Allow any mode in DICE chains for other functions
The mode of the DICE chain need not be normal in these situations.
These functions are used in VtsRemotelyProvisionedComponentTests
which are run by vendors and they may be in a non-normal state.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
atest libkeymint_remote_prov_support_test
Change-Id: Ib59c98184034ad3c117f65678d52ff7baabb00a4
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 6973f8d..5afaf31 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -904,7 +904,7 @@
}
auto csr1 = hwtrust::Csr::validate(encodedCsr1, *diceChainKind, false /*isFactory*/,
- false /*allowAnyMode*/, deviceSuffix(instanceName1));
+ true /*allowAnyMode*/, deviceSuffix(instanceName1));
if (!csr1.ok()) {
return csr1.error().message();
}
@@ -921,7 +921,7 @@
}
auto csr2 = hwtrust::Csr::validate(encodedCsr2, *diceChainKind, false /*isFactory*/,
- false /*allowAnyMode*/, deviceSuffix(instanceName2));
+ true /*allowAnyMode*/, deviceSuffix(instanceName2));
if (!csr2.ok()) {
return csr2.error().message();
}
@@ -952,7 +952,7 @@
}
auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, false /*isFactory*/,
- false /*allowAnyMode*/, deviceSuffix(DEFAULT_INSTANCE_NAME));
+ true /*allowAnyMode*/, deviceSuffix(DEFAULT_INSTANCE_NAME));
if (!csr.ok()) {
return csr.error().message();
}