Upgrade remotely provisioned keys if necessary. am: 55620ff9a8 am: 350fe49afe
Original change: https://android-review.googlesource.com/c/platform/system/security/+/1983446
Change-Id: I521a9d8a591a3f449ec62199a22867bd6bdf891f
diff --git a/ondevice-signing/odsign_main.cpp b/ondevice-signing/odsign_main.cpp
index 99653fa..c6ebfc4 100644
--- a/ondevice-signing/odsign_main.cpp
+++ b/ondevice-signing/odsign_main.cpp
@@ -376,7 +376,8 @@
const SigningKey& signing_key,
bool* digests_verified) {
if (!directoryHasContent(kCompOsPendingArtifactsDir)) {
- return art::odrefresh::ExitCode::kCompilationRequired;
+ // No pending CompOS artifacts, all that matters is the current ones.
+ return checkArtifacts();
}
// CompOS has generated some artifacts that may, or may not, match the
@@ -527,8 +528,8 @@
if (useCompOs) {
auto compos_key = addCompOsCertToFsVerityKeyring(*key);
if (!compos_key.ok()) {
- odrefresh_status = art::odrefresh::ExitCode::kCompilationRequired;
LOG(WARNING) << compos_key.error();
+ odrefresh_status = checkArtifacts();
} else {
odrefresh_status =
checkCompOsPendingArtifacts(compos_key.value(), *key, &digests_verified);