Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fido: Implement SupportsEpAtt for CrOS authenticator
Currently CrOS authenticator doesn't override the SupportsEnterpriseAttestation method, so it always returns false. Under this condition Chrome will never send a request with attestation preference = "enterprise". The CrOS authenticator actually supports enterprise attestation when U2F/G2F mode is enabled, which is determined by policy and device capability. Check whether U2F mode is enabled when initializing the authenticator and cache the result, and returns it in SupportsEnterpriseAttestation. Bug: b:226453823, 1328415 Test: manual test along with daemon side changes that a MakeCredential request that wants enterprise attestation will get a valid G2F cert instead of a software generated cert. Test: CQ (cherry picked from commit 7c4abaf) Change-Id: I33804907e7ce48534a553200d7a27c0fad222d52 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3659142 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Adam Langley <agl@chromium.org> Reviewed-by: Martin Kreichgauer <martinkr@google.com> Cr-Original-Commit-Position: refs/heads/main@{#1006584} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3685870 Auto-Submit: Howard Yang <hcyang@google.com> Cr-Commit-Position: refs/branch-heads/5060@{#492} Cr-Branched-From: b83393d-refs/heads/main@{#1002911}
- Loading branch information