tpm-tests: add refrence to key creation source of truth

We create the keys in test script based on the tpmmgr code. Add a comment
and reminder, in case something changed.

Signed-off-by: Shahriyar Jalayeri <[email protected]>

Author: shjala

pkg/pillar/cmd/tpmmgr/tpmmgr.go

@@ -714,6 +714,9 @@ func writeDeviceCertToFile(certBytes, keyBytes []byte) error {
 	return os.WriteFile(types.DeviceCertName, certBytes, 0644)
 }
 
+// These keys template and hierarchy are used in the tests/tpm/prep-and-test.sh
+// to create same keys and run tpm required unit-tests, in a unlikely event of
+// changing these values dont forget to update the test script.
 func createOtherKeys(override bool) error {
 	if err := etpm.CreateKey(log, etpm.TpmDevicePath, etpm.TpmEKHdl, tpm2.HandleEndorsement, etpm.DefaultEkTemplate, override); err != nil {
 		return fmt.Errorf("error in creating Endorsement key: %w ", err)

tests/tpm/prep-and-test.sh

@@ -69,6 +69,8 @@ export TPM2TOOLS_TCTI="swtpm:host=localhost,port=$TPM_SRV_PORT"
 # start fresh
 tpm2 clear
 
+# The ek, srk and aik are created here based on what we do in createOtherKeys
+# in pkg/pillar/cmd/tpmmgr/tpmmgr.go.
 # create Endorsement Key
 tpm2 createek -c ek.ctx