From 43cbce6f19c489d9ed8f3bd0e55dbfa5a0ef7613 Mon Sep 17 00:00:00 2001
From: Andrew Kozlik <andrew.kozlik@gmail.com>
Date: Thu, 2 Feb 2023 21:20:39 +0100
Subject: [PATCH] feat(core): Force basic attestation in FIDO2 for google.com.

---
 common/defs/fido/google.json        | 3 ++-
 core/src/apps/webauthn/knownapps.py | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/common/defs/fido/google.json b/common/defs/fido/google.json
index c3a08976d..a8071c30f 100644
--- a/common/defs/fido/google.json
+++ b/common/defs/fido/google.json
@@ -6,5 +6,6 @@
       "label": "google.com"
     }
   ],
-  "webauthn": ["google.com"]
+  "webauthn": ["google.com"],
+  "use_self_attestation": false
 }
diff --git a/core/src/apps/webauthn/knownapps.py b/core/src/apps/webauthn/knownapps.py
index 065c2f414..c372c53c8 100644
--- a/core/src/apps/webauthn/knownapps.py
+++ b/core/src/apps/webauthn/knownapps.py
@@ -209,7 +209,7 @@ def by_rp_id_hash(rp_id_hash: bytes) -> FIDOApp | None:
             label="google.com",
             icon="apps/webauthn/res/icon_google.toif",
             use_sign_count=None,
-            use_self_attestation=None,
+            use_self_attestation=False,
         )
     if rp_id_hash == b"\xd4\xc9\xd9\x02\x73\x26\x27\x1a\x89\xce\x51\xfc\xaf\x32\x8e\xd6\x73\xf1\x7b\xe3\x34\x69\xff\x97\x9e\x8a\xb8\xdd\x50\x1e\x66\x4f":
         # WebAuthn key for Google
@@ -217,7 +217,7 @@ def by_rp_id_hash(rp_id_hash: bytes) -> FIDOApp | None:
             label="google.com",
             icon="apps/webauthn/res/icon_google.toif",
             use_sign_count=None,
-            use_self_attestation=None,
+            use_self_attestation=False,
         )
     if rp_id_hash == b"\x9c\x2e\x02\xc4\xff\xf7\x76\x62\xe1\xde\x80\x3b\x43\x9e\x11\xc0\xdd\x0c\x3f\x66\x42\xce\xc4\xe6\x84\xd6\x49\x87\x0a\xd1\xbb\x59":
         # WebAuthn key for Invity