ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2024-12-18 20:47:57 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

A note for Linux clients of tpm.EKs(). (#368)

Browse Source 
Fix the doc for attest.ActivateCredentialWithEK() as well.
This commit is contained in:
zhsh 2024-03-28 03:09:08 +11:00 committed by GitHub
parent 5b3763098f
commit a9866d34bb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
attest/attest.go
View File

@ -147,7 +147,7 @@ func (k *AK) ActivateCredential(tpm *TPM, in EncryptedCredential) (secret []byte
return k.ak.activateCredential(tpm.tpm, in, nil) return k.ak.activateCredential(tpm.tpm, in, nil)
} }
// ActivateCredential decrypts the secret using the key to prove that the AK // ActivateCredentialWithEK decrypts the secret using the key to prove that the AK
// was generated on the same TPM as the EK. This method can be used with TPMs // was generated on the same TPM as the EK. This method can be used with TPMs
// that have an ECC EK. The 'ek' argument must be one of EKs returned from // that have an ECC EK. The 'ek' argument must be one of EKs returned from
// TPM.EKs() or TPM.EKCertificates(). // TPM.EKs() or TPM.EKCertificates().

4
attest/tpm.go
View File

@ -365,6 +365,10 @@ func (t *TPM) Close() error {
} }
// EKs returns the endorsement keys burned-in to the platform. // EKs returns the endorsement keys burned-in to the platform.
// Note for Linux clients: for historical reasons, the method assumes that
// the TPM has a single EK, and the EK's type is RSA. If the EK's type is ECC
// and the TPM contains an ECC EK Certificate, the EKCertificates() method
// should be used to retrieve the EKs.
func (t *TPM) EKs() ([]EK, error) { func (t *TPM) EKs() ([]EK, error) {
return t.tpm.eks() return t.tpm.eks()
} }