-
Andreea Costinas authored
As part of a feature to side-load machine keys verified by remote attestation into the system-wide token using the enterprise.platformKeys.challengeMachineKey API, the SignEnterpriseChallenge method needs another argument that specifies the key name used for SignedPublicKeyAndChallenge. When challenging machine key with register = true, the EMK cannot be registered as that would relinquish it and the DMServer relies on it to remain stable. This CL generates a new machine key to side-load into the system-wide token in this case. The key will be used for SignedPublicKeyAndChallenge but the challenge response will still be singed using the stable EMK. Depends on CL:1714597. BUG=b:35580115 TEST=manually tested, unit_tests --gtest_filter=EPKChallengeMachineKeyTest.KeyRegisteredSuccess Change-Id: I4c426f06d1ff32333bf1383a54d4840f119aeeeb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1708948 Commit-Queue: Andreea-Elena Costinas <acostinas@google.com> Reviewed-by:
Yves Arrouye <drcrash@chromium.org> Reviewed-by:
Pavol Marko <pmarko@chromium.org> Reviewed-by:
Ryo Hashimoto <hashimoto@chromium.org> Reviewed-by:
Mattias Nissler <mnissler@chromium.org> Cr-Commit-Position: refs/heads/master@{#686730}
54ff9dd3
