Allow using MTROperationalCertificateIssuer with internal device attestation checks #24310
Comments
bzbarsky-apple
added a commit
to bzbarsky-apple/connectedhomeip
that referenced
this issue
Jan 11, 2023
…amework perform device attestation checks. This gives MTROperationalCertificateIssuer implementations control over whether they want to take over the device attestation checks that require roots of trust or whether they want to allow Matter.framework to perform those checks itself, using the roots of trust it was provided. Fixes project-chip#24310
bzbarsky-apple
added a commit
that referenced
this issue
Jan 11, 2023
…amework perform device attestation checks. (#24371) * Allow using MTROperationalCertificateIssuer but letting the Matter framework perform device attestation checks. This gives MTROperationalCertificateIssuer implementations control over whether they want to take over the device attestation checks that require roots of trust or whether they want to allow Matter.framework to perform those checks itself, using the roots of trust it was provided. Fixes #24310 * Address review comment. * Address more review comments.
kkasperczyk-no
pushed a commit
to kkasperczyk-no/sdk-connectedhomeip
that referenced
this issue
Mar 15, 2023
…amework perform device attestation checks. (#24371) * Allow using MTROperationalCertificateIssuer but letting the Matter framework perform device attestation checks. This gives MTROperationalCertificateIssuer implementations control over whether they want to take over the device attestation checks that require roots of trust or whether they want to allow Matter.framework to perform those checks itself, using the roots of trust it was provided. Fixes project-chip/connectedhomeip#24310 * Address review comment. * Address more review comments.
kkasperczyk-no
pushed a commit
to kkasperczyk-no/sdk-connectedhomeip
that referenced
this issue
Mar 15, 2023
…amework perform device attestation checks. (#24371) * Allow using MTROperationalCertificateIssuer but letting the Matter framework perform device attestation checks. This gives MTROperationalCertificateIssuer implementations control over whether they want to take over the device attestation checks that require roots of trust or whether they want to allow Matter.framework to perform those checks itself, using the roots of trust it was provided. Fixes project-chip/connectedhomeip#24310 * Address review comment. * Address more review comments.
lecndav
pushed a commit
to lecndav/connectedhomeip
that referenced
this issue
Mar 22, 2023
…amework perform device attestation checks. (project-chip#24371) * Allow using MTROperationalCertificateIssuer but letting the Matter framework perform device attestation checks. This gives MTROperationalCertificateIssuer implementations control over whether they want to take over the device attestation checks that require roots of trust or whether they want to allow Matter.framework to perform those checks itself, using the roots of trust it was provided. Fixes project-chip#24310 * Address review comment. * Address more review comments.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now as soon as MTROperationalCertificateIssuer is set up on a controller that means that a bunch of attestation checks get delegated to the protocol instead of being done internally.
We should allow API consumers to control this, via either a method on the protocol or another member on the controller init params.
We could try to do this implicitly by checking for a non-empty productAttestationAuthorityCertificates on the factory, but seems better to make this explicit.
The text was updated successfully, but these errors were encountered: