This patch changes from using biscuit to josekit for JWE.
josekit uses OpenSSL for its crypto instead of ring.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This should send people strongly to use the defaults, so that other
tools can easily determine whether policies are in use and what their
values are.
It still allows overriding them.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Clevis v15 added an additional argument, which is either an empty string
or the string "-y".
This argument is not used in this PIN, but we checked the exact number of
arguments to parse, which got changed.
This also accepts more additional arguments, and just ignores them.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This change makes it pass all the different possible values provided by the clevis tpm2
pin test suite.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>