ddb7adf..835dcac 100644
--- a/docs/vm_remote_attestation.md
+++ b/docs/vm_remote_attestation.md

@@ -37,7 +37,17 @@
 Additionally, the RKP VM is validated by the pVM Firmware, as part of the
 verified boot process.
 
+During the validation process, the RKP server compares the root public key of the
+DICE chain with the ones registered in the RKP database. Additionally, the server
+examines the presence of the [RKP VM marker][rkpvm-marker] within the DICE
+certificates to determine the origin of the chain, confirming that it indeed
+originates from the RKP VM. For more detailed information about the RKP VM
+DICE chain validation, please refer to the [Remote Provisioning HAL][rkp-hal]
+spec.
+
 [open-dice]: https://android.googlesource.com/platform/external/open-dice/+/main/docs/android.md
+[rkpvm-marker]: https://android.googlesource.com/platform/external/open-dice/+/main/docs/android.md#Configuration-descriptor
+[rkp-hal]: https://android.googlesource.com/platform/hardware/interfaces/+/main/security/rkp/README.md
 
 ### pVM attestation
commit	b0d12a730913dfaad9bea2ae81f5058d898aa996	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Mon Apr 29 19:53:58 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Apr 29 19:53:58 2024 +0000
tree	bc0646f91177874b3886cdc9ffe0ad1606fbc8f7
parent	0c5e1960150ace38d31c9d640302a432ff4e12f4 [diff]
parent	3dfb78e4e5443bff040fa676a483eb909608abed [diff]