Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4776fe60 authored by Sean Thomas's avatar Sean Thomas
Browse files

Allow any mode when checking DICE chain 

The mode is a value in a certificate that lives in a DICE chain. It
could be "normal" or "debug", for example. When running VTS, the mode
need not be "normal".

Test: atest VtsHalRemotelyProvisionedComponentTargetTest
      atest libkeymint_remote_prov_support_test
Bug: 386855891
Change-Id: Idb1c86b29393aec822d58d21c36ca2f8310d9054
parent c7ffc3a1

security/keymint/support/remote_prov_utils.cpp

+1 −1
Original line number Diff line number Diff line
@@ -870,7 +870,7 @@ ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& encodedCsr, 
    }



    auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, false /*isFactory*/,

                                      false /*allowAnyMode*/, deviceSuffix(instanceName));

                                      true /*allowAnyMode*/, deviceSuffix(instanceName));

    if (!csr.ok()) {

        return csr.error().message();

    }