Review comments for TPM attestation
Lots of comments and an updated boot test. Generously increase the timeout to eliminate random CI failures.
Test Plan: Boot test works
Bug: T499
X-Origin-Diff: phab/D319
GitOrigin-RevId: cf17fe7c599f670ff8b6f0ac60486f2a04f13a5a
diff --git a/core/pkg/tpm/credactivation_compat.go b/core/pkg/tpm/credactivation_compat.go
index 0a848d2..039f8d5 100644
--- a/core/pkg/tpm/credactivation_compat.go
+++ b/core/pkg/tpm/credactivation_compat.go
@@ -18,9 +18,11 @@
// This file is adapted from github.com/google/go-tpm/tpm2/credactivation which outputs broken
// challenges for unknown reasons. They use u16 length-delimited outputs for the challenge blobs
-// which is incorrect.
+// which is incorrect. Rather than rewriting the routine, we only applied minimal fixes to it
+// and skip the ECC part of the issue (because we would rather trust the proprietary RSA implementation).
+//
// TODO(lorenz): I'll eventually deal with this upstream, but for now just fix it here (it's not that)
-// much code after all.
+// much code after all (https://github.com/google/go-tpm/issues/121)
import (
"crypto/aes"