Merge changes from topic "rkp-factory-tool"
* changes:
Generate random challenge in RKP factory tool
Add prod GEEK to rkp_factory_extraction_tool
Remove duplicate generateEekChain routine
diff --git a/ondevice-signing/KeystoreHmacKey.cpp b/ondevice-signing/KeystoreHmacKey.cpp
index d917501..09677d7 100644
--- a/ondevice-signing/KeystoreHmacKey.cpp
+++ b/ondevice-signing/KeystoreHmacKey.cpp
@@ -260,7 +260,7 @@
}
Result<void> KeystoreHmacKey::deleteKey() const {
- auto status = mSecurityLevel->deleteKey(mDescriptor);
+ auto status = mService->deleteKey(mDescriptor);
if (!status.isOk()) {
return Error() << "Failed to delete HMAC key: " << status;
}
diff --git a/ondevice-signing/VerityUtils.cpp b/ondevice-signing/VerityUtils.cpp
index 56dcd5e..243e7df 100644
--- a/ondevice-signing/VerityUtils.cpp
+++ b/ondevice-signing/VerityUtils.cpp
@@ -220,13 +220,19 @@
while (!ec && it != end) {
if (it->is_regular_file()) {
- // Verify
+ // Verify the file is in fs-verity
auto result = isFileInVerity(it->path());
if (!result.ok()) {
return result.error();
}
digests[it->path()] = *result;
- } // TODO reject other types besides dirs?
+ } else if (it->is_directory()) {
+ // These are fine to ignore
+ } else if (it->is_symlink()) {
+ return Error() << "Rejecting artifacts, symlink at " << it->path();
+ } else {
+ return Error() << "Rejecting artifacts, unexpected file type for " << it->path();
+ }
++it;
}
if (ec) {