[Enrollment v2] Re-enroll if v1 user key pair replaces v2 user key pair
In a rollback-rollforward scenario, it is possible that the persisted v1 and v2 user key pairs can differ when the v2 enrollment manager is created. To get in that state, consider the following: - the device enrolls with v2, creating a user key pair, - Enrollment v2 is rolled back, - the device enrolls with Enrollment v1, creating a new user key pair - Enrollment v2 is rolled forward. Because an existing v1-enrolled key is always preferred (for continuity reasons), the v2 key will be overwritten by the v1 key on start-up. However, the v2 scheduler does not necessarily know to re-enroll (now with the v1 key) since it still considers the v2 enrollment before the rollback the last successful enrollment. Therefore, the v2 enrollment manager needs to force a v2 re-enrollment. Bug: 899080 Change-Id: I1d5c9511996210a1852efc1da842370d291898e7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1686774 Commit-Queue: Kyle Horimoto <khorimoto@chromium.org> Reviewed-by:Kyle Horimoto <khorimoto@chromium.org> Auto-Submit: Josh Nohle <nohle@chromium.org> Cr-Commit-Position: refs/heads/master@{#684478}
Showing
Please register or sign in to comment