Review comments for TPM attestation
Lots of comments and an updated boot test. Generously increase the timeout to eliminate random CI failures.
Test Plan: Boot test works
Bug: T499
X-Origin-Diff: phab/D319
GitOrigin-RevId: cf17fe7c599f670ff8b6f0ac60486f2a04f13a5a
diff --git a/core/internal/integrity/common.go b/core/internal/integrity/common.go
index 6850a12..52196ce 100644
--- a/core/internal/integrity/common.go
+++ b/core/internal/integrity/common.go
@@ -33,6 +33,7 @@
)
// Agent specifices the interface which every integrity agent needs to fulfill
+// TODO: This interface is not yet used, we call the TPM2 agent directly.
type Agent interface {
// Initialize needs to be called once and initializes the systems required to maintain integrity
// on the given platform.
@@ -42,8 +43,8 @@
// Initialize returns the cryptographic identity that it's bound to.
Initialize(newNode api.NewNodeInfo, enrolment api.EnrolmentConfig) (string, error)
- // Unlock performs all required actions to assure the integrity of the platform and retrieves
- // the unlock key in a secure manner
+ // Unlock performs all required actions to assure the integrity of the platform and securely retrieves
+ // the unlock key.
Unlock(enrolment api.EnrolmentConfig) ([]byte, error)
}