Project-1CE/hardware_interfaces - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Eran Messeri <eranm@google.com>	2021-07-06 12:07:57 +0100
committer	Eran Messeri <eranm@google.com>	2021-07-09 09:08:17 +0100
commit	3e6c2ef9c8b7a59055a604ab50d0c527675d6f86 (patch)
tree	0b4c15aef4c274924c67dcc22762f23ab864eca5 /identity/support/src/cppbor_parse.cpp
parent	4f53440f873254336389f8c9681a2dd8a8e11960 (diff)

KeyMint: Fix device-unique attestation chain specification

Fix the device-unique attestation chain specification: The chain should have two or three certificates. In case of two certificates, the device-unique key should be used for the self-signed root. In case of three certificates, the device-unique key should be certified by another key (ideally shared by all StrongBox instances from the same manufacturer, to ease validation). Adjust the device-unique attestation tests to accept two or three certificates in the chain. Additionally, the current StrongBox KeyMint implementation can not yet generate fully-valid chains (with matching subjects and issuers), so relax that check. Bug: 191361618 Test: m VtsAidlKeyMintTargetTest Merged-In: I6e6bca33ebb4af67cac8e41a39e9c305d0f1345f Change-Id: Iebefafe72148c919d10308eff7a19fc1bc40c619

Diffstat (limited to 'identity/support/src/cppbor_parse.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: