Enable self-testing by default in rkp factory tool
This way, we run the self test when extracting a CSR on the factory
line by default. This will ensure that devices producing bad payloads
will be more likely to be caught earlier in the manufacturing flow.
Test: ran tool devices with V2 and V3 HALs
Bug: 284098419
Change-Id: I79b50da7f86da50ebcfe18caf06046f1a39c6e81
diff --git a/provisioner/rkp_factory_extraction_tool.cpp b/provisioner/rkp_factory_extraction_tool.cpp
index 2aeabe0..5ba777e 100644
--- a/provisioner/rkp_factory_extraction_tool.cpp
+++ b/provisioner/rkp_factory_extraction_tool.cpp
@@ -35,10 +35,10 @@
using namespace cppcose;
DEFINE_string(output_format, "build+csr", "How to format the output. Defaults to 'build+csr'.");
-DEFINE_bool(self_test, false,
- "If true, the tool does not output CSR data, but instead performs a self-test, "
- "validating a test payload for correctness. This may be used to verify a device on the "
- "factory line before attempting to upload the output to the device info service.");
+DEFINE_bool(self_test, true,
+ "If true, this tool performs a self-test, validating the payload for correctness. "
+ "This checks that the device on the factory line is producing valid output "
+ "before attempting to upload the output to the device info service.");
namespace {
@@ -81,17 +81,13 @@
exit(-1);
}
- if (FLAGS_self_test) {
- selfTestGetCsr(name, rkp_service.get());
- } else {
- auto [request, errMsg] = getCsr(name, rkp_service.get());
- if (!request) {
- std::cerr << "Unable to build CSR for '" << fullName << ": " << errMsg << std::endl;
- exit(-1);
- }
-
- writeOutput(std::string(name), *request);
+ auto [request, errMsg] = getCsr(name, rkp_service.get(), FLAGS_self_test);
+ if (!request) {
+ std::cerr << "Unable to build CSR for '" << fullName << ": " << errMsg << std::endl;
+ exit(-1);
}
+
+ writeOutput(std::string(name), *request);
}
} // namespace