Handle upgrade of domain security level
Created by: gicmo
Question is how to handle the following situation:
Security level is user
(or maybe none
, see issue #29 (closed)), the device is enrolled, but without a key because the security level does not allow for it (we currently only store a key in the DB that we know is stored also in the NVM, which I think is sensible).
Now what should be done if the security level gets "upgraded" to secure
in the BIOS. On the next (auto) authorization we could create a key, authorize with it and store it in the database. Should this always be allowed, or should we have a policy per device for it?