commit 692199289b76fba98f05dcd5b976fb6a07b66e9e
author Matthew Maurer <mmaurer@google.com> Tue Dec 10 07:09:13 2019 -0800
committer Matthew Maurer <mmaurer@google.com> Tue Dec 10 07:09:13 2019 -0800
tree 6999223ebeaa242a862c30398c221624a78bd185
parent c9e3fe061933374f2fe3d142df9e05a4558fdb4a

Empty-initialize verified_boot_key when unverified

Per https://source.android.com/security/keystore/attestation the
verified_boot_key needs to be empty if we are in the unverified state.
This change makes Trusty robust to bootloaders providing it a
verified_boot_key that was not used to verify the image.

Bug: 138606521
Test: atest CtsKeystoreTestCases; atest VtsHalKeymasterV4_0TargetTest
Change-Id: I05e94243405c680281d562e5185299c6da556e0b