commit | 1c50ac95463d73117431bd2ebef3b90adb37e57a | [log] [tgz] |
---|---|---|
author | Michael Ershov <miersh@google.com> | Wed Dec 02 21:01:17 2020 |
committer | Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> | Wed Dec 02 21:01:17 2020 |
tree | e27ea42e0fa2879c306aa0452ce91158abefa76b | |
parent | 1340989ccd024354fd3aeef5c8ade33125bbbb05 [diff] |
Certificates for Lacros (MVP) This allows Lacros-Chrome access to the system-wide TPM slot, the per-user TPM slot, and per-user storage for certificates and trust settings, for enterprise-managed devices where the logged-in user is an affiliate of that enterprise. Rather than Lacros-Chrome directly interacting with the login services, it requests that Ash-Chrome notify it when the TPM and Cryptohome are available, receiving the path to the per-user storage and the result of TPM initialization. Lacros-Chrome can then initialize initialize a connection to the TPM (via a PKCS#11 module) and initialize storage at the path provided by Ash-Chrome. For users that are not affiliated, Chrome today enables access to both the per-user TPM and per-user storage. However, for Lacros-Chrome, this is a known issue and not yet supported (crbug.com/1146430). This is because loading the TPM unconditionally loads both the system and user slot today, while non-affiliated users should not have access to the system slot. The per-user storage will be loaded for all users with this CL. Similarly, using the system slot on the login screen is not yet supported, and will be addressed in a follow-up (crbug.com/1146430). Bug: 1145946 Change-Id: I2edc6e04c2de09f4c8a4d3bdca9c9ba5a9dee3fa Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2435642 Commit-Queue: Michael Ershov <miersh@google.com> Reviewed-by: David Roger <droger@chromium.org> Reviewed-by: Roland Bock <rbock@google.com> Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Reviewed-by: Erik Chen <erikchen@chromium.org> Cr-Commit-Position: refs/heads/master@{#832960}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .
For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.