Anderson Sasaki

> @ansasaki this is looking good. Is it still a WIP? Yes, but I believe it is almost done. I'm working on the changes in the entire code to use...

@mpeters I think it is now good enough for a final review. I managed to run a minimal attestation test (manually with all services running on the same machine) using...

@THS-on I'm thinking on reverting the change that drops support for encrypted private keys. Is there a particular reason why you added this change to the configuration enhancement proposal?

> @ansasaki my idea was to do simplifications where possible. We had a mix of keys were only in some cases the encryption was supported. In my opinion there is...

>I think the problem is that config files under /etc/keylime/ won't appear on a test system with keylime installation. I can see you have a migration script but how is...

> Clearly the code expects just one hash (not list of hashes) to be stored in `tpm_hash_alg`, however `tpm_hash_alg = ['sha256']` seems to be unnecessarily complicated. Should it be changed...

> Also, do you plan to use config defaults defined in a code, in case the option is missing in a config file? > Accidentally, I have also seen `tpm_encryption_alg`...

After requesting the agent deletion, the tenant verifies that the agent was actually deleted by requesting the agent to the verifier and checking that it returns 404. The problem is...

I've reported a related issue to OpenSSL: https://github.com/openssl/openssl/issues/8767 Some time ago I tried to use something similar to be able to use RSASSA-PSS keys, but even setting the flag in...

@maugustosilva Sorry for being late to check this, but I think all added configuration options should go into a new configuration version instead of being added into the `2.0`. I...