#ifndef __VERSION_H_INCLUDED__
#define __VERSION_H_INCLUDED__

#define VERSION "4.1.19"

#define TRUSTLET_TAG "DEVROOT#SKM"

// 4.1.19 : 2020.12.23 : MPOS service is added to service list
// 4.1.18 : 2021.07.20 : Update Branch ID check routine for new manufacture factory.
// 4.1.17 : 2021.03.04 : KFA trustlet is added to service list of KINIBI.
// 4.1.16 : 2021.03.04 : KFA trustlet is added to service list of QTEE.
// 4.1.15 : 2021.01.19 : strengthen DRK verification by matching Device info.
// 4.1.14 : 2020.12.23 : KFA trustlet is added to service list of TEEEGRIS
// 4.1.13 : 2020.12.16 : TMF trustlet is added to service list of TEEEGRIS
// 4.1.12 : 2020.11.06 : Implement readDrkBlob from Hwvault.
// 4.1.11 : 2020.08.25 : Teegris SDK 4.2
// 4.1.10 : 2020.08.05 : modified to set the domain name 'alt.(hash_value).' to TA name when encap / decap
// 4.1.9  : 2020.04.08 : Patch for SI-17205, SI-17207, SI-17231, SI-17232
// 4.1.8  : 2020.03.04 : Patch the code has a possiblity of integer overflow in tlvAdd
// 4.1.7  : 2019.12.31 : Patch SI-15957, SI-15782.
// 4.1.6  : 2019.12.16 : Patch SI-15791, SI-15792, SI-15819
// 4.1.5  : 2019.12.05 : Modify RSUTGRIS tid name
// 4.1.4  : 2019.11.26 : Modify TLV.c detected by AVAS
// 4.1.3  : 2019.11.22 : Add new service, Knox Guard, RSU(TEEGRIS attestation)
// 4.1.2  : 2019.10.16 : Security Patches
// 4.1.1  : 2019.09.19 : HDM trustlet is added to service list of TEEGRIS
// 4.1.0  : 2019.07.24 : Fix SI-15154 : Input validation vulnerability when make response buffer
// 3.0.12 : 2019.07.24 : Modify Path length in the service certificate
//                       Remove pre-generated key (dead code)
// 3.0.11 : 2019.07.08 : Modify SO information for TEEGRIS 4.0
// 3.0.10 : 2019.07.03 : Fix security issue on "TEEGRIS TA param type check" (SI-14944)
// 3.0.9  : 2019.05.30 : RSUTGRIS trustlet is added to service list of TEEGRIS and KINIBI.
// 3.0.8  : 2019.02.26 : CHNACTIV trustlet is added to service list of TEEGRIS and KINIBI.
// 3.0.7  : 2019.02.14 : SSU trustlet is added to service list of TEEGRIS.
//                       Fix SI-13985 : Possibility of Out-of-bounds write
// 3.0.6  : 2019.01.30 : Remove DM-Verity on whitelist if SYSTEM_ROOT_IMAGE_ENABLED.
// 3.0.5  : 2019.01.30 : bfAppMain retruns error without cleanup.
// 3.0.4  : 2019.01.24 : Prevent leap year problem.(If day is bigger than 28, modify day as 28).
// 3.0.3  : 2019.01.21 : Adjust alname at KRCC TA.
// 3.0.2  : 2018.12.13 : SSU trustlet is added to service list of QSEE.
// 3.0.1  : 2018.11.19 : Refactoring DRK & PROV.
//                       - Add GET_DEVICE_INFO cmd
//                       - Replace "NO_ERROR" to "NOT_ERROR"
// 2.0.48 : 2018.11.12 : Teegris 3.0 oem guideline.
//                        - Assumptions on TA Deveopment - Check the shared buffer from REE in the TA
//                        - Secure Object                - Check creator of Secure Object before unwrapping
//                       Fix bug that access data out of the buffer.(VULN_SKM_01).
// 2.0.47 : 2018.11.05 : KRCC and MC pay trustlet is added to service list of TEEGRIS.
// 2.0.46 : 2018.10.30 : Restore "ENABLE_LOG_ENCRYPTION" feature for Tizen.
// 2.0.45 : 2018.09.28 : Increase TID_MAX_SIZE as 256 at QC. Because ALTNAME size is increased.
// 2.0.44 : 2018.08.02 : Remove "ENABLE_LOG_ENCRYPTION" feature.
// 2.0.43 : 2018.04.26 : Add new branch id for India developer.
// 2.0.42 : 2018.04.25 : Fix bug reported by Thales in payment audit - read out of bound.
// 2.0.41 : 2018.04.13 : Block old commands in Tizen.
// 2.0.40 : 2018.04.04 : Fix memory leak issue at CRYPTO_EC_populate_keys(). // Crown prevent issue(CID : 67145)
// 2.0.39 : 2018.03.26 : Check BSP secure state at QC.
// 2.0.38 : 2018.03.14 : Check signature of DRK certificate at readDrkUID().
// 2.0.37 : 2018.03.12 : Change to return correct error value for Qualcomm when error occurs on AES256-GCM.
// 2.0.36 : 2018.03.08 : Second parameter of qsee_kdf is changed (from 0 to 32)
// 2.0.35 : 2018.01.29 : Fix wrong leap year calculation logic.
// 2.0.34 : 2018.01.25 : Knox OTP service has terminated on Android O.
// 2.0.33 : 2018.01.18 : Change allocation memory size to 32KB under.
// 2.0.32 : 2017.12.19 : Add PROV to service list for self testing.
// 2.0.31 : 2017.12.14 : Fix buffer overflow and padding drop issue for logEncryptor.
// 2.0.30 : 2017.12.12 : Change not to occur error on X.509 parsing on generating service key.
// 2.0.29 : 2017.12.08 : Add DRK v2 certificate verification step on installing.
// 2.0.28 : 2017.12.05 : Apply stack protection requested by yj0729.kim.
// 2.0.27 : 2017.12.05 : ICCC trustlet is added to service list of TEEGRIS.
// 2.0.26 : 2017.12.01 : SKPM trustlet is added to service list of TEEGRIS.
// 2.0.25 : 2017.11.22 : Fix bugs reported by Prevent for Star VZW project. - CID 59603, 59609, 59642.
// 2.0.24 : 2017.11.22 : Fix bugs reported by Thales in payment audit - read out of bound.
// 2.0.23 : 2017.11.09 : Apply TA distinguished ID for mc_pay.
// 2.0.22 : 2017.11.08 : Apply TA distinguished ID for OEM ROT signed TA(authnr, cncc_pay).
// 2.0.21 : 2017.10.23 : ACTIVATION trustlet is added to service list of QSEE.
// 2.0.20 : 2017.10.17 : Fix reported by Thales in payment audit - nessasary operand is misssed on size calculation routine.
// 2.0.19 : 2017.09.14 : Add SUBJECT_ALTER_NAME tag in TLV.
// 2.0.18 : 2017.09.06 : ICCC trustlet is added to service list of MC, QSEE.
// 2.0.17 : 2017.08.16 : Add function to get DRK's certificate encoded by ASN.1 DER.
//                       Do source refactoring for crypoPlatform.
// 2.0.16 : 2017.08.09 : Fix calling createSecureObject at generateServiceKeyV1() using old libdevkm.a on FOTA update.
// 2.0.15 : 2017.07.27 : Implement that caller can add subject alternative name extension to service certificate via TLV - requested by MV(t.boelter, jia.ma).
// 2.0.14 : 2017.07.19 : FAST trustlet is added to service list of BF.
// 2.0.13 : 2017.07.14 : Removed the subjectKeyIdentifierInc field.
// 2.0.12 : 2017.06.29 : Change DC field's ASN.1 tag from UTF-8 to IA5.
//                       Fix encrypted log can be broken by error.
//                       Remove unused functions.
//                       Change structure's unit name to sync up with dk_native version 2.0.
// 2.0.11 : 2017.06.21 : TIGER trustlet is added to service list of BF.
// 2.0.10 : 2017.06.15 : Add domainComponent(DC) field to service certificate by adding DC field to DRK's subject DN on DRKv2.
// 2.0.09 : 2017.06.13 : Merge serviceKey generation function.
// 2.0.08 : 2017.06.12 : Fix service name verification is failed.
// 2.0.07 : 2017.06.09 : Add IMEI info to CSR data.
// 2.0.06 : 2017.06.06 : Fixed to support MSM8916.
// 2.0.05 : 2017.06.05 : Re-designed generateServiceKey funtions.
// 2.0.04 : 2017.06.02 : Changed to support old EC service key generation function.
// 2.0.03 : 2017.06.01 : Fixed bugs reported by Thales in Great security evaluation.
// 2.0.02 : 2017.05.31 : Changed to support prior DRK commands on blowfish and fixed minor errors.
//                       Supported SOFTSIM on blowfish.
// 2.0.01 : 2017.05.25 : Fixed not to generate service key on QSEE.
// 2.0.00 : 2017.05.16 : Applied new design to support DRK v2.0.
// 1.1.19 : 2017.03.23 : Fixed that shared secure object unwrapping is failed on Blowfish.
//                       Added SEM to whitelist for Blowfish.
// 1.1.18 : 2016.08.31 : Implemented secure world log encryptor.
// 1.1.17 : 2016.08.29 : Security Patch, The source TID in the secure object must be checked for security(for kinibi)
// 1.1.16 : 2016.08.05 : Support qsee_fs for MSM8976 FOTA
// 1.1.15 : 2016.07.20 : TIGER trustlet is added to service list of QSEE.
// 1.1.14 : 2016.06.08 : AUTHNR trustlet is added to service list.
// 1.1.13 : 2016.05.18 : Added dm-verity patch on loading L->M FOTA.
// 1.1.12 : 2016.04.25 : TIGER trustlet is added to service list.
// 1.1.11 : 2016.04.18 : Fixed issue that memcpy is sometimes failed at initial trustlet starup on mobicore.
// 1.1.10 : 2016.04.05 : Fixed bugs(buffer overflow and boundary checking) repored by Riscure.
// 1.1.09 : 2016.03.23 : SKM set invalid expiration date into Service Key Certificate.
// 1.1.08 : 2016.03.03 : Fixed some issues were reported by Riscure.
// 1.1.07 : 2015.12.28 : Added service name for SOFTSIM requested by sijun.cho.
// 1.1.06 : 2015.12.23 : Implemeted service verification function for QCOM via FS APIs in normal world.
// 1.1.05 : 2015.12.21 : Changed not to use FS API on QSEE.
// 1.1.04 : 2015.11.24 : Removed temporary codes.
// 1.1.03 : 2015.11.24 : Implemented not to use filesystem API in trustzone on MSM8996.
//                       Temporary disable service key functions.
// 1.1.02 : 2015.11.17 : Changed stack size and turn off CryptoCore because of failing memory allocation.
// 1.1.01 : 2015.11.17 : Updated skm memory map on MSM8996.
// 1.1.00 : 2015.10.29 : Version upgrade to distingush between CS and CSDEV.
// 1.0.50 : 2015.10.23 : Add CryptoCore support, add EC DRK support
// 1.0.49 : 2015.10.13 : Disable align function for TLV on blowfish.
// 1.0.48 : 2015.10.01 : Support Exynos8890.
// 1.0.47 : 2015.10.01 : Add service name for MC_PAY on QSEE.
//                       Change to re-generate service key as asking it on QSEE.
// 1.0.46 : 2015.09.23 : Modify wrong tzapp name ( eru_pay > eurcmm_pay, chn_pay > chncmm_pay )
// 1.0.45 : 2015.09.18 : Add Service for EUR_PAY / CHN_PAY
// 1.0.44 : 2015.09.17 : Implemented build environment for MSM8996.
// 1.0.43 : 2015.09.14 : Modify wrong tzapp name to correct name for TIMA OTP (QSEE)
// 1.0.42 : 2015.09.10 : Implemented function to get device root cert in debug mode.
// 1.0.41 : 2015.09.10 : Added DMVT TID to Blowfish service white list.
// 1.0.40 : 2015.08.28 : Added CCM TID to Blowfish service white list.
// 1.0.39 : 2015.06.12 : Check if Service is registered in ServiceList, before generating EC Service Key as well as RSA Service Key
// 1.0.38 : 2015.06.09 : Change the method for getKeySize to use stat instead of seek. (Fix dmverity fail issue on recovery)
// 1.0.37 : 2015.05.27 : Support msm8x26 for TIZEN / Update exynos3250 for TIZEN to tbase3.2 from tbase3.0
// 1.0.36 : 2015.05.13 : Add Service for DCM
// 1.0.35 : 2015.05.13 : Add CA field to service certificate
// 1.0.34 : 2015.05.11 : Support MSM8992
// 1.0.33 : 2015.04.30 : Add ServiceName for DISC_PAY / CNCC_PAY / JIC_PAY
// 1.0.32 : 2015.04.29 : Fix EC point to support NID_X9_62_prime256v1 curved type
// 1.0.31 : 2015.04.07 : Add ServiceName for AEXP_PAY / PLCC_PAY / KRCC_PAY / SEM
// 1.0.30 : 2015.03.30 : Support Exynos3250/msm8974 for TIZEN
// 1.0.29 : 2015.02.23 : [Marvell] Fix a bug for getServiceNameByTID
// 1.0.28 : 2015.02.14 : Change TID for TIMA_OTP (Mobicore)
// 1.0.27 : 2015.02.14 : [Marvell/PXA1908] Modified out size for CCM when sharing ServiceKey
// 1.0.26 : 2015.01.12 : Add ServiceName for GOLDFISH (Mobicore)
// 1.0.25 : 2015.01.11 : Modify MAX ServiceName to 8byte from 7byte
// 1.0.24 : 2015.01.07 : Add KNOX key backward compatibility
// 1.0.23 : 2014.12.26 : Add ServiceName for VISA_PAY
// 1.0.22 : 2014.12.23 : [MSM8994] Export DRK to SKM and store it in SKM
// 1.0.21 : 2014.12.01 : Add ServiceName for TIMA_OTP
// 1.0.20 : 2014.11.25 : Support MSM8994(64BIT) / Convert store method for keys to using normal file system with REK encrytion from SFS
// 1.0.19 : 2014.11.06 : Support MCLSI_64BIT for ZEROLTE(Exynos7420)
// 1.0.18 : 2014.09.26 : Change the number of instance from 1 to 3 to avoid Check Fail while first boot. (Verify DRK is called while KNOX , CCM key is being generated)
// 1.0.17 : 2014.09.03 : Add ServiceName For SKP(SamsungKeyProvisioning)
//                       Bakcout 1.0.16 / Rebuilt with the latest tzlib_proxy.lib and tzlib_entry.lib (APQ8084:Post-CS 1.2.1239.1 patch)
// 1.0.16 : 2014.08.28 : When writing a file to SFS, add O_SYNC flag to avoid file sync failure
// 1.0.15 : 2014.08.14 : Change dm verity's UUID
// 1.0.14 : 2014.07.03 : Set cert validity time period using DRK's Validity time. (more improved method than v1.0.13)
// 1.0.13 : 2014.07.01 : Set the date of issue for ServiceKey's Validity using DRK's Validity
// 1.0.12 : 2014.06.16 : Add new service key for Trusted UI (TUI), 2014.06.10 : Add Blowfish TZ support
// 1.0.11 : 2014.05.16 : Add feature for MSM8x26, tzapp name of TID "RU" is changed to "reactive"
// 1.0.10 : 2014.05.01 : Support ReadUID for APQ8084
// 1.0.9 : 2014.04.27 : SKM access DRK via PROV
// 1.0.8 : 2014.01.24 : Pre-defined service name with TID.
// 1.0.7 : 2014.01.20 : modify service name logic
// 1.0.6 : 2013.11.01 : Fixed MobiCore version of SKM
// 1.0.5 : 2013.10.26 : Support generation for all callers, sharing SK with other trustlets
// 1.0.4 : 2013.08.29 : Support Symmetric key.
// 1.0.3 : 2013.08.18 : QC Rebuild with TZ M8974AAAAANAZT200083.2.

#endif /* __VERSION_H_INCLUDED__ */