Review comments for TPM attestation
Lots of comments and an updated boot test. Generously increase the timeout to eliminate random CI failures.
Test Plan: Boot test works
Bug: T499
X-Origin-Diff: phab/D319
GitOrigin-RevId: cf17fe7c599f670ff8b6f0ac60486f2a04f13a5a
diff --git a/core/internal/api/nodemanagement.go b/core/internal/api/nodemanagement.go
index 2becd00..f193d5c 100644
--- a/core/internal/api/nodemanagement.go
+++ b/core/internal/api/nodemanagement.go
@@ -109,7 +109,7 @@
func (s *Server) TPM2Unlock(unlockServer api.NodeManagementService_TPM2UnlockServer) error {
nonce := make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
- return status.Error(codes.Unavailable, "failed to get randonmess")
+ return status.Error(codes.Unavailable, "failed to get randomness")
}
if err := unlockServer.Send(&api.TPM2UnlockFlowResponse{
Stage: &api.TPM2UnlockFlowResponse_UnlockInit{
@@ -191,7 +191,7 @@
challengeNonce := make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, challengeNonce); err != nil {
- return status.Error(codes.Unavailable, "failed to get randonmess")
+ return status.Error(codes.Unavailable, "failed to get randomness")
}
challenge, challengeBlob, err := tpm.MakeAKChallenge(registerReq.EkPubkey, registerReq.AkPublic, challengeNonce)
if err != nil {
@@ -199,7 +199,7 @@
}
nonce := make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
- return status.Error(codes.Unavailable, "failed to get randonmess")
+ return status.Error(codes.Unavailable, "failed to get randomness")
}
if err := registerServer.Send(&api.TPM2FlowResponse{Stage: &api.TPM2FlowResponse_AttestRequest{AttestRequest: &api.TPM2AttestRequest{
AkChallenge: challenge,