Allow blank ekcert and add undocumented endpoint to fix reg error

Signed-off-by: Jean Snyman <git@jsnyman.com>

keylime/models/registrar/registrar_agent.py

@@ -18,7 +18,7 @@ def _schema(cls):
         # The endorsement key (EK) of the TPM
         cls._field("ek_tpm", String(500))
         # The endorsement key (EK) certificate used to verify the TPM as genuine
-        cls._field("ekcert", String(2048))
+        cls._field("ekcert", String(2048), nullable=True)
         # The attestation key (AK) used by Keylime to prepare TPM quotes
         cls._field("aik_tpm", String(500))
         # The initial attestation key (IAK) used when registering with a DevID

keylime/web/registrar_server.py

@@ -22,4 +22,6 @@ def _v2_routes(self):
 
         # Routes which are kept for backwards compatibility but do not adhere to RFC 9110 semantics
         self._post("/agents/:agent_id", AgentsController, "create", allow_insecure=True)
-        self._put("/agents/:agent_id/activate", AgentsController, "activate", allow_insecure=True)
+        self._put("/agents/:agent_id/activate", AgentsController, "activate", allow_insecure=True)
+        # Instead of the above documented activation endpoint, the agent currently uses the one below to activate itself
+        self._put("/agents/:agent_id", AgentsController, "activate", allow_insecure=True)