03d7a1a4f3
Fix the device-unique attestation chain specification: The chain should have two or three certificates. In case of two certificates, the device-unique key should be used for the self-signed root. In case of three certificates, the device-unique key should be certified by another key (ideally shared by all StrongBox instances from the same manufacturer, to ease validation). Adjust the device-unique attestation tests to accept two or three certificates in the chain. Additionally, the current StrongBox KeyMint implementation can not yet generate fully-valid chains (with matching subjects and issuers), so relax that check. Bug: 191361618 Test: m VtsAidlKeyMintTargetTest Change-Id: I6e6bca33ebb4af67cac8e41a39e9c305d0f1345f |
||
---|---|---|
.. | ||
keymint | ||
secureclock/aidl | ||
sharedsecret/aidl |