Commit Graph

19 Commits

Author SHA1 Message Date
Eric Chiang
e688ff6d7f attest: rename MintAIK and MintOptions to NewAIK and AIKConfig
This helps the godoc read better and is more inline with Go's naming
scheme. No functional changes made, just naming.
2019-08-28 09:25:14 -07:00
Eric Chiang
bfcbe8f1e2 attest: re-work EK API (#79)
This PR adds:
* Renames 'PlatformEK' to 'EK'
* More consistant support of EKs without certificates
* Removes HTTP GET to Intel EK certificate service
* Always populates EK.Public
2019-08-21 10:26:55 -07:00
Tom D'Netto
da446762c0 Implement fetch from ekcert server if no EKs are found, and the TPM is from intel. 2019-07-17 15:15:29 -07:00
Tom D
372fcf25d0
Try reading the EKCert from PCP_EKNVCERT (#46) 2019-06-25 15:19:12 -07:00
Tom D
7c3baced09
Fix typos. (#40) 2019-06-12 10:15:42 -07:00
Tom D
8ac2846c80
Attempt fix for EKCert parsing errors when falling back to NVRAM (#38)
* Fix parsing errors for EKCert when falling back to NVRAM
2019-06-11 10:52:49 -07:00
Tom D
7f17046a60
Fix broken build on windows. (#36)
* Attempt to read the EK from NVRAM if the system cert store cannot provide it.

* Fix broken build on windows.
2019-06-06 13:15:55 -07:00
Tom D
3dc8a7d841
Attempt to read the EK from NVRAM if the system cert store cannot provide it. (#35) 2019-06-06 13:11:40 -07:00
Tom D
70c839779d
Moar error codes (#32) 2019-05-15 12:57:08 -07:00
Tom D
dbbcfcc4b8
Fix conversion to more specific windows error messages. (#31) 2019-05-15 12:27:19 -07:00
Tom D
7b5f790215
Fix broken DLL MustFindProc. (#29) 2019-05-14 14:44:33 -07:00
Tom D
55ce06b8f2
Decode windows TPM/PCP errors to more specific descriptions. (#28) 2019-05-14 11:42:44 -07:00
Tom D
ac78180218
Implement key deletion on Windows (#27)
* Implement key deletion on Windows

* Dont forget 2nd parameter in call to NCryptDeleteKey
2019-05-13 14:41:55 -07:00
Tom D
2ff4e84fcb
Check the state of the TPM before opening it on windows (#26)
* Check the state of the TPM before opening it on windows
2019-05-13 14:13:16 -07:00
Tom D
2da0098d9d
Switch over to trying the PCP provider for TPM 1.2, to mitigate missing ownerauth. (#25)
* Implement decoding for TPM 1.2 PCP AIK properties

* Switch all TPM 1.2 methods that rely on ownerAuth to use the PCP API.
2019-05-03 13:27:48 -07:00
Tom D
8e4a5ce762
Ignore slightly malformed EKs so attestation can continue. (#24) 2019-05-02 13:43:50 -07:00
Tom
7e37dd3701 go fmt 2019-03-28 14:00:07 -07:00
Tom
ca33c04742 Validate secret in attest_tpm12_test, fix godoc 2019-03-28 13:29:24 -07:00
Tom
21c2bfd1dc Initial commit. 2019-03-28 13:21:16 -07:00