-
Notifications
You must be signed in to change notification settings - Fork 48
Open
Description
As part of the work to get MGS driven updates incorporated into the planner, we came across a roadbump. Previously, wicket created a RawHubrisArchive
from each artifact to verify the CMPA and CFPA pages against. In the planner, this step isn't as straightforward because we don't have access to the artifacts, but rather just the metadata. The TUF metadata does not contain any of this information from the RoT artifacts.
To get to a point where we have the information available to the planner we'll need the following work:
- Retrieve the Root Key Table Hash (RKTH) from the RoT artifacts before Nexus re-packages the TUF repo's RoT artifacts. Should be done as a new
lpc55_sign
routine. - Then we can store those hashes somewhere, perhaps the artifact metadata (
TufArtifactMeta
)? Will need input from @iliana on such kind-specific metadata. - Have the planner verify the RKTH against the CMPA/CFPA found in inventory as part of [reconfigurator] RoT planner support #8421.