Rewrite key management & signing
Extend compos_helper to support signing, use it from CompOS.
Expose the public key from the VM. Rename compos_verify_key to
compos_verify and get it to verify the signature against the current
instance's public key.
Also move DICE access to compos_key_main. There's no use having it in
the library - neither the tests nor compos_verify can use it - and it
complicates the build rules.
There's a lot more that can be deleted, but I'll do that in a
follow-up; this is big enough already.
Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I2d71f68a595d5ddadb2e7b16937fa6855f5db0ab
diff --git a/compos/src/compsvc_main.rs b/compos/src/compsvc_main.rs
index 16e3031..f0af752 100644
--- a/compos/src/compsvc_main.rs
+++ b/compos/src/compsvc_main.rs
@@ -19,6 +19,7 @@
mod artifact_signer;
mod blob_encryption;
mod compilation;
+mod compos_key;
mod compsvc;
mod dice;
mod fsverity;