Add check for return code in DeviceKey to avoid injecting invalid ROT #12667
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary of changes
Check return code of the random generator before injecting the root of trust.
Without this check, an invalid - and therefore insecure - ROT may be used like in #9278.
This bug was introduced in #12385.
Impact of changes
Invalid ROTs won't be used.
Migration actions required
None. This bug was introduced in the v6-alpha and therefore isn't critical as the alpha may not be used for production devices.
Documentation
None. This bug was introduced in the v6-alpha and therefore isn't critical as the alpha may not be used for production devices.
Pull request type
Test results