Diced: Don't add resettable config Unless the loader actively ensures the key change on factory reset, omit the resettable (-70004) property from the config descriptor. By the time diced gets involved, it's just along for the ride and it was down to the earlier stages to enforce resetting across factory reset. Test: atest system/security/diced Bug: 225177477 Change-Id: I728774843cf0f4468bc7e98ccb29c27c1e808da5

commit: c7bc7e9e16958243ef8e0cb7744b84e1aa726307 [log] [tgz]
author: Andrew Scull <ascull@google.com> Thu Mar 24 17:48:24 2022 +0000
committer: Andrew Scull <ascull@google.com> Thu Mar 24 17:52:40 2022 +0000
tree: 801e864bf61bac801335631bcef45609ad0199eb
parent: 1713e4867dfe5506b09b1e4eaaad33ed1a89b1b4 [diff] [blame]
diff --git a/diced/src/lib.rs b/diced/src/lib.rs
index 9594977..50e0e96 100644
--- a/diced/src/lib.rs
+++ b/diced/src/lib.rs

@@ -100,7 +100,7 @@
     Ok(BinderInputValues {
         codeHash: [0; dice::HASH_SIZE],
         config: BinderConfig {
-            desc: dice::bcc::format_config_descriptor(Some(&format!("{}", uid)), None, true)
+            desc: dice::bcc::format_config_descriptor(Some(&format!("{}", uid)), None, false)
                 .context("In client_input_values: failed to format config descriptor")?,
         },
         authorityHash: [0; dice::HASH_SIZE],
commit	c7bc7e9e16958243ef8e0cb7744b84e1aa726307	[log] [tgz]
author	Andrew Scull <ascull@google.com>	Thu Mar 24 17:48:24 2022 +0000
committer	Andrew Scull <ascull@google.com>	Thu Mar 24 17:52:40 2022 +0000
tree	801e864bf61bac801335631bcef45609ad0199eb
parent	1713e4867dfe5506b09b1e4eaaad33ed1a89b1b4 [diff] [blame]