Class StrictMode`Abstract`

The device supports the default and strict full basic attestation modes as described in the nevisFIDO documentation. It also supports surrogate basic.

However, since it does not have a StrongBox that the SDK can use to store the FIDO UAF credentials, the strict-strongbox mode is not supported.

If the device supports this mode, then:

The FIDO UAF keys will be stored in a Trusted Execution Environment (TEE), and thus keymasterSecurityLevel will be SecurityLevel.TrustedEnvironment.
The certificate chain was successfully validated, and thus certificateChainValidationResult returns CertificateChainValidationResult.Success.
The value of keymasterVersion is 2 or higher.
The verified boot state is valid (isVerifiedBootStateValid returns true).
The device bootloader is locked (isDeviceBootloaderLocked returns true).

Hierarchy (View Summary)

FidoUafAttestationInformation
- StrictMode

Index

Properties

keymasterSecurityLevel keymasterVersion isDeviceBootloaderLocked isVerifiedBootStateValid certificateChainValidationResult

Methods

fromJson

Properties

`Abstract`keymasterSecurityLevel

keymasterSecurityLevel: SecurityLevel

The SecurityLevel of the environment where the FIDO UAF keys are stored. This provides information about the security of the environment where the keys are stored.

`Abstract`keymasterVersion

keymasterVersion: number

The keymaster version.

`Abstract`isDeviceBootloaderLocked

isDeviceBootloaderLocked: boolean

Returns true if the device's bootloader is locked, and false otherwise.

`Abstract`isVerifiedBootStateValid

isVerifiedBootStateValid: boolean

Returns true if the boot state is Verified. Compromised devices (such as some root devices) do not have a valid boot state.

`Abstract`certificateChainValidationResult

certificateChainValidationResult: CertificateChainValidationResult

The result of the certificate chain validation.

In devices supporting full basic attestation (OnlyDefaultMode, StrictMode or StrictStrongBoxMode), when a new key is created the device must generate an associated certificate chain (or certification path) that fulfills the following criteria:

The root certificate is a known Google root certificate.
The certificate chain is valid: it does not contain a certificate in the CRL, no certificate is expired, the certificates in the chain are signed with the previous one, etc.

So, when a device supports full basic, returns CertificateChainValidationResult.Success.

Methods

`Static`fromJson

fromJson(json: any): StrictMode
Alternate constructor that creates a StrictMode from a json.
Parameters
- json: any
  contains the source for instance creation.
Returns StrictMode
the created StrictMode instance.

Overrides FidoUafAttestationInformation.fromJson

Class StrictMode`Abstract`

Hierarchy (View Summary)

Index

Properties

Methods

Properties

`Abstract`keymasterSecurityLevel

`Abstract`keymasterVersion

`Abstract`isDeviceBootloaderLocked

`Abstract`isVerifiedBootStateValid

`Abstract`certificateChainValidationResult

Methods

`Static`fromJson

Parameters

Returns StrictMode

Settings

On This Page

Class StrictModeAbstract

Hierarchy (View Summary)

Index

Properties

Methods

Properties

AbstractkeymasterSecurityLevel

AbstractkeymasterVersion

AbstractisDeviceBootloaderLocked

AbstractisVerifiedBootStateValid

AbstractcertificateChainValidationResult

Methods

StaticfromJson

Parameters

Returns StrictMode

Settings

On This Page

Class StrictMode`Abstract`

`Abstract`keymasterSecurityLevel

`Abstract`keymasterVersion

`Abstract`isDeviceBootloaderLocked

`Abstract`isVerifiedBootStateValid

`Abstract`certificateChainValidationResult

`Static`fromJson