Eric Chiang
e688ff6d7f
attest: rename MintAIK and MintOptions to NewAIK and AIKConfig
...
This helps the godoc read better and is more inline with Go's naming
scheme. No functional changes made, just naming.
2019-08-28 09:25:14 -07:00
Eric Chiang
bfcbe8f1e2
attest: re-work EK API ( #79 )
...
This PR adds:
* Renames 'PlatformEK' to 'EK'
* More consistant support of EKs without certificates
* Removes HTTP GET to Intel EK certificate service
* Always populates EK.Public
2019-08-21 10:26:55 -07:00
Tom D'Netto
da446762c0
Implement fetch from ekcert server if no EKs are found, and the TPM is from intel.
2019-07-17 15:15:29 -07:00
Tom D
372fcf25d0
Try reading the EKCert from PCP_EKNVCERT ( #46 )
2019-06-25 15:19:12 -07:00
Tom D
7c3baced09
Fix typos. ( #40 )
2019-06-12 10:15:42 -07:00
Tom D
8ac2846c80
Attempt fix for EKCert parsing errors when falling back to NVRAM ( #38 )
...
* Fix parsing errors for EKCert when falling back to NVRAM
2019-06-11 10:52:49 -07:00
Tom D
7f17046a60
Fix broken build on windows. ( #36 )
...
* Attempt to read the EK from NVRAM if the system cert store cannot provide it.
* Fix broken build on windows.
2019-06-06 13:15:55 -07:00
Tom D
3dc8a7d841
Attempt to read the EK from NVRAM if the system cert store cannot provide it. ( #35 )
2019-06-06 13:11:40 -07:00
Tom D
70c839779d
Moar error codes ( #32 )
2019-05-15 12:57:08 -07:00
Tom D
dbbcfcc4b8
Fix conversion to more specific windows error messages. ( #31 )
2019-05-15 12:27:19 -07:00
Tom D
7b5f790215
Fix broken DLL MustFindProc. ( #29 )
2019-05-14 14:44:33 -07:00
Tom D
55ce06b8f2
Decode windows TPM/PCP errors to more specific descriptions. ( #28 )
2019-05-14 11:42:44 -07:00
Tom D
ac78180218
Implement key deletion on Windows ( #27 )
...
* Implement key deletion on Windows
* Dont forget 2nd parameter in call to NCryptDeleteKey
2019-05-13 14:41:55 -07:00
Tom D
2ff4e84fcb
Check the state of the TPM before opening it on windows ( #26 )
...
* Check the state of the TPM before opening it on windows
2019-05-13 14:13:16 -07:00
Tom D
2da0098d9d
Switch over to trying the PCP provider for TPM 1.2, to mitigate missing ownerauth. ( #25 )
...
* Implement decoding for TPM 1.2 PCP AIK properties
* Switch all TPM 1.2 methods that rely on ownerAuth to use the PCP API.
2019-05-03 13:27:48 -07:00
Tom D
8e4a5ce762
Ignore slightly malformed EKs so attestation can continue. ( #24 )
2019-05-02 13:43:50 -07:00
Tom
7e37dd3701
go fmt
2019-03-28 14:00:07 -07:00
Tom
ca33c04742
Validate secret in attest_tpm12_test, fix godoc
2019-03-28 13:29:24 -07:00
Tom
21c2bfd1dc
Initial commit.
2019-03-28 13:21:16 -07:00