Skip to content

Refactor Voucher Persistence Interfaces #151

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 30, 2025
Merged

Refactor Voucher Persistence Interfaces #151

merged 2 commits into from
Oct 30, 2025

Conversation

@ben-krieger
Copy link
Member

@ben-krieger ben-krieger commented Sep 18, 2025
edited
Loading

Fixes #140

@ben-krieger ben-krieger force-pushed the onboarded-device-new-voucher-to-mfg-vouchers-table branch 3 times, most recently from 03c3b8a to ba89fa3 Compare September 19, 2025 14:41
@ben-krieger ben-krieger force-pushed the onboarded-device-new-voucher-to-mfg-vouchers-table branch from ba89fa3 to 2d37c54 Compare September 23, 2025 02:16
@ben-krieger ben-krieger deleted the onboarded-device-new-voucher-to-mfg-vouchers-table branch September 23, 2025 02:16
@ben-krieger ben-krieger restored the onboarded-device-new-voucher-to-mfg-vouchers-table branch September 23, 2025 02:32
@ben-krieger ben-krieger reopened this Sep 23, 2025
@ben-krieger ben-krieger force-pushed the onboarded-device-new-voucher-to-mfg-vouchers-table branch 4 times, most recently from b3d9cf9 to 5b70e31 Compare September 24, 2025 04:06
@ben-krieger ben-krieger force-pushed the onboarded-device-new-voucher-to-mfg-vouchers-table branch 3 times, most recently from 499c50d to ff7f8c0 Compare October 1, 2025 16:59
@ben-krieger ben-krieger force-pushed the onboarded-device-new-voucher-to-mfg-vouchers-table branch from ff7f8c0 to 630d15f Compare October 1, 2025 17:11
@ben-krieger
Copy link
Member Author

TinyGo tests are failing. Once tinygo-org/tinygo#5058 is merged, the container hash in .github/workflows/test.yml should be updated.

@ben-krieger ben-krieger force-pushed the onboarded-device-new-voucher-to-mfg-vouchers-table branch from 630d15f to d8b4a55 Compare October 1, 2025 17:34
@ben-krieger ben-krieger force-pushed the onboarded-device-new-voucher-to-mfg-vouchers-table branch from d8b4a55 to 8c77019 Compare October 1, 2025 17:46
@runcom
Copy link
Member

runcom commented Oct 6, 2025

TinyGo tests are failing. Once tinygo-org/tinygo#5058 is merged, the container hash in .github/workflows/test.yml should be updated.

is that a requirement for this PR? or we can go ahead and review/merge this one?

@ben-krieger ben-krieger changed the title Put New Voucher for Onboarded Device in "Manufacturer" Vouchers Table Refactor Voucher Persistence Interfaces Oct 6, 2025
@ben-krieger ben-krieger marked this pull request as ready for review October 6, 2025 10:59
@ben-krieger ben-krieger requested a review from runcom October 6, 2025 11:01
@ben-krieger
Copy link
Member Author

TinyGo tests are failing. Once tinygo-org/tinygo#5058 is merged, the container hash in .github/workflows/test.yml should be updated.

is that a requirement for this PR? or we can go ahead and review/merge this one?

Let's start reviewing. The TinyGo fix can be separate.

One thing about this PR is that it doesn't actually track onboarded state, because that's a bit nebulous.

One concrete example we might wonder about is how might an owner service know to stop TO0 when using the Credential Reuse Protocol?

@runcom
Copy link
Member

runcom commented Oct 6, 2025

One concrete example we might wonder about is how might an owner service know to stop TO0 when using the Credential Reuse Protocol?

I think there are specific things to look for in https://fidoalliance.org/specs/FDO/FIDO-Device-Onboard-PS-v1.1-20220419/FIDO-Device-Onboard-PS-v1.1-20220419.html#credreuse in order to make the right call (however complex).
But also, I guess at the Owner services, we can also just say "if you're using credential reuse, then you must hit this API endpoint to trigger to0 manually again".
Meaning:

  • first onboard, we stop to0 but we know it's a credential reuse case as per the spec
  • second onboard, we allow hitting the to0 endpoint because we know (internal state) that the voucher can do it again because of reuse protocol

Something like the above, the implementation can decide what to support anyway right? here we need to make sure we can tell we're in these cases I guess (or provide useful callback to inspect where we're at)

@runcom
Copy link
Member

runcom commented Oct 8, 2025

I guess it's totally our call in the Owner service implementation to decide to actually support the reuse protocol at all (via a knob for instance)

The intended use case for this protocol is to support demos and testing scenarios where the onboarding can be run repeatedly and quickly without having to change the Ownership Voucher or resetting the system after each onboarding. Since credential reuse can permit the previous Owner unlimited access to the device, it is NOT recommended for use in the normal device supply chain.

@ben-krieger ben-krieger mentioned this pull request Oct 9, 2025
Closed
kgiusti
kgiusti reviewed Oct 16, 2025
View reviewed changes
sqlite/sqlite.go
// compatibility. Therefore, it is an allowed state to have both the
// replacement voucher and the previous voucher. An implementation that
// does not need to work with Cloudflare D1 should use a transaction.
if err := db.AddVoucher(ctx, ov); err != nil {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just for my own education - not requesting a change or anything like that - but won't this fail if the GUIDs are the same rather than add an additional voucher with the same GUID? I'm no expert on sqlite but I thought that an INSERT would fail by default if there's already a record present with the same key.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nm - I missed the fact that the passed guid is the guid of the voucher to be replaced (d'oh!) and is not the same guid used in the AddVoucher call. So yeah - this LGTM.

runcom
runcom approved these changes Oct 22, 2025
View reviewed changes
Copy link
Member

@runcom runcom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@runcom
Copy link
Member

runcom commented Oct 30, 2025

test was an hiccup, re-run and now it's green, merging

@runcom runcom merged commit 1521ac2 into main Oct 30, 2025
9 of 12 checks passed
@runcom runcom deleted the onboarded-device-new-voucher-to-mfg-vouchers-table branch October 30, 2025 08:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@runcom runcom runcom approved these changes

+1 more reviewer

@kgiusti kgiusti kgiusti left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Should ReplaceVoucher Delete from owner_vouchers and Move to mfg_vouchers?

4 participants

@ben-krieger @runcom @kgiusti