mirror of
https://github.com/google/go-attestation.git
synced 2025-01-27 14:19:20 +00:00
68deb4ce55
This is the same approach tpm2_getekcertificate uses, with its `TPM2_HANDLE_FLAGS_NV` flag. The main impetus here is is ChromeOS's vtpm implementation[1], which doesn't have a concept of an "owner" or "platform" password and expects the NV index itself as the auth hierarchy. In either case, as this is the same approach tpm2_getekcertificate uses this should provide a more standard/common approach as opposed to relying on the owner password to be empty. Tested with both CrOS's vTPM and a real TPM on Debian. b/258300352 [1]: https://source.chromium.org/chromiumos/chromiumos/codesearch/+/main:src/platform2/vtpm/commands/nv_read_command.cc;l=64-68;drc=1efd0c8f36050d56b8550354a4c7af925e44118a