Change the low-level Quote() functions so that the PCRs to be
included in the quote is selectable. Does not change the
high-level attestPlatform functions, which still retrieve
all PCRs.
The change is a no-op for existing clients, and it will simplify
adding the support for ECC EKs. The activation code no longer makes
assumptions about EK's type and handle (i.e. RSA and 0x81010001),
and instead relies on TPM.EKs() to provide the EK's details.
In `wrappedTPM20.getPrimaryKeyHandle()`, preserve any error from the
short-circuit `tpm2.ReadPublic()` logic, so that we can return it
alongside any failure in `tpm2.CreatePrimary()`
Co-authored-by: Justin King-Lacroix <justinkl@google.com>
* replace CertifyCreation() by CertifyEx() to handle certification of objects for which we cannot extract CreationData
* add AK.Certify(handle) allowing to certify externally-created keys
* replace ReadPublic() by DecodePublic() when creating and loading keys: the current implementation calls ReadPublic() even if public data is already accessible
* drop handle() from the ak interface: it is unnecessary
* add Blobs() to attest.Key: to allow agnostic key marshaling
Found manually looking through the code. The activate credential could
crash the client, the secureboot and challenge generation could crash
the server.
