fix tests

kernel/fde/fde.go

@@ -68,7 +68,7 @@ func unmarshalInitialSetupResult(hookOutput []byte) (*InitialSetupResult, error)
 			return nil, fmt.Errorf("cannot decode hook output %q: %v", hookOutput, err)
 		}
 		// v1 hooks do not support a handle
-		handle := json.RawMessage("{v1-no-handle: true}")
+		handle := json.RawMessage(`{"v1-no-handle": true}`)
 		res.Handle = &handle
 		res.EncryptedKey = hookOutput
 	}

secboot/secboot_tpm.go

@@ -1007,11 +1007,15 @@ func MarshalKeys(key []byte, auxKey []byte) []byte {
 	return sb.MarshalKeys(key, auxKey)
 }
 
-func WriteKeyData(name, path string, encryptedPayload, auxKey []byte, handle *json.RawMessage) error {
+func WriteKeyData(name, path string, encryptedPayload, auxKey []byte, rawhandle *json.RawMessage) error {
+	handle, err := json.Marshal(*rawhandle)
+	if err != nil {
+		return err
+	}
 	kd, err := sb.NewKeyData(&sb.KeyCreationData{
 		PlatformKeyData: sb.PlatformKeyData{
 			EncryptedPayload: encryptedPayload,
-			Handle:           *handle,
+			Handle:           handle,
 		},
 		PlatformName: fdeHooksPlatformName,
 		AuxiliaryKey: auxKey,

tests/lib/fde-setup-hook/fde-setup.go

@@ -35,14 +35,15 @@ type fdeSetupJSON struct {
 }
 
 type fdeSetupResultJSON struct {
-	EncryptedKey []byte `json:"encrypted-key"`
+	// XXX call this encrypted-key if possible?
+	EncryptedKey []byte `json:"sealed-key"`
 	Handle       []byte `json:"handle"`
 }
 
 // Note that in real implementations this would be something like an
 // internal handle for the crypto hardware and generated in "initial-setup"
 // for each key
-var testKeyHandle = []byte("my-demo-handle-do-not-use-in-production")
+var testKeyHandle = []byte(`{"some":"json-handle"}`)
 
 var (
 	// used in tests