This change is similar to the verify_measurement_digest split, but the
retrieval of reference values is a bit different, since they come from
the endorsement subject as serialized KernelAttachment data, and the
endorsement subject itself must be verified.
Subsequent verifications can use the cached image and setup_data value,
so the subject endorsement remains totally encapsulated in the
get_verified_kernel_attachment helper function; the expected values from
the endorsement itself does not need to be returned to the client.
This change is similar to the verify_measurement_digest split, but the retrieval of reference values is a bit different, since they come from the endorsement subject as serialized KernelAttachment data, and the endorsement subject itself must be verified.
Subsequent verifications can use the cached image and setup_data value, so the subject endorsement remains totally encapsulated in the get_verified_kernel_attachment helper function; the expected values from the endorsement itself does not need to be returned to the client.
Another step for b/324837692