arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 04:18:10 +00:00
Code Issues Releases Wiki Activity

fix(core/prodtest): Configure metadata correctly before checking device certificate.

Browse Source 
[no changelog]
This commit is contained in:
Andrew Kozlik 2023-12-08 15:41:06 +01:00 committed by matejcik
parent d0a702eef4
commit a1be6f8aef
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
core/embed/prodtest/optiga_prodtest.c
View File

@ -567,6 +567,15 @@ bool check_device_cert_chain(const uint8_t *chain, size_t chain_size) {
// certificate belongs to this device. THIS IS NOT A FULL VERIFICATION OF THE
// CERTIFICATE CHAIN.
// Enable signing with the device private key.
optiga_metadata metadata = {0};
metadata.key_usage = KEY_USE_SIGN;
metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
if (!set_metadata(OID_KEY_DEV, &metadata)) {
vcp_println("ERROR check_device_cert_chain, set_metadata.");
return false;
}
// Generate a P-256 signature using the device private key.
uint8_t digest[SHA256_DIGEST_LENGTH] = {1};
uint8_t der_sig[72] = {DER_SEQUENCE};