Because of the deserialize implementation that's automatically generated, at this moment the expected value for the public_key_store in the manufacturing server is a CBOR array of the DER certificate. This commit adds a new type PlainBytes which (de)serializes transparently, and makes the manufacturing server use it for the public key store.
NOTE: this means that with this patch, the store format on disk changes. This store is a ReadOnly (the server will never write to it), but if anyone would've put a CBOR file in place, that will now fail to open. Raw DER was always the intention (and documented) format, but it still is a risk.
tested, works as expected, @puiterwijk you've got a commit lint warning, can you rename your commit to something like "fix: deserialize plain DI certs as raw DER", thanks!
Because of the deserialize implementation that's automatically generated, at this moment the expected value for the public_key_store in the manufacturing server is a CBOR array of the DER certificate. This commit adds a new type PlainBytes which (de)serializes transparently, and makes the manufacturing server use it for the public key store.
NOTE: this means that with this patch, the store format on disk changes. This store is a ReadOnly (the server will never write to it), but if anyone would've put a CBOR file in place, that will now fail to open. Raw DER was always the intention (and documented) format, but it still is a risk.
Fixes: #477