Closed tcarmelveilleux closed 1 year ago
@anush-apple @woody-apple FYI.
@tcarmelveilleux Can you provide an example API that would fit the needs here?
@tcarmelveilleux Anything remaining here that's needed? If so, we can move back into 1.0.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
@tcarmelveilleux I believe the API needed is now complete, and working, correct? Please re-open if needed.
Problem
The API surface for Darwin commissioning flows prevents passing a Device Attestation Verifier equivalent that would allow arbitrary policy checks, and allow aggregation/saving of the DAC cert chain and attestation elements/signature, which are needed to do an end-to-end attestation flow if the CA resides off the device (e.g. if running a custom fabric in a multi-fabric situation with app on iOS with Matter framework). Similarly, this prevents having rules that simplify the usage/trust of development device attesattion credentials in a given fabric, where additional rules or validations may be needed.
Proposed Solution
DeviceAttestationVerifier::VerifyAttestationInformation
API surface, if the default policy is insufficient.