System-user bound to serial(s)

We have had requests to support system-user assertions bound to specific device serials. Extending system-user this way makes sense but we need to be careful that at least properly extended assertions are not accepted like permissive assertions by old snapds.

A system-user assertion bound to serials must have:

  • format set to 1 or greater
  • models header must be present with exactly one entry
  • a serials header with a list of serials (matching the serial fields of the target device serial assertions`

Conversely a snapd supporting this and the signing code in it should reject a system-user assertion with a serials header without the two conditions met on format and models.

There is a PR for this now at

This will be supported by snapd in 2.46.