mirror of
https://fuchsia.googlesource.com/third_party/pigweed.googlesource.com/pigweed/pigweed
synced 2024-09-19 21:29:48 +00:00
7c27c10f98
Verify an incoming update bundle against its own TUF metadata when a caller instantiates an UpdateBundleAccessor with verification disabled. This is what we call self-verification fallback. It serves to minimize astonishments (watchdogs, ooms, kpi regressions etc.) when the caller does flip on (real) verification. Self-verification exercises most verification logic, but tries not to disrupt workflows. This means... 1. It skips all metadata signature verifications if the incoming bundle does not come with a root metadata. 2. It does not report failure if the Targets metadata is not signed. Incorrect signatures are still reported. 3. It verifies hashes in the targets metadata at all times and reports any failure. Change-Id: Ib671e2a9552bdb3a1aa6ccaea373caf9023ecf6e Reviewed-on: https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/84809 Reviewed-by: Yecheng Zhao <zyecheng@google.com> Commit-Queue: Ali Zhang <alizhang@google.com> |
||
---|---|---|
.. | ||
pw_software_update | ||
BUILD.gn | ||
dev_sign_test.py | ||
keys_test.py | ||
metadata_test.py | ||
root_metadata_test.py | ||
update_bundle_test.py | ||
verify_test.py |