tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Diced: Don't add resettable config

Browse source 
Unless the loader actively ensures the key change on factory reset, omit
the resettable (-70004) property from the config descriptor. By the time
diced gets involved, it's just along for the ride and it was down to the
earlier stages to enforce resetting across factory reset.

Test: atest system/security/diced
Bug: 225177477
Change-Id: I728774843cf0f4468bc7e98ccb29c27c1e808da5
This commit is contained in:
Andrew Scull 2022-03-24 17:48:24 +00:00
parent 1713e4867d
commit c7bc7e9e16
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
diced/src/lib.rs
View file

@ -100,7 +100,7 @@ fn client_input_values(uid: uid_t) -> Result<BinderInputValues> {
Ok(BinderInputValues {
codeHash: [0; dice::HASH_SIZE],
config: BinderConfig {
desc: dice::bcc::format_config_descriptor(Some(&format!("{}", uid)), None, true)
desc: dice::bcc::format_config_descriptor(Some(&format!("{}", uid)), None, false)
.context("In client_input_values: failed to format config descriptor")?,
},
authorityHash: [0; dice::HASH_SIZE],