Google Git
Sign in
chromium / chromiumos / platform / factory / 2e53b7894326c7594c49ffaa544a6a2447ca2036
commit2e53b7894326c7594c49ffaa544a6a2447ca2036[log] [tgz]
authorMattias Nissler <mnissler@chromium.org>Fri Apr 24 08:56:38 2015
committerChromeOS Commit Bot <chromeos-commit-bot@chromium.org>Mon Apr 27 23:29:35 2015
treecb453b42a495fb3a7cc279e485e03c9170d2900e
parent014a5c74a62ec04131b4ad8201422120bcd00479 [diff]
factory: Turn off logging for device secret generation.

Stable device secrets are sensitive and should never leave the device.
This changes prevents the command that generates the secret from being
logged, so the secret doesn't show up in logs that the factory may
extract from the device. Furthermore, the code now intercepts any
exceptions and strips exception data to make sure exception handling
will not leak device secrets to the logs.

BUG=chromium:466388
TEST=Ran finalization, checked that the secret doesn't show up in logs.

Change-Id: I16b71ffedbdc3b9712451c357483914ea35fd548
Reviewed-on: https://chromium-review.googlesource.com/266994
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Bowgo Tsai <bowgotsai@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Commit-Queue: Mattias Nissler <mnissler@chromium.org>
2 files changed
tree: cb453b42a495fb3a7cc279e485e03c9170d2900e
  1. bin/
  2. doc/
  3. go/
  4. init/
  5. misc/
  6. proto/
  7. py/
  8. py_pkg/
  9. setup/
  10. sh/
  11. third_party/
  12. .gitignore
  13. LICENSE
  14. Makefile
  15. OWNERS
  16. PRESUBMIT.cfg
  17. pylintrc
  18. README