Module credential_manager::source ·
- The |CredentialManager| is responsible for adding, removing and checking credentials. It communicates over the |PinWeaverProxy| to the
cr50_agentto seal and unseal credentials. The |CredentialManager| also has internal bookkeeping for the wrapped credential data which it stores in the |lookup_table| (a persistent atomic data store). In addition to this it must maintain a |hash_tree| which contains the merkle tree required for communicating over the PinWeaver protocol. The |hash_tree| is synced to disk after each operation.
- There are a small finite set of distinct disk write operations the CredentialManager can perform for any given PinWeaver operation. This defines all possible mutable operations that can be performed.
- Retry threshold for fast retrys for failed |CommitOperation|. After this threshold is reached the retry timeout will be extended from |COMMIT_RETRY_MIN_DELAY_MS| to |COMMIT_RETRY_MAX_DELAY_MS|. Note the first retry is always tried instantly.
- Maximum delay between retry attempts for |CommitOperation| after |COMMIT_FAILURE_FAST_RETRY_THRESHOLD| is reached. This means in the case of a persistent disk failure CredentialManager will retry the last |CommitOperation| once every 5 seconds.
- Minimum delay between retry attempts for |CommitOperation| after one instant retry.