Comment 3 for bug 1679739

The fixrtc solution feels like a bit of a workaround and not a solution. Even with the date/time set by fixrtc we've seen valid system-user assertions fail. The problem is that when a system-user assertion fails, you cannot login to the device to check the logs. From what I remember, it's a silent fail so you have no idea why the system-user is not created.

To me, the main issue is that validating a signed messaged on the local clock isn't secure or reliable.