We have had requests to support system-user assertions bound to specific device serials. Extending system-user this way makes sense but we need to be careful that at least properly extended assertions are not accepted like permissive assertions by old snapds.
A system-user assertion bound to serials must have:
-
format
set to 1 or greater -
models
header must be present with exactly one entry - a
serials
header with a list of serials (matching theserial
fields of the target device serial assertions`
Conversely a snapd supporting this and the signing code in it should reject a system-user assertion with a serials
header without the two conditions met on format
and models
.