Release Notes - 2024.4 (2025-01-16)

Features released

QCS6490 SoC Enablement

Summary

Introduces MDEP support for Qualcomm’s QCS6490 chipset.

Known limitations

• Support Thundercomm QCS6490 dev board RB3 Gen2.
• Support Qualcomm BSP A13 LA3.1 r00081.2.

Out of scope

• QCS6490 Qualcomm BSP.
• QCS6490 security features which are delivered in Security backlog.

Configuration API Device settings migration & improvements

Summary

System applications are migrated to use the Configuration API release in MDEP 2024.3. This simplifies the application architecture and provides consistent user experience across all components.

SWHealth - In-Market Reporting (Telemetry and Alerts)

Summary

In-Market Reporting (IMR) dashboards propagate and combine key metrics deemed critical for product leadership (DM/GPM and PM and Engineering leads) to understand the state of the product.

Top tiers of the metrics include:

• Monthly Active Devices (MAD)
• Daily Active Devices (DAD)
• Abnormal Shutdowns (ABS-Free-14Day)
• Ratio of Cumulative ABS to Devices (RCADe)
• App Crashes/ANRs
• OTA Updates, Optional Telemetry Opt-In
• Completed OOBE Sessions

Key Features

• Telemetry data is visualized as various KPI numbers / Line charts / Tables
• Filters of MDEP Versions / Device Make / Device Model / Build Version are supported

Out of scope

• Alerts when metrics reach thresholds

Invoke Report issue from Volume Control

Key Features

• Modify the key combo used to invoke a bug report for MDEP.
• Press Volume Down and Power at the same time on the FoR and/or TC.

Known limitations

• The key combination Back + Power was introduced for Rockchip devices because the previous combination Volume Up + Volume Down did not work on these devices. The combination Volume Down + Power also works on Rockchip devices, but Back + Power was kept for backwards compatibility.

Essential Telemetry Events for Zoom

Summary

If the device is configured to run non-Teams VaaS (such as Zoom), the MDEP telemetry could be configured to collect essential telemetry only events or disable collection completely.

Key Features

• Added support for Telemetry On/Off Mode, controlled by the provisioning service based on the VaaS provider.
• Introduced Mandatory Mode, ensuring mandatory telemetry events are always collected, regardless of other settings.
• Moved the Microsoft Privacy page to the end of the MDEP Setup Wizard flow.
• Updated the Privacy page to show only required information when only mandatory telemetry is collected.
• Removed the Microsoft Privacy page when both optional and mandatory events are disabled.

HTTP server support for device configuration

Summary

Extends Config API support to web device management portals built by OEMs. Introduces MDEP Setup Wizard & Device Settings support for the Configuration API. Capability designed for all OEMs with a web portal.

Known limitations

• The HTTP server does not start on the Variscite touch console.

Accessibility - Narrator audio output device automatic re-routing

Summary

Enhanced support for different hardware configurations. Narrator audio output is now interchangeable between touch console and front-of-room unit in paired device scenarios.

MTR-A Console Display support

Summary

Enables support for the new centralized MTR-A architecture with a primary Android device (i.e., Front of Room) as an alternative to the distributed model based on two independently operating and paired Android devices (i.e., FoR & touch console). Initial solution covers non-Android based touch console hardware behaving as an extended virtual display to the FoR device. Solution covers MDEP system apps.

Key Features

• Platform support for extension touch display hardware configuration scenario: Console Display hardware is identified based on OEM-provided data (for display & touch devices) and configured to match Teams app expectations.
  • e.g. addition of specific Display flag
  • e.g. preventing platform touch-remapping feature from interfering with its display-touch association
  • e.g. de-activation of unnecessary platform services, such as Pairing
• Platform apps (Settings, SetupWizard) adapted to correctly render functional UI on the new peripheral display.

Out of scope

• Current version does not support extension touch displays which have display and touch interfaces connected separately. (i.e. only the scenario where the console display is connected to the main MTR unit via a single USB-C cable is supported).
• The current version has support for the extension-touch-display hardware configuration exclusively. Scenarios where the main MTR unit can interface with both a Console Display and a standalone Android TC are not supported.
• The current version only allows configuration of a single piece of hardware identifier information for the Console Display – scenarios where the main MTR unit can have multiple models of Console Display plugged into it are not supported.

Frictionless Provisioning of Certificates on Qualcomm 8250

Summary

Simplifies MDEP key provisioning at the factory by removing OEM touch points. Offers an integrated solution for provisioning and accessing OEM enrollment certificates during runtime. Initial solution is available for supported Qualcomm chipsets.

Key Features

• Developed the MDEP factory tool with APIs used to access enrollment certificates which are scalable across different chipsets and corresponding Trusted Execution environments.
• The MDEP factory tool can be executed on a host machine connected to devices on the factory floor. OEMs are able to use this tool and provision OEM enrolment certificates.
• Best use of TEE and implement key elements like CSR generation, secure storage of enrolment certificates (not limited to) as part of TEE.

Silicon porting to support security features (LS/MbP parity)

Summary

The attestation certificate offers a comprehensive assessment of the device, system, and application integrity, detailing the security level (software, TEE), public key, certificate validity, device/bootloader lock status, boot state, OS version, and security patch level. By evaluating this information, trust can be established, ensuring that the application runs in a trusted environment with hardware-backed keys.

We have released MDEP security HAL and MDEP Tz APP for QCM6490 Post-CS[3.2] r0.0.081 and QCM8550 LA1.0 PRE-CS.r002005, OEMs can follow mdep.qcm6490.doc for code integration.

Microsoft Key Provisioning and attestation feature components are distributed across various layers of Android Stack.

Summary

Below are the components details:

• Vendor Partition Component
• MDEP Security HAL and Vendor Interface Object (VINTF)
• Non-HLOS Component
• MDEP Security Trusted Application
• system_ext partition components
• Key Provisioning Service
• Attestation Service

Known limitations

• For Qualcomm QCM8550 platform, if the key of secure device has been provisioned through KMInstallKeyBox tool in factory, there is no direct way to unprovision it, that means OEM cannot provision Microsoft certificates through our KeyProvisioinService anymore.

Default application provisioning by MDEP

Summary

MDEP can be configured to install a set of default applications bundle after the setup wizard is complete.

Key Features

• Aan OEM developer can configure a default application bundle to be provisioned by MDEP when the OOBE finishes the setup experience.
• Reference implementation is delivered to OEMs, together with documentation on how it can be used and how a default application bundle can be provisioned.

MDEP Library for Fluent UI components

Summary

Centralized component library for Microsoft’s Fluent 2 Design System. Fast partner customization and extendibility available through MDEP’s system theme. Prepares MDEP for expanding to additional device categories.

Key Features

• This library contains Fluent UI widgets that are not in the AOSP : ProgressIndicator, Switch, ExtendedTouchAreaButton, EditTextLayout, DropdownSpinner, RecyclerView, SwitchBar, Slider, TabToggleGroup, TabToggleButton, MdepRootViewLayout.
• In addition to these, it also provides utility functions for adding/removing large screen margins and a SkipLastDividerItemDecoration for RecyclerViews.
• A sample application is provided so the developers can easily understand how to use the widgets.

Known limitations

• Slider -> It uses the material widget, so the library style (Widget.Mdep.Slider) needs to be manually set by the developer, as showcase in the sample application
• ExtendedTouchAreaButton -> Parent layout should not have its size set using "wrap_content" because the touch area is not part of the widget's size.

Support for IP Phone

Summary

Full platform support for IP Phones with and without touch screens, including SideCar support. Customizable MDEP system apps available for touch screen models.

Key Features

• The set of features will enable OEM to use MDEP for products.
• There are multiple types of IP Phone configurations supported such as Touch and Non touch display ones. MDEP offers support for Audio only IP Phones.
• The feature list includes OOBE, Device User and Admin Settings, customizable Kiosk mode, Provisioning service, Synchronization service, Accessibility features and Security above all.

Enhanced support for new OEM screens on Setup Wizard

Summary

The purpose is to help OEM’s that are adopting MDEP Setup Wizard and wish to add new functionalities and screens to the MDEP Setup Wizard application, without the risk of the new screens being overwritten when Microsoft is updating the MDEP Setup Wizard, so that MDEP Setup Wizard is better aligning with their brand and user experience goals.

Key Features

• New screens can be inserted in defined places of the setup wizard flow. For example, a new screen can be inserted before or after the Setup Wizard flow, but also before key steps, such as the Microsoft privacy page or Network settings.
• An OEM screen can be an Activity, a Fragment or an Embedded Fragment, which is a special fragment that helps keep the look and feel of the rest of the Setup Wizard (with graphics shown on the left side and Back and Next buttons).
• The OEM has the option to add multiple screens and navigate between them. This integrates with the rest of the setup wizard navigation and includes navigating in sync between a Touch Console and a Front of Room.
• The OEM can change any color, graphics and general spacing of components through a technique called Runtime Resource Overlay. A sample is provided which exemplifies changing the graphics shown on the left side of each screen. This ensures that future major updates to setup wizard do not easily break OEM customizations since they are hosted in a different module.
• When a Front of Room device is paired, it only shows the graphics part of the user interface. Helper components are provided to allow an OEM screen to adapt in the same way and offer a cohesive user interface. Embedded Fragments behave in this way already.

Known limitations

If a console display is connected to an All-in-one system, Setup Wizard screens are moved to console displays. Currently there is no SDK component offered to OEMs to obtain the same behavior when the OEM screen is an Activity. This affects only already opened OEM Activities.

Device Manager: SDK support for individual component updates using APEX

Summary

Initial solution to facilitate lightweight updates for critical issues with APEX packages instead of a full FW update requiring a device reboot.

Key Features

• OEMs can utilize the MDEP Device Manager SDK to develop their own on-device applications to connect to their own cloud service for specific component update including system services and drivers in Device Manager pre-defined format.

Out of scope

• Multiple APEX (1.5)
• Hardware component status check (1.5)
• Hardware component management
• Integrate with MDEP OTA services

Keyboard navigation in device settings application

Summary

Improves navigability and accessibility of MDEP system apps UI across device categories with full support for keyboards and other physical controllers. .

Key Features

• Pressing the Back button causes the navigation algorithm to trace the user's steps up the breadcrumb trail until it reaches a top-level node. In which case, another press of the Back button will close the application.
• Additionally, if the user has entered data on the screen's form without saving it, when pressing the Back button, a Confirmation dialog is triggered to appear. Thus, it enables the user to continue the flow or close it to return to the previous screen.
• Once the keyboard input is detected, the first element of the page is highlighted
• Using the arrow keys, I can select the adjacent element regardless of the pane it’s in.
• If talkback is turned on, hovering over an element should describe it.

Known limitations

• Top action bar, that contains the back button is not accessible by keyboard navigation

Color correction functionality is disabled during the Setup Wizard

Summary

• The Color Correction option has been removed in the MDEP Setup Wizard to ensure AOSP similarity.
• Users can still enable and configure Color Correction through the device's Settings app after completing the Setup Wizard.

Loose pairing support

Summary

Allows an already paired device to be paired with a new device without resetting or unpairing. Used for replacing a faulty touch console.

Partner Agent improvements

Summary

Updates to Partner Agent based on latest Teams certificate requirements (e.g., ability to force user to reset lock PIN on phones, support for partial application of config profile on device, Admin Agent notified of on-device config/settings changes).

Key Features

• Lock Pin Reset
• Partial Configuration file
• Settings updates to and from Admin Agent
• Direct Bluetooth page navigation

Monthly security update

Summary

MDEP is an AOSP base platform so we can leverage the security criteria of AOSP and follow up Google security bulletin to apply the latest AOSP security patch in monthly base. OEM can retrieve the monthly MDEP release with up-to-date security patches to improve their product security level once integrated with OEM images.