We have had requests to support system-user assertions bound to specific device serials. Extending system-user this way makes sense but we need to be careful that at least properly extended assertions are not accepted like permissive assertions by old snapds.
A system-user assertion bound to serials must have:
-
formatset to 1 or greater -
modelsheader must be present with exactly one entry - a
serialsheader with a list of serials (matching theserialfields of the target device serial assertions`
Conversely a snapd supporting this and the signing code in it should reject a system-user assertion with a serials header without the two conditions met on format and models.