ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2025-04-15 06:56:40 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Attempt to read the EK from NVRAM if the system cert store cannot provide it. (#35)

Browse Source
This commit is contained in:
Tom D 2019-06-06 13:11:40 -07:00 committed by GitHub
parent a801f7333b
commit 3dc8a7d841
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
attest/pcp_windows.go
View File

@ -392,6 +392,16 @@ func (h *winPCP) EKCerts() ([]*x509.Certificate, error) {
c = append(c, eccCerts...)
}
// Reading the certificate from the system store has failed.
// Lets try reading the raw bytes directly from NVRAM intead.
if len(c) == 0 {
buf, err = getNCryptBufferProperty(h.hProv, "PCP_EKNVCERT")
if err != nil {
return nil, fmt.Errorf("Failed to read PCP_EKNVCERT: %v", err)
}
c = append(c, buf)
}
var out []*x509.Certificate
for _, der := range c {
cert, err := x509.ParseCertificate(der)