Make escrow of encrypted storage key more reliable

[eriknordmark]

Five related commits but the key fix is the 4th one:

1. Remove interlock with controlled for EdgeNodeCerts
   In
   f40d6d4
   and modified in
   9ef0f05
   EVE got an interlock to not fetch configuration from the controller
   until after it has sent the EdgeNodeCerts. This was done since some
   controller would send incomplete information when it could not do ECDH
   and hence not do object encryption. That controller has now been fixed
   (and is producing errors of the form "empty device certificate in create
   cipher block method" in this case). Thus we can remove the interlock.

However, we still keep the retry logic from the second commit.

2. vaultmgr: export IsTpmEnabled with EncryptedVaultKeyFromDevice

To avoid false logging of success in the next commit

3. zedagent: track publishedAttestEscrow for purposes of logging

4. Fix 'Skip triggering attest state machine before entering main loop'
   The refactoring in
   5832ab1
   accidentally activated the subscriptions to AttestQuote and
   EncryptedKeyFromDevice before the attest engine was started. As a result
   we get the above log message and the encrypted storage key is not
   reliably escrowed in the controller.

Here we start the attest engine before the subscriptions.

5. Add more clear log when EdgeNodeCerts not accepted by controller

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 19 lines in your changes are missing coverage. Please review.

Project coverage is 19.70%. Comparing base (ec0638e) to head (e13e830).

Files	Patch %	Lines
pkg/pillar/cmd/zedagent/zedagent.go	0.00%	12 Missing ⚠️
pkg/pillar/cmd/zedagent/attesttask.go	0.00%	4 Missing ⚠️
pkg/pillar/cmd/zedagent/handleconfig.go	0.00%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3770      +/-   ##
==========================================
+ Coverage   19.69%   19.70%   +0.01%     
==========================================
  Files         235      235              
  Lines       51710    51713       +3     
==========================================
+ Hits        10182    10189       +7     
+ Misses      40787    40784       -3     
+ Partials      741      740       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[rouming]

The fix is more or less clear to me, but I'm wondering why all these is called "escrow"? Is that a common terminology for key publishing and attestation?

[eriknordmark]

The fix is more or less clear to me, but I'm wondering why all these is called "escrow"? Is that a common terminology for key publishing and attestation?

The notion of key escrow is common; a way to keep a key safe even if e.g., an employee resigns or gets hit by a bus. You can then recover the key from the escrow data.

Our setup is different in that we escrow an encrypted key so that only the same instance (the same TPM chip) can recover the key. Hence names like EncryptedKeyFromDevice in the code and encrypted_key in the EVE API.

[shjala]

I personally prefer the name "Wrapped Key" but I guess we keep the term escrow for historical reasons... .
Except one question, LGTM.