flihp
commented
3 months ago these failure modes are largely determined by facade. Closing this issue so we can deal w/ this over there when necessary.
Closed flihp closed 3 months ago
flihp
commented
3 months ago these failure modes are largely determined by facade. Closing this issue so we can deal w/ this over there when necessary.
We're moving the signing process "online". One failure mode for the online signing is a potential mismatch between the SNs approved for manufacture and the one that a programming station is attempting to manufacture. This could be caused by a clerical error: the SN was omitted from the manufacturing batch or the SN scanned on the platform is one that was never approved for manufacture. In these cases remediation seems pretty straight forward: either add the SN to the approved batch or figure out why / how the wrong barcode got on the platform.
Additionally it could be that a certificate has already been issued for the given SN. This could indicate that a system with that SN has already been manufactured. In this case the failure mode is the same as above: figure out why the platform was assigned a duplicate SN, get it a new one, and add that SN to the approved batch if it isn't already. Alternative, if we cannot account for the certificate then we must revoke it. This implies that the SN assigned to the platform being manufactured will have to change.
This is relevant here because we must report the error and provide sufficient data to the caller such that they can determine which of the above scenarios they're in and what the appropriate remediation is.