Rewrite key management & signing
Extend compos_helper to support signing, use it from CompOS.
Expose the public key from the VM. Rename compos_verify_key to
compos_verify and get it to verify the signature against the current
instance's public key.
Also move DICE access to compos_key_main. There's no use having it in
the library - neither the tests nor compos_verify can use it - and it
complicates the build rules.
There's a lot more that can be deleted, but I'll do that in a
follow-up; this is big enough already.
Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I2d71f68a595d5ddadb2e7b16937fa6855f5db0ab
diff --git a/compos/apex/Android.bp b/compos/apex/Android.bp
index 6550b4f..4ff0635 100644
--- a/compos/apex/Android.bp
+++ b/compos/apex/Android.bp
@@ -42,7 +42,7 @@
binaries: [
// Used in Android
- "compos_verify_key",
+ "compos_verify",
"composd",
"composd_cmd",