agent fails attestation after a restart #1136
Description
When a registered and activated agent is restarted, it fails attestation after the service restart.
The issue is visible in this test log
https://artifacts.dev.testing-farm.io/431d802b-f0a2-41a6-bfaa-64b0b83e044d/work-upstream-keylime-all-tests_uo7oesh/plans/upstream-keylime-all-tests/execute/data/guest/default-0/update/basic-attestation-on-localhost/all-46/output.txt
:: [ 12:34:21 ] :: [ PASS ] :: Command 'limeWaitForAgentRegistration d432fbb3-d2f1-4a97-9ef7-75bd81c00000' (Expected 0, got 0)
:: [ 12:34:26 ] :: [ BEGIN ] :: Running 'limeWaitForAgentStatus d432fbb3-d2f1-4a97-9ef7-75bd81c00000 'Get Quote''
INFO:keylime.config:Reading configuration from ['/etc/keylime/logging.conf']
2025-09-26 12:34:46.125 - keylime.tenant - WARNING - The configuration upgrade templates path /usr/share/keylime/templates does not exist
2025-09-26 12:34:46.126 - keylime.config - INFO - Reading configuration from ['/etc/keylime/tenant.conf']
2025-09-26 12:34:46.126 - keylime.tenant - INFO - Setting up client TLS...
2025-09-26 12:34:46.126 - keylime.tenant - INFO - Using default client_cert option for tenant
2025-09-26 12:34:46.126 - keylime.tenant - INFO - Using default client_key option for tenant
2025-09-26 12:34:46.126 - keylime.tenant - INFO - No value provided in client_key_password option for tenant, assuming the key is unencrypted
2025-09-26 12:34:46.133 - keylime.tenant - INFO - TLS is enabled.
2025-09-26 12:34:46.150 - keylime.tenant - INFO - Status from Registrar (127.0.0.1:8891): Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 exists on registrar 127.0.0.1 port 8891.
2025-09-26 12:34:46.150 - keylime.tenant - INFO - {"code": 200, "status": "Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 exists on registrar 127.0.0.1 port 8891.", "results": {"d432fbb3-d2f1-4a97-9ef7-75bd81c00000": {"aik_tpm": "ARgAAQALAAUAcgAAABAAFAALCAAAAAAAAQDb8RY2Nc66sQT8PUV+RpbvZ45ZYjLPnGiEzVzrurMMzLd4+BCv1K3+tH1eXbDDP+xDWLRt+0puYOyLaf/qAGPIcG6ZvLNO2qgpolUIVPfXqVNd0rx1BEM5ntcg6hE7pylfHbLiOm2q1gbeFLhCH4MD1s68sXDNDDKM6bjJHlglgAzT5C+O+jYt/jKTU+iVQJFgla8E0ZRatZRjLu0jsemrHCtBl9gckVce9spRq9F7pD8vgefI8JRxFGUXa7bPAV6pMyvGfZSaQWp2dj8StuFOwWprPuo+LGKP84SM78Rx687o1T8WvdZtP6md328ndQl3U3K5KnRh83485Zn5fymt", "regcount": 2, "ek_tpm": "AToAAQALAAMAsgAgg3GXZ0SEs/gakMyNRqXXJP1S124GUgtk8qHaGzMUaaoABgCAAEMAEAgAAAAAAAEApaJQlHsEUTHd10OH5x6mpjKTXrtR0sDFVy3DoRNM6p21CofHG3VTgh03l+9ETWvOrNcmrvKr5AuQVnPiXUe/peFnvh0NwSwV9WPTpcUTatNCdrvWqSJL7M9mhO2M1wTfHUoAzg7o9aydYUo5eE26MM+o6OYr/v1s3rMlSI0hgxSyWT3jFutE1TyAccMNDZGVzzznZdicvGKOOwK5QRqc6sJKOXN4+K5ayrpXh7kxxCLWTH+z7QUxdiu6T5pY+c9V6/IeEdaycY+lW6iZR//S4MaislTUZTQGhRZweUZuatJLY6ryv/z418ZYxkz8ZzeeoApMuobsSS/wLnDXC0Eaww==", "ip": "127.0.0.1", "port": 9002, "mtls_cert": "-----BEGIN CERTIFICATE-----\nMIIDGzCCAgOgAwIBAgIBADANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRkNDMy\nZmJiMy1kMmYxLTRhOTctOWVmNy03NWJkODFjMDAwMDAwHhcNMjUwOTI2MTE0OTE3\nWhcNMjYwOTI2MTE0OTE3WjAvMS0wKwYDVQQDDCRkNDMyZmJiMy1kMmYxLTRhOTct\nOWVmNy03NWJkODFjMDAwMDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQCNY5Ro4I5dp4UGZXjFN4NCcU178mwAYrhvwGw4RzTD+EkJ1vMfHCKDqNYP0eqJ\nVm0BRRWQHsmv0DiLWCtM5rTTve+5hXATH05nbBMFBigaUS7jjQ4fj/5xwGLYB8wG\nPN0JwUBnJh5XHKdDook1WHOLrAcVpcFEgkZXJmvMhv8gdBZR57nFVHYXXqOC03pP\naO2Brna7F42Zu5E1doxp5GWIKPvfwAWAcg7a/wFIDokabOSrCWIHpQVDh0z69/wf\ncR1rIIE388PmB+UCtxoKiTGKyhS6WzL2xP+VeQCv3dDXkgoGPs4UK6H9M4Y8Hc2l\nRyl2nO0RmYj0TOQlWmst+p1FAgMBAAGjQjBAMD4GA1UdEQQ3MDWCCWxvY2FsaG9z\ndIIQbG9jYWxob3N0LmRvbWFpbocEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkq\nhkiG9w0BAQsFAAOCAQEAX9Wniv1CQrEycYkpAHYo4WhgToVXwno9i5Po6mYy1yAW\nEQp+I4q5defbNCpjZm6FWRvOy30cR/m4S2WtnEHHhQxPT8hsqB3xkUNoJMkGQ1iv\nwYDNdjjAhcPI3YJ7fW26a8oaVyqw+seO0ZhvuAeRBnl8Lqjy+RjUmFJn18Qb4Djj\nypLO0IzdZtQngXdWb0PNMJHrY0D3rePVWGHfDnxOBUeBs59G5By8n+UDzyVa3jIV\nDCOEFajj3R1jnD3QrqssM/g7bXPBbfsqqEShZnbl/pM50u1BNQv7NStoFjMf9HjG\njNjSh5/uvfEwPdJIEOIspMfYOgO1jUraaofbBgK4fQ==\n-----END CERTIFICATE-----\n", "ekcert": "MIID/DCCAmSgAwIBAgIJA3+WNuQ4+ojfMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNVBAMTDXN3dHBtLWxvY2FsY2EwIBcNMjUwOTI2MTIzMzUwWhgPOTk5OTEyMzEyMzU5NTlaMBIxEDAOBgNVBAMTB3Vua25vd24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClolCUewRRMd3XQ4fnHqamMpNeu1HSwMVXLcOhE0zqnbUKh8cbdVOCHTeX70RNa86s1yau8qvkC5BWc+JdR7+l4We+HQ3BLBX1Y9OlxRNq00J2u9apIkvsz2aE7YzXBN8dSgDODuj1rJ1hSjl4Tbowz6jo5iv+/WzesyVIjSGDFLJZPeMW60TVPIBxww0NkZXPPOdl2Jy8Yo47ArlBGpzqwko5c3j4rlrKuleHuTHEItZMf7PtBTF2K7pPmlj5z1Xr8h4R1rJxj6VbqJlH/9LgxqKyVNRlNAaFFnB5Rm5q0ktjqvK//PjXxljGTPxnN56gCky6huxJL/AucNcLQRrDAgMBAAGjgcwwgckwEAYDVR0lBAkwBwYFZ4EFCAEwUgYDVR0RAQH/BEgwRqREMEIxFjAUBgVngQUCAQwLaWQ6MDAwMDEwMTQxEDAOBgVngQUCAgwFc3d0cG0xFjAUBgVngQUCAwwLaWQ6MjAyNDAxMjUwDAYDVR0TAQH/BAIwADAiBgNVHQkEGzAZMBcGBWeBBQIQMQ4wDAwDMi4wAgEAAgIAtzAfBgNVHSMEGDAWgBQuX7WpueeCwGNAhA9FWoALWzCiXjAOBgNVHQ8BAf8EBAMCBSAwDQYJKoZIhvcNAQELBQADggGBAI+HBkec+mtZO/OG49Gj/rwq+y3yfnhHVWvRzw4chimFyIbLuLCSe35SC16yHc+1w9BALedjnCtWJxFLFbt8HvvrdzTrqd1DuRi73jFO+lvMG7fB8yZF7HH299IW3vmpcOioiTglWyqoDOuWaMHYSFnK2slHxPy1b2OBgmraWXShZ/Tp88/IleOHEVaV2VthZ9XXq/sME1dRMKWVH+9kxLOOZ+mN9dZ+SQvfTrwJB+bocTXwk72ng2wZuzicL/IVDjs9tfukWx7fXLLwY0RP0/yDZn3BCqBmTKESJ+gtirKYYSQ3ezmWp8eoxnDaT7h0O92tH7cKSTfMy7YexPxJrXQHyDF19SyvqZQfIDb67Szn/kVJR2E9fpXPrL0XfIsKzokkGLBWMQa81t4KOuNunFDKEw35RzMcInWkukvZCd3u1PO0CriemtkLYhRikpgC0yEg3euvBTyZMtbuUiD04aZlMFYPi0XDp9iLMVmzoIuQvXE9c+AqEC9xdWYOUxrXqg==", "operational_state": "Registered"}}}
2025-09-26 12:34:46.151 - keylime.tenant - INFO - Agent Info from Registrar (127.0.0.1:8891):
{"d432fbb3-d2f1-4a97-9ef7-75bd81c00000": {"aik_tpm": "ARgAAQALAAUAcgAAABAAFAALCAAAAAAAAQDb8RY2Nc66sQT8PUV+RpbvZ45ZYjLPnGiEzVzrurMMzLd4+BCv1K3+tH1eXbDDP+xDWLRt+0puYOyLaf/qAGPIcG6ZvLNO2qgpolUIVPfXqVNd0rx1BEM5ntcg6hE7pylfHbLiOm2q1gbeFLhCH4MD1s68sXDNDDKM6bjJHlglgAzT5C+O+jYt/jKTU+iVQJFgla8E0ZRatZRjLu0jsemrHCtBl9gckVce9spRq9F7pD8vgefI8JRxFGUXa7bPAV6pMyvGfZSaQWp2dj8StuFOwWprPuo+LGKP84SM78Rx687o1T8WvdZtP6md328ndQl3U3K5KnRh83485Zn5fymt", "regcount": 2, "ek_tpm": "AToAAQALAAMAsgAgg3GXZ0SEs/gakMyNRqXXJP1S124GUgtk8qHaGzMUaaoABgCAAEMAEAgAAAAAAAEApaJQlHsEUTHd10OH5x6mpjKTXrtR0sDFVy3DoRNM6p21CofHG3VTgh03l+9ETWvOrNcmrvKr5AuQVnPiXUe/peFnvh0NwSwV9WPTpcUTatNCdrvWqSJL7M9mhO2M1wTfHUoAzg7o9aydYUo5eE26MM+o6OYr/v1s3rMlSI0hgxSyWT3jFutE1TyAccMNDZGVzzznZdicvGKOOwK5QRqc6sJKOXN4+K5ayrpXh7kxxCLWTH+z7QUxdiu6T5pY+c9V6/IeEdaycY+lW6iZR//S4MaislTUZTQGhRZweUZuatJLY6ryv/z418ZYxkz8ZzeeoApMuobsSS/wLnDXC0Eaww==", "ip": "127.0.0.1", "port": 9002, "mtls_cert": "-----BEGIN CERTIFICATE-----\nMIIDGzCCAgOgAwIBAgIBADANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDDCRkNDMy\nZmJiMy1kMmYxLTRhOTctOWVmNy03NWJkODFjMDAwMDAwHhcNMjUwOTI2MTE0OTE3\nWhcNMjYwOTI2MTE0OTE3WjAvMS0wKwYDVQQDDCRkNDMyZmJiMy1kMmYxLTRhOTct\nOWVmNy03NWJkODFjMDAwMDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQCNY5Ro4I5dp4UGZXjFN4NCcU178mwAYrhvwGw4RzTD+EkJ1vMfHCKDqNYP0eqJ\nVm0BRRWQHsmv0DiLWCtM5rTTve+5hXATH05nbBMFBigaUS7jjQ4fj/5xwGLYB8wG\nPN0JwUBnJh5XHKdDook1WHOLrAcVpcFEgkZXJmvMhv8gdBZR57nFVHYXXqOC03pP\naO2Brna7F42Zu5E1doxp5GWIKPvfwAWAcg7a/wFIDokabOSrCWIHpQVDh0z69/wf\ncR1rIIE388PmB+UCtxoKiTGKyhS6WzL2xP+VeQCv3dDXkgoGPs4UK6H9M4Y8Hc2l\nRyl2nO0RmYj0TOQlWmst+p1FAgMBAAGjQjBAMD4GA1UdEQQ3MDWCCWxvY2FsaG9z\ndIIQbG9jYWxob3N0LmRvbWFpbocEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkq\nhkiG9w0BAQsFAAOCAQEAX9Wniv1CQrEycYkpAHYo4WhgToVXwno9i5Po6mYy1yAW\nEQp+I4q5defbNCpjZm6FWRvOy30cR/m4S2WtnEHHhQxPT8hsqB3xkUNoJMkGQ1iv\nwYDNdjjAhcPI3YJ7fW26a8oaVyqw+seO0ZhvuAeRBnl8Lqjy+RjUmFJn18Qb4Djj\nypLO0IzdZtQngXdWb0PNMJHrY0D3rePVWGHfDnxOBUeBs59G5By8n+UDzyVa3jIV\nDCOEFajj3R1jnD3QrqssM/g7bXPBbfsqqEShZnbl/pM50u1BNQv7NStoFjMf9HjG\njNjSh5/uvfEwPdJIEOIspMfYOgO1jUraaofbBgK4fQ==\n-----END CERTIFICATE-----\n", "ekcert": "MIID/DCCAmSgAwIBAgIJA3+WNuQ4+ojfMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNVBAMTDXN3dHBtLWxvY2FsY2EwIBcNMjUwOTI2MTIzMzUwWhgPOTk5OTEyMzEyMzU5NTlaMBIxEDAOBgNVBAMTB3Vua25vd24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClolCUewRRMd3XQ4fnHqamMpNeu1HSwMVXLcOhE0zqnbUKh8cbdVOCHTeX70RNa86s1yau8qvkC5BWc+JdR7+l4We+HQ3BLBX1Y9OlxRNq00J2u9apIkvsz2aE7YzXBN8dSgDODuj1rJ1hSjl4Tbowz6jo5iv+/WzesyVIjSGDFLJZPeMW60TVPIBxww0NkZXPPOdl2Jy8Yo47ArlBGpzqwko5c3j4rlrKuleHuTHEItZMf7PtBTF2K7pPmlj5z1Xr8h4R1rJxj6VbqJlH/9LgxqKyVNRlNAaFFnB5Rm5q0ktjqvK//PjXxljGTPxnN56gCky6huxJL/AucNcLQRrDAgMBAAGjgcwwgckwEAYDVR0lBAkwBwYFZ4EFCAEwUgYDVR0RAQH/BEgwRqREMEIxFjAUBgVngQUCAQwLaWQ6MDAwMDEwMTQxEDAOBgVngQUCAgwFc3d0cG0xFjAUBgVngQUCAwwLaWQ6MjAyNDAxMjUwDAYDVR0TAQH/BAIwADAiBgNVHQkEGzAZMBcGBWeBBQIQMQ4wDAwDMi4wAgEAAgIAtzAfBgNVHSMEGDAWgBQuX7WpueeCwGNAhA9FWoALWzCiXjAOBgNVHQ8BAf8EBAMCBSAwDQYJKoZIhvcNAQELBQADggGBAI+HBkec+mtZO/OG49Gj/rwq+y3yfnhHVWvRzw4chimFyIbLuLCSe35SC16yHc+1w9BALedjnCtWJxFLFbt8HvvrdzTrqd1DuRi73jFO+lvMG7fB8yZF7HH299IW3vmpcOioiTglWyqoDOuWaMHYSFnK2slHxPy1b2OBgmraWXShZ/Tp88/IleOHEVaV2VthZ9XXq/sME1dRMKWVH+9kxLOOZ+mN9dZ+SQvfTrwJB+bocTXwk72ng2wZuzicL/IVDjs9tfukWx7fXLLwY0RP0/yDZn3BCqBmTKESJ+gtirKYYSQ3ezmWp8eoxnDaT7h0O92tH7cKSTfMy7YexPxJrXQHyDF19SyvqZQfIDb67Szn/kVJR2E9fpXPrL0XfIsKzokkGLBWMQa81t4KOuNunFDKEw35RzMcInWkukvZCd3u1PO0CriemtkLYhRikpgC0yEg3euvBTyZMtbuUiD04aZlMFYPi0XDp9iLMVmzoIuQvXE9c+AqEC9xdWYOUxrXqg==", "operational_state": "Registered"}}
2025-09-26 12:34:46.157 - keylime.tenant - INFO - Agent Info from Verifier (127.0.0.1:8881):
{"d432fbb3-d2f1-4a97-9ef7-75bd81c00000": {"operational_state": "Invalid Quote", "v": "ZI1nACYLmaqTfN8CFlewbZ016UbiZh5u2S/GGQat7KY=", "ip": "127.0.0.1", "port": 9002, "tpm_policy": "{\"mask\": \"0x400\"}", "meta_data": "{}", "has_mb_refstate": 0, "has_runtime_policy": 1, "accept_tpm_hash_algs": ["sha512", "sha384", "sha256"], "accept_tpm_encryption_algs": ["ecc", "rsa"], "accept_tpm_signing_algs": ["ecschnorr", "rsassa"], "hash_alg": "sha256", "enc_alg": "rsa", "sign_alg": "rsassa", "verifier_id": "default", "verifier_ip": "127.0.0.1", "verifier_port": 8881, "severity_level": 6, "last_event_id": "pcr_validation.invalid_pcr_16", "attestation_count": 5, "last_received_quote": 1758890061, "last_successful_attestation": 1758890059}}
and has been discusses also in
RedHat-SP-Security/keylime-tests#900 (comment)
agent version: current upstream (ef2ca1a)