Check the signature on the EEK Chain.
Signatures on the EEK chain weren't actually being checked when RKP was
being run in test mode. This is not the desired behavior. When in test
mode, the only thing that should be disabled is verifying that the EEK
Chain root matches the Google root. The EEK Chain provided to KM should
still be a valid chain, where each certificate verifies the next one.
Fixes: 190942528
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ibc4697a29a84e3840aa3f19733aeea212fcf6236
Merged-In: Ibc4697a29a84e3840aa3f19733aeea212fcf6236
3 files changed