It is desired that the seal/reseal code only operates on the input provided in
modeenv rather than poking other external structures. The change decouples the
lower level code from accessing the model directly.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* secboot: switch encryption key size to 32 byte (thanks to Chris)
We are using an incorrect size for encryption key in secboot. Chris
mentioned this a while ago and this commit fixes it and moves to
a 32 byte key instead of the 64 byte key.
* tests: update uc20-create-partitions-encrypt test to match new keysize
After opening the encrypted volume we need to be careful to close
it again if there is any error condition that prevents the model
checker from verifying that the model is authorized to read the
volume (thanks Samuele).
Adjusted code to the refactoring using kernel/fde.
Split responsibility to deal with v1/v2 hooks with kernel/fde.
Now dealing with aux key will come later.
this stops kernel/fde from importing secboot, which also means that
secboot can now kernel/fde naturally
rename/reorg/split secboot_tpm.go into hooks specific bits
and general secboot-using secboot_sb.go
