When attempting to load a non-existent cert I got:
06-10 12:48:11.939 662 662 E fsverity_init: Failed to add key: Invalid argument
06-10 12:48:11.940 662 662 E fsverity_init: Failed to load key from stdin
06-10 12:48:11.941 648 648 I odsign : Added CompOs key to fs-verity keyring
Which looks like everything worked when nothing did.
Added more error checks on both sides.
Test: Presubmits
Test: Manual
Change-Id: Ib2b17ce75e58dafb0ad6905106e35b11b55e91d0
Soon we'll have a need for multiple fs-verity keys in the keyring; we
need a central place to manage the keys, as well as restrict the
keyring. fsverity_init makes most sense for this.
Allow fsverity_init to be called in 3 different ways:
--load-verified-keys: loads preloaded keys from trusted partitions
--load-extra-key: loads an additional key passed in from stdin; the key
name is given as an argument.
--lock: locks the keyring, and prevents new keys from being loaded
Bug: 165630556
Test: boot, cat /proc/keys/
Change-Id: I758e49a5c4229edc531d01ac2e8873a22a1da73e
Test: still see keys loaded from /product appears in /proc/keys
Test: Add X.509 DER cert files to keystore, see the key in
/proc/keys after reboot
Bug: 112038744
Change-Id: I08006d8befa69e4bf416a2bed9e1813725877147