From 9e52f1c75666036e4d524d7e7096309d06d1cab9 Mon Sep 17 00:00:00 2001
From: Nikias Bassen <nikias@gmx.li>
Date: Wed, 12 Jun 2024 14:59:48 +0200
Subject: [PATCH] tss: Revert strict 'Trusted' check and only bail out when not
 trusted and without RestoreRequestRules

The recent change caused TSS requests to be incomplete resulting
in restore failures. This commit should fix that.
---
 src/tss.c | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/tss.c b/src/tss.c
index f4be0fb..df13a07 100644
--- a/src/tss.c
+++ b/src/tss.c
@@ -633,12 +633,11 @@ int tss_request_add_ap_recovery_tags(plist_t request, plist_t parameters, plist_
 			continue;
 		}
 
-		if (!plist_dict_get_bool(manifest_entry, "Trusted")) {
-			debug("DEBUG: %s: Skipping '%s' as it is not trusted\n", __func__, key);
-			continue;
-		}
-
 		if (plist_dict_get_bool(parameters, "_OnlyFWComponents")) {
+			if (!plist_dict_get_bool(manifest_entry, "Trusted")) {
+				debug("DEBUG: %s: Skipping '%s' as it is not trusted\n", __func__, key);
+				continue;
+			}
 			if (!is_fw_payload(info_dict)) {
 				debug("DEBUG: %s: Skipping '%s' as it is not a firmware payload\n", __func__, key);
 				continue;
@@ -659,7 +658,7 @@ int tss_request_add_ap_recovery_tags(plist_t request, plist_t parameters, plist_
 		}
 
 		/* Make sure we have a Digest key for Trusted items even if empty */
-		if (!plist_dict_get_item(manifest_entry, "Digest")) {
+		if (plist_dict_get_bool(manifest_entry, "Trusted") && !plist_dict_get_item(manifest_entry, "Digest")) {
 			debug("DEBUG: No Digest data, using empty value for entry %s\n", key);
 			plist_dict_set_item(tss_entry, "Digest", plist_new_data(NULL, 0));
 		}
@@ -729,12 +728,18 @@ int tss_request_add_ap_tags(plist_t request, plist_t parameters, plist_t overrid
 			continue;
 		}
 
-		if (!plist_dict_get_bool(manifest_entry, "Trusted")) {
-			debug("DEBUG: %s: Skipping '%s' as it is not trusted\n", __func__, key);
-			continue;
+		if (plist_dict_get_bool(parameters, "ApSupportsImg4")) {
+			if (!plist_dict_get_item(info_dict, "RestoreRequestRules") && !plist_dict_get_bool(manifest_entry, "Trusted")) {
+				debug("DEBUG: %s: Skipping '%s' as it doesn't have RestoreRequestRules and is not Trusted\n", __func__, key);
+				continue;
+			}
 		}
 
 		if (plist_dict_get_bool(parameters, "_OnlyFWComponents")) {
+			if (!plist_dict_get_bool(manifest_entry, "Trusted")) {
+				debug("DEBUG: %s: Skipping '%s' as it is not trusted\n", __func__, key);
+				continue;
+			}
 			if (!is_fw_payload(info_dict)) {
 				debug("DEBUG: %s: Skipping '%s' as it is not a firmware payload\n", __func__, key);
 				continue;
@@ -764,7 +769,7 @@ int tss_request_add_ap_tags(plist_t request, plist_t parameters, plist_t overrid
 		}
 
 		/* Make sure we have a Digest key for Trusted items even if empty */
-		if (!plist_dict_get_item(manifest_entry, "Digest")) {
+		if (plist_dict_get_bool(manifest_entry, "Trusted") && !plist_dict_get_item(manifest_entry, "Digest")) {
 			debug("DEBUG: No Digest data, using empty value for entry %s\n", key);
 			plist_dict_set_item(tss_entry, "Digest", plist_new_data(NULL, 0));
 		}