This should send people strongly to use the defaults, so that other
tools can easily determine whether policies are in use and what their
values are.
It still allows overriding them.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Clevis v15 added an additional argument, which is either an empty string
or the string "-y".
This argument is not used in this PIN, but we checked the exact number of
arguments to parse, which got changed.
This also accepts more additional arguments, and just ignores them.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This change makes it pass all the different possible values provided by the clevis tpm2
pin test suite.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
It was decided to use standard base64 instead of base64-url because
that's what the Go implementation did by default for a []byte.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
My hardware TPM only supports AES128, so let's use that for now to
be more compatible.
The tpm_sym_def function does take a mutable ctx borrow, so that in
the future it can automatically detect the best supported symdef.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>