If this flag is not provided, an enteprise attestation certificate is automatically requested and uploaded.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
Once enabled, it allows to generate a CSR in the device, which is sent to our PKI. If valid, it returns a signed certificate by an intermediate CA that will be used for attestation.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
To do this a MSE command is added, to manage a secure environment. It performs a ephemeral ECDH exchange to derive a shared secret that will be used by vendor commands to convey ciphered data.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
It is a self implementation, based on CBOR command.
data[0] conveys the command and the contents mapped in CBOR encoding.
The map uses the authConfig template, where the fist item in the map is the subcommand (enable/disable at this moment), the second is a map of the parameters, the third and fourth are the pinUvParam and pinUvProtocol.
With this format only a single vendor HID command is necessary (0x41), which will be used for all my own commands, by using the command id in data[0] like with CBOR.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
Now it is possible to backup and restore the internal keys to recover a pico fido. The process is splitted in two parts: a list of 24 words and a file, which stores the security key.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
