tests/lib/fde-setup-hook: check that fde-setup-request is base64 in the hook
This acts as another real-world test, that the JSON sent over the wire when a
client wants to decode it as a string, they get a valid base64 string that when
decoded results in the same exact byte sequence as if a Go client decodes
directly into a []byte as the test does.
o/{device,hook}state: encode fde-setup-request key as base64 string
The spec states that the encryption key in the fde-setup-request JSON structure
that is passed to the hook via `snapctl` should be a string encoded as base64.
We missed the fact that this code was not doing that, since it was refactored
rather late in the cycle, and the existing test (and also the real world hook)
are both written in Go, and thus take advantage of Go's advanced JSON decoding
which handles both the case of
the same when decoding. Actually because of this fact, we can in fact change the
request we send to conform to the spec without breaking the existing client and
test.
To access the TEE (Trusted Execution Environment) subsystem in Linux access to /dev/tee0 and /dev/teepriv0 is necessary for client applications. This PR adds a new "tee" interface that grants access to these devices to client applications that have the interface connected (this is for example required for ARM devices using ARM Trusted Firmware with a secure watchdog timer. If the timer does not get triggered on a regular schedule from a secure-wdt user space daemon, the system will hard-reboot after a certain time defined in the bootloader code at build time).
ReadSystemEssentialAndBetterEarliestTime retrieves in one go
information about the model and essential snaps of the given types
for the Core 20 recovery system seed specified by seedDir and label
(which cannot be empty).
It can operate even if current system time is unreliable by taking
a earliestTime lower bound for current time.
It returns as well an improved lower bound by considering appropriate
assertions in the seed.
* asserts: Batch.CommitToAndObserve
have a variant of CommitTo that supports a callback to consider each
assertion immediately after it has been added to the database, at
which point it also verified