mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-18 12:28:09 +00:00
fix(core/prodtest): Configure metadata correctly before checking device certificate.
[no changelog]
This commit is contained in:
parent
d0a702eef4
commit
a1be6f8aef
@ -567,6 +567,15 @@ bool check_device_cert_chain(const uint8_t *chain, size_t chain_size) {
|
|||||||
// certificate belongs to this device. THIS IS NOT A FULL VERIFICATION OF THE
|
// certificate belongs to this device. THIS IS NOT A FULL VERIFICATION OF THE
|
||||||
// CERTIFICATE CHAIN.
|
// CERTIFICATE CHAIN.
|
||||||
|
|
||||||
|
// Enable signing with the device private key.
|
||||||
|
optiga_metadata metadata = {0};
|
||||||
|
metadata.key_usage = KEY_USE_SIGN;
|
||||||
|
metadata.execute = OPTIGA_META_ACCESS_ALWAYS;
|
||||||
|
if (!set_metadata(OID_KEY_DEV, &metadata)) {
|
||||||
|
vcp_println("ERROR check_device_cert_chain, set_metadata.");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// Generate a P-256 signature using the device private key.
|
// Generate a P-256 signature using the device private key.
|
||||||
uint8_t digest[SHA256_DIGEST_LENGTH] = {1};
|
uint8_t digest[SHA256_DIGEST_LENGTH] = {1};
|
||||||
uint8_t der_sig[72] = {DER_SEQUENCE};
|
uint8_t der_sig[72] = {DER_SEQUENCE};
|
||||||
|
Loading…
Reference in New Issue
Block a user