The Microsoft Software key provider does not seem to support exporting
wrapped keys. In https://crrev.com/c/6297627 we made it so that all
unexportable keys on Windows are explicitly labelled instead. However,
that broke device trust for the installer: the installer creates TPM
keys running as Administrator, but Chrome then tries to read them as a
regular user, and this doesn't work when Windows stores key metadata.
This CL updates unexportable keys so that only software keys are
labelled, and TPM backed keys continue to be exported as wrapped keys
using the undocumented API. With this change, software keys work
again. Since the new path is only used by new code, the feature
flag is removed.
Eventually, we want Chrome to label TPM keys as well. That work is
blocked on https://crbug.com/400996795.
Fixed: 398125798
Change-Id: I02d87671da1e2e68d9c4cc91a480600dcc5852fd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6330919
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Nina Satragno <nsatragno@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1429035}
5dcf59b493