Allow any mode when checking DICE chain The mode is a value in a certificate that lives in a DICE chain. It could be "normal" or "debug", for example. When running VTS, the mode need not be "normal". Test: atest VtsHalRemotelyProvisionedComponentTargetTest atest libkeymint_remote_prov_support_test Bug: 386855891 Change-Id: Idb1c86b29393aec822d58d21c36ca2f8310d9054

commit: 4776fe6044925555ae298179e304b50df73ccb67 [log] [tgz]
author: Sean Thomas <seanmthomas@google.com> Thu Jan 02 20:07:48 2025 +0000
committer: Sean Thomas <seanmthomas@google.com> Thu Jan 02 20:07:48 2025 +0000
tree: a4acda96457d30cadf103abffee02ddb55e98e99
parent: c7ffc3a1507825c76cbcaf35f6067d2f46e090e0 [diff]
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index eaeec32..6973f8d 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp

@@ -870,7 +870,7 @@
     }
 
     auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, false /*isFactory*/,
-                                      false /*allowAnyMode*/, deviceSuffix(instanceName));
+                                      true /*allowAnyMode*/, deviceSuffix(instanceName));
     if (!csr.ok()) {
         return csr.error().message();
     }
commit	4776fe6044925555ae298179e304b50df73ccb67	[log] [tgz]
author	Sean Thomas <seanmthomas@google.com>	Thu Jan 02 20:07:48 2025 +0000
committer	Sean Thomas <seanmthomas@google.com>	Thu Jan 02 20:07:48 2025 +0000
tree	a4acda96457d30cadf103abffee02ddb55e98e99
parent	c7ffc3a1507825c76cbcaf35f6067d2f46e090e0 [diff]