* AKPublic.Verify: Return an error if a provided PCR of the correct
digest was not included in the quote.
* AKPublic.VerifyAll: Implement VerifyAll method, which can cross-check
that provided PCRs were covered by quotes across PCR banks.
* PCR.QuoteVerified(): Introduce getter method to expose whether a
PCR value was covered during quote verification.
* tbs.dll to not initialize on start up
so that it's not initialized when tpm support is not required
Changed author to my google.com user
* initialize tbs.dll and proc Tbsi_GetDeviceInfo during probeSystemTPMs
initialization is done in probeSystemTPMs as it's called before openTPM which requires support of the dll
changed author to my google.com user
* tbs.dll to load once
Changed the author to my google.com email
* Tbsi_GetDeviceInfo check to happen once
changed the author of the commit
It's best practice to define as much code, especially exported API, in
files that can build on any platform. With as little code as possible in
OS specific files.
Ensure files with build tags don't contain any exported APIs. This helps
us not accidentally define API that only works on one platform, or have
incompatible method defintions between OSes.
TODO: follow up with an "unsupported" implementation so this builds on
Mac or without CGO (e.g. for servers)?
This PR adds:
* Renames 'PlatformEK' to 'EK'
* More consistant support of EKs without certificates
* Removes HTTP GET to Intel EK certificate service
* Always populates EK.Public
Event log parsing requires knowning both the public key and signing
parameters. Symmantically, this information should be from an attested
public key blob, not additional data passed by the client.
Introduce a new method for parsing an AIK's public key blob, returning
a new AIKPublic struct.
We plan to identify AIKs based on their public key. The raw blob should
be available via the AttestationParameters, but we hope that users will
only use that struct for generating challenges.
Because this parses the public key on AIK creation and loading, this PR
should have existing coverage.
* Refactor serialized keys into own structure, in preparation for making Key an interface.
* Refactor key logic into separate structures for each platform/TPMversion invariant.
* Implement review feedback
