Merge "Ensure that "rkp only" forces checks for rkp keys"

author: Seth Moore <sethmo@google.com> 2022-04-19 16:17:30 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2022-04-19 16:17:30 +0000
commit: cd6b6a7ff8db41f6049540ac32b152bd9cb532ec (patch)
tree: b08cb5f7cf1208c9f8cb8537855de816f88caaac
parent: 678a6f5af4182d3e9a0e02656f03c25077124585 (diff)
parent: 562aebb873807bba11a04fe1ce48695dc0f40b4d (diff)
download: security-cd6b6a7ff8db41f6049540ac32b152bd9cb532ec.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index afbf475c..8837d1c0 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@@ -102,6 +102,9 @@ impl RemProvState {
     /// server, so unfortunately caching the presence or absence of the HAL is not enough to fully
     /// make decisions about the state of remote provisioning during runtime.
     fn check_rem_prov_enabled(&self, db: &mut KeystoreDB) -> Result<bool> {
+        if self.is_rkp_only {
+            return Ok(true);
+        }
         if !self.is_hal_present.load(Ordering::Relaxed)
             || get_remotely_provisioned_component(&self.security_level).is_err()
         {
author	Seth Moore <sethmo@google.com>	2022-04-19 16:17:30 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2022-04-19 16:17:30 +0000
commit	cd6b6a7ff8db41f6049540ac32b152bd9cb532ec (patch)
tree	b08cb5f7cf1208c9f8cb8537855de816f88caaac
parent	678a6f5af4182d3e9a0e02656f03c25077124585 (diff)
parent	562aebb873807bba11a04fe1ce48695dc0f40b4d (diff)
download	security-cd6b6a7ff8db41f6049540ac32b152bd9cb532ec.tar.gz