Class StrictStrongBoxMode`Abstract`

The device supports the default, strict and strict-strongbox full basic attestation modes as described in the nevisFIDO documentation. It also supports surrogate basic.

If the device supports this mode, then:

The FIDO UAF keys will be stored in the StrongBox, and thus keymasterSecurityLevel will be SecurityLevel.StrongBox.
The certificate chain was successfully validated, and thus certificateChainValidationResult returns CertificateChainValidationResult.Success.
The value of keymasterVersion is 2 or higher.
The verified boot state is valid (isVerifiedBootStateValid returns true).
The device bootloader is locked (isDeviceBootloaderLocked returns true).

Hierarchy (View Summary)

FidoUafAttestationInformation
- StrictStrongBoxMode

Index

Properties

keymasterSecurityLevel keymasterVersion isDeviceBootloaderLocked isVerifiedBootStateValid certificateChainValidationResult

Methods

fromJson

Properties

`Abstract`keymasterSecurityLevel

keymasterSecurityLevel: SecurityLevel

The SecurityLevel of the environment where the FIDO UAF keys are stored. This provides information about the security of the environment where the keys are stored.

`Abstract`keymasterVersion

keymasterVersion: number

The keymaster version.

`Abstract`isDeviceBootloaderLocked

isDeviceBootloaderLocked: boolean

Returns true if the device's bootloader is locked, and false otherwise.

`Abstract`isVerifiedBootStateValid

isVerifiedBootStateValid: boolean

Returns true if the boot state is Verified. Compromised devices (such as some root devices) do not have a valid boot state.

`Abstract`certificateChainValidationResult

certificateChainValidationResult: CertificateChainValidationResult

The result of the certificate chain validation.

In devices supporting full basic attestation (OnlyDefaultMode, StrictMode or StrictStrongBoxMode), when a new key is created the device must generate an associated certificate chain (or certification path) that fulfills the following criteria:

The root certificate is a known Google root certificate.
The certificate chain is valid: it does not contain a certificate in the CRL, no certificate is expired, the certificates in the chain are signed with the previous one, etc.

So, when a device supports full basic, returns CertificateChainValidationResult.Success.

Methods

`Static`fromJson

fromJson(json: any): StrictStrongBoxMode
Alternate constructor that creates a StrictStrongBoxMode from a json.
Parameters
- json: any
  contains the source for instance creation.
Returns StrictStrongBoxMode
the created StrictStrongBoxMode instance.

Overrides FidoUafAttestationInformation.fromJson

Class StrictStrongBoxMode`Abstract`

Hierarchy (View Summary)

Index

Properties

Methods

Properties

`Abstract`keymasterSecurityLevel

`Abstract`keymasterVersion

`Abstract`isDeviceBootloaderLocked

`Abstract`isVerifiedBootStateValid

`Abstract`certificateChainValidationResult

Methods

`Static`fromJson

Parameters

Returns StrictStrongBoxMode

Settings

On This Page

Class StrictStrongBoxModeAbstract

Hierarchy (View Summary)

Index

Properties

Methods

Properties

AbstractkeymasterSecurityLevel

AbstractkeymasterVersion

AbstractisDeviceBootloaderLocked

AbstractisVerifiedBootStateValid

AbstractcertificateChainValidationResult

Methods

StaticfromJson

Parameters

Returns StrictStrongBoxMode

Settings

On This Page

Class StrictStrongBoxMode`Abstract`

`Abstract`keymasterSecurityLevel

`Abstract`keymasterVersion

`Abstract`isDeviceBootloaderLocked

`Abstract`isVerifiedBootStateValid

`Abstract`certificateChainValidationResult

`Static`fromJson