Rewrite key management & signing Extend compos_helper to support signing, use it from CompOS. Expose the public key from the VM. Rename compos_verify_key to compos_verify and get it to verify the signature against the current instance's public key. Also move DICE access to compos_key_main. There's no use having it in the library - neither the tests nor compos_verify can use it - and it complicates the build rules. There's a lot more that can be deleted, but I'll do that in a follow-up; this is big enough already. Bug: 218494522 Test: atest CompOsSigningHostTest CompOsDenialHostTest Change-Id: I2d71f68a595d5ddadb2e7b16937fa6855f5db0ab

commit: 16fb8555e8a8e39a7339f7a29f2e3c4aea918d7d [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Thu Feb 10 15:07:27 2022 +0000
committer: Alan Stokes <alanstokes@google.com> Thu Feb 17 16:58:32 2022 +0000
tree: bb85000ec0f7df1fe64b933a211c77952ae82240
parent: dcff1e7e2330ec7f83ad5e620aaa8c41d0663499 [diff] [blame]
diff --git a/compos/common/timeouts.rs b/compos/common/timeouts.rs
index e6cc430..b3ec1e5 100644
--- a/compos/common/timeouts.rs
+++ b/compos/common/timeouts.rs

@@ -56,7 +56,7 @@
     // Note: the source of truth for these odrefresh timeouts is art/odrefresh/odr_config.h.
     odrefresh_max_execution_time: Duration::from_secs(300),
     odrefresh_max_child_process_time: Duration::from_secs(90),
-    vm_max_time_to_ready: Duration::from_secs(15),
+    vm_max_time_to_ready: Duration::from_secs(20),
 };
 
 /// The timeouts that we use when need_extra_time() returns true.
commit	16fb8555e8a8e39a7339f7a29f2e3c4aea918d7d	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Thu Feb 10 15:07:27 2022 +0000
committer	Alan Stokes <alanstokes@google.com>	Thu Feb 17 16:58:32 2022 +0000
tree	bb85000ec0f7df1fe64b933a211c77952ae82240
parent	dcff1e7e2330ec7f83ad5e620aaa8c41d0663499 [diff] [blame]