Documentation
¶
Overview ¶
Package quote contains utilities for verifying TPM quotes.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var SignatureHashAlgs = []tpm2.Algorithm{tpm2.AlgSHA512, tpm2.AlgSHA384, tpm2.AlgSHA256}
SignatureHashAlgs are the hash algorithms we support for Quote signatures, in their preferred order of use.
Functions ¶
func Verify ¶
Verify performs the following checks to validate a Quote:
- the provided signature is generated by the trusted AK public key
- the signature signs the provided quote data
- the quote data starts with TPM_GENERATED_VALUE
- the quote data is a valid TPMS_QUOTE_INFO
- the quote data was taken over the provided PCRs
- the provided PCR values match the quote data internal digest
- the provided extraData matches that in the quote data
- the signature hash algorithm must be in HashAlgs
Note that the caller must have already established trust in the provided public key before validating the Quote.
Verify supports ECDSA and RSASSA signature verification.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.