From 9984b3e2691eefb22aa30e6779ceaf61c2b35654 Mon Sep 17 00:00:00 2001
From: zack olson <zack@kolide.co>
Date: Fri, 13 Sep 2024 14:53:14 -0400
Subject: [PATCH] fixup host logcheckpoint panic

---
 ee/secureenclavesigner/secureenclavesigner_darwin.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ee/secureenclavesigner/secureenclavesigner_darwin.go b/ee/secureenclavesigner/secureenclavesigner_darwin.go
index 163faae61..130eef9b7 100644
--- a/ee/secureenclavesigner/secureenclavesigner_darwin.go
+++ b/ee/secureenclavesigner/secureenclavesigner_darwin.go
@@ -114,6 +114,16 @@ func (ses *secureEnclaveSigner) Public() crypto.PublicKey {
 		return nil
 	}
 
+	// currentConsoleUserKey may return no error and a nil pointer where the inability
+	// to get the key is expected (see logic around calling firstConsoleUser). In this case,
+	// k will be a "typed" nil, as an uninitialized pointer to a ecdsa.PublicKey. We're returning
+	// this typed nil assigned as the crypto.PublicKey interface. This means that the interface's value
+	// will be nil, but it's underlying type will not be - so it will pass nil checks but panic
+	// when typecasted later. Explicitly return an untyped nil in this case to prevent confusion and panics later
+	if k == nil {
+		return nil
+	}
+
 	return k
 }