fuchsia-china/third_party.pigweed.src
1
0
Fork 0
mirror of https://fuchsia.googlesource.com/third_party/pigweed.googlesource.com/pigweed/pigweed synced 2024-09-19 21:29:48 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
16c5096049
third_party.pigweed.src/pw_software_update/py
History
Ali Zhang 7c27c10f98 pw_software_update: Add self verification 
Verify an incoming update bundle against its own TUF metadata when a
caller instantiates an UpdateBundleAccessor with verification
disabled. This is what we call self-verification fallback. It serves
to minimize astonishments (watchdogs, ooms, kpi regressions etc.)
when the caller does flip on (real) verification.

Self-verification exercises most verification logic, but tries not
to disrupt workflows. This means...

  1. It skips all metadata signature verifications if the incoming
     bundle does not come with a root metadata.
  2. It does not report failure if the Targets metadata is not signed.
     Incorrect signatures are still reported.
  3. It verifies hashes in the targets metadata at all times and reports
     any failure.

Change-Id: Ib671e2a9552bdb3a1aa6ccaea373caf9023ecf6e
Reviewed-on: https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/84809
Reviewed-by: Yecheng Zhao <zyecheng@google.com>
Commit-Queue: Ali Zhang <alizhang@google.com>
2022-02-18 01:12:40 +00:00
..
pw_software_update pw_software_update: Add self verification 2022-02-18 01:12:40 +00:00
BUILD.gn pw_software_update/py: Verify bundles 2021-12-07 00:25:37 +00:00
dev_sign_test.py
keys_test.py
metadata_test.py
root_metadata_test.py
update_bundle_test.py
verify_test.py