-
-
Notifications
You must be signed in to change notification settings - Fork 680
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace T3T1 debug caPubKey
#3765
Comments
Just so you know, this turns out to be more difficult than anticipated. The staging environment will refuse to sign emulator's certificate because it is not issued by Optiga. We need to grab the staging HSM, install a modified firmware that lifts this restriction, and then sign the certificate. |
Ok, I thought it would be straightforward since it works for T2B1. Worst case scenario, we can skip the authenticity checks until this is implemented, it is possible to set that in Suite settings. Also, i notice that debug rootPubKey in Suite is wrong, the corect value is |
that's because T3B1 is (currently) using the same authority root as T2B1, no? so we send the literal same certificate and it passes the checks on your side. |
Sorry, I meant T2B1. |
Debug value for
caPubKey
should be:04829e8965018feb542e9236c9b2ce08f864a55ed9183d0259564f0e05345b04676a0bef36c59d21d3c24868b5601f0b1193a6bfcf6d814e1cfb79c2256a05e953
.This is necessary to pass the check in Suite debug mode when emulator is used. Current value is:
04ba6084cb9fba7c86d5d5a86108a91d55a27056da4eabbedde88a95e1cae8bce3620889167aaf7f2db166998f950984aa195e868f96e22803c3cd991be31d39e7
It is the same key as for T2B1 - therefore validation fails here.
Suite expects these keys.
The text was updated successfully, but these errors were encountered: