Comments (3)
Does this require a change to the AK the way we generate the AK, or is this specifically only related to the challenge?
Would that look like adding a field to opt into attest certify rather than attest creation? E.g. if we had something like
type AttestationType int
const (
AttestCreation AttestationType = iota // Default value
AttestCertify
)
Then let you specify that field in ActivationParameters and CertificationParameters, would that work?
https://pkg.go.dev/github.com/google/go-attestation/attest#ActivationParameters
https://pkg.go.dev/github.com/google/go-attestation/attest#CertificationParameters
from go-attestation.
Does this require a change to the AK the way we generate the AK, or is this specifically only related to the challenge?
This is only specifically to the challenge.
Would that look like adding a field to opt into attest certify rather than attest creation? E.g. if we had something like
When we parse attestation data using tpm2.DecodeAttestationData, the bytes we initially receive for attestation data should already have a tag that matches one of the ones already present in the tpm2 library to determine whether we're dealing with AttestedCertify data or AttestedCreation data. So no further changes needed, especially given that the library already recognizes both tag-types we intend to handle here.
from go-attestation.
Cool. I will note that one of the explicit goals of this package is to avoid the need to use go-tpm2 directly. So if we add support for verifying a particular challenge type, we should also add support for generating it.
I don't think it makes sense for us to only support verification.
from go-attestation.
Related Issues (20)
- A question about EK,SRK HOT 5
- rhshim introduced a MokListTrusted event, leading to failed parsing of the SecureBootState
- error code 0x04: value is out of range or is not for the correct context when Activating credentials HOT 11
- OSS-Fuzz issue 52044 HOT 1
- Wrong decoding of ints in win_events.go HOT 1
- OSS-Fuzz issue 52520 HOT 1
- OSS-Fuzz issue 53008 HOT 1
- [Windows] Guidance around access management for key-attestation on TPMs via the Windows PCP library HOT 4
- OSS-Fuzz issue 54576
- EC Nist P521 key size too short? HOT 2
- suggest go.mod version bump HOT 1
- Proposal to add tpm_event package in an experimental directory HOT 2
- Make AttestationParameters.CreateData an optional field HOT 3
- Support using AK from NV
- Fails to parse malformed Nuvoton EK certs with leading 0s in serial number HOT 1
- MarshalSubjectAltName should support specificing if the extension is critical.
- ECDSA Support on Windows HOT 3
- Getting wrapped private key after certificate generation HOT 1
- "error code 0x1f : integrity check failed" while loading an AK created with the ECC `ParentKeyConfig`.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-attestation.