From a6dd0736428ee881f1f5379a144822a6b36b015d Mon Sep 17 00:00:00 2001 From: Carmen Hanish Date: Tue, 7 Jul 2026 02:43:25 -0700 Subject: [PATCH] Log if chain security level does not match key description. PiperOrigin-RevId: 943772580 --- src/main/kotlin/Verifier.kt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/main/kotlin/Verifier.kt b/src/main/kotlin/Verifier.kt index ed38e6d..5ca0c96 100644 --- a/src/main/kotlin/Verifier.kt +++ b/src/main/kotlin/Verifier.kt @@ -304,6 +304,11 @@ constructor( val securityLevel = minOf(keyDescription.attestationSecurityLevel, keyDescription.keyMintSecurityLevel) + if (securityLevel != certPath.securityLevel()) { + log?.logInfoMessage( + "Security level mismatch: attestation security level is ${keyDescription.attestationSecurityLevel} and chain security level is ${certPath.securityLevel()}" + ) + } val rootOfTrust = keyDescription.hardwareEnforced.rootOfTrust val verifiedBootState = rootOfTrust?.verifiedBootState ?: VerifiedBootState.UNVERIFIED val deviceLocked = rootOfTrust?.deviceLocked ?: false