tpm2

func (PlatformPassword) Bytes ¶

func (p PlatformPassword) Bytes() ([]byte, error)

Returns the secret as bytes

func (PlatformPassword) Create ¶

func (p PlatformPassword) Create() error

Seals a password to the TPM as a keyed hash object. If the key attributes have the platform policy defined, a PlatformSecret is returned, otherwise, RequiredPassword which returns ErrPasswordRequired when it's member methods are invoked. If the provided password is the default platform password, a random 32 byte (AES-256) key is generated.

func (PlatformPassword) String ¶

func (p PlatformPassword) String() (string, error)

Returns the secret as a string

func (TCGVendorID) String ¶

func (id TCGVendorID) String() string

func (*TPM2) AKProfile ¶

func (tpm *TPM2) AKProfile() (AKProfile, error)

Returns an Attestation Key Profile (EK, AK, AK Name, TCG_CSR_IDEVID)

func (*TPM2) ActivateCredential ¶

func (tpm *TPM2) ActivateCredential(
	credentialBlob, encryptedSecret []byte) ([]byte, error)

Activates a credential challenge previously initiated by MakeCredential

func (*TPM2) Clear ¶

func (tpm *TPM2) Clear(hierarchyAuth []byte, hierarchy tpm2.TPMHandle) error

Clears the TPM as described in TCG Part 3: Commands - Section 24.6 - TPM2_Clear https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-3-Commands-01.38.pdf

func (*TPM2) Close ¶

func (tpm *TPM2) Close() error

Closes the connection to the TPM

func (*TPM2) Config ¶

func (tpm *TPM2) Config() *Config

Returns the TPM configuration per the platform configuration file

func (*TPM2) CreateECDSA ¶

func (tpm *TPM2) CreateECDSA(
	keyAttrs *keystore.KeyAttributes,
	backend keystore.KeyBackend,
	overwrite bool) (*ecdsa.PublicKey, error)

Creates a new ECDSA child key using the provided key attributes

func (*TPM2) CreateEK ¶

func (tpm *TPM2) CreateEK(
	ekAttrs *keystore.KeyAttributes) error

Creates a TCG compliant persistent Endorsement Key under the Endorsement Hierarchy. Optionally encrypts bus communication between the CPU <-> TPM if enabled in the platform configuration file.

func (*TPM2) CreateIAK ¶

func (tpm *TPM2) CreateIAK(
	ekAttrs *keystore.KeyAttributes,
	qualifyingData []byte) (*keystore.KeyAttributes, error)

Create an Initial Attestation Key

func (*TPM2) CreateIDevID ¶

func (tpm *TPM2) CreateIDevID(
	akAttrs *keystore.KeyAttributes,
	ekCert *x509.Certificate,
	qualifyingData []byte) (*keystore.KeyAttributes, *TCG_CSR_IDEVID, error)

Creates an Initial Device IDentifier (IDevID) under the Endorsement Hierarchy per TCG - TPM 2.0 Keys for Device Identity and Attestation. The Endorsement Key (EK) attributes must contain the HierarchyAuth to authorize the creation of the IDevID key under the Endorsement hierarchy. The EK is also used to salt an HMAC session, and optionally encrypt the bus communication between the CPU <-> TPM if enabled in the platform configuration file. https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_DevID_v1r2_02dec2020.pdf

func (*TPM2) CreateKeySession ¶

func (tpm *TPM2) CreateKeySession(
	keyAttrs *keystore.KeyAttributes) (tpm2.Session, func() error, error)

Returns an authorization session for a child key based on the provided key attributes. If the child PlatformPolicy is true, a PCR policy session is returned with a closer function that needs to be called to close the session when complete. If PlatformPolicy is false, a password authorization session is returned instead. If a password has not been defined, an empty password authorization session is returned. This function returns a session closer function that needs to be called to close the session when complete.

func (*TPM2) CreatePlatformPolicy ¶

func (tpm *TPM2) CreatePlatformPolicy() error

Returns the Golden Integrity Measurement and Policy Digest ready to be attached to a key.

func (*TPM2) CreateRSA ¶

func (tpm *TPM2) CreateRSA(
	keyAttrs *keystore.KeyAttributes,
	backend keystore.KeyBackend,
	overwrite bool) (*rsa.PublicKey, error)

Creates a new RSA child key using the provided key attributes

func (*TPM2) CreateSRK ¶

func (tpm *TPM2) CreateSRK(
	srkAttrs *keystore.KeyAttributes) error

Creates a persistent Storage Root Key (SRK) under the specified hierarchy using the Endorsement Key (EK) to salt an HMAC session. Optionally encrypts bus communication between the CPU <-> TPM if enabled in the platform configuration file. If the HandleType is set to TPMHTTransient, the created objects handles are left unflushed and the caller is responsible for flushing it when done.

func (*TPM2) CreateSecretKey ¶

func (tpm *TPM2) CreateSecretKey(
	keyAttrs *keystore.KeyAttributes,
	backend keystore.KeyBackend) error

Creates a new RSA child key using the provided key attributes

func (*TPM2) CreateSession ¶

func (tpm *TPM2) CreateSession(
	keyAttrs *keystore.KeyAttributes) (tpm2.Session, func() error, error)

Returns an authorization session for a key based on the provided parent key attributes and platform configuration file. If the parent PlatformPolicy is true, a PCR policy session is returned. If PlatformPolicy is false, a password authorization session is returned. If a password has not been defined, an empty password authorization session is returned. If PlatformPolicy is false and encryption is enabled in the platform configuration file, a salted, encrypted session is created using the EK. This function returns a session closer function that needs to be called to close the session when complete.

func (*TPM2) CreateTCG_CSR_IDEVID ¶

func (tpm *TPM2) CreateTCG_CSR_IDEVID(
	ekCert *x509.Certificate,
	akAttrs *keystore.KeyAttributes,
	idevidAttrs *keystore.KeyAttributes) (TCG_CSR_IDEVID, error)

Creates a TCG_CSR_IDEVID structure in alignment with the TCG TPM 2.0 Keys for Device Identity and Attestation - Section 13.1 - TCG-CSR-IDEVID.

func (*TPM2) DeleteKey ¶

func (tpm *TPM2) DeleteKey(
	keyAttrs *keystore.KeyAttributes,
	backend keystore.KeyBackend) error

func (*TPM2) DeleteKeyPair ¶

func (tpm *TPM2) DeleteKeyPair(
	keyAttrs *keystore.KeyAttributes,
	backend keystore.KeyBackend) error

Deletes the requested encrypted public and private blobs from the blob store.

func (*TPM2) Device ¶

func (tpm *TPM2) Device() string

Returns the TPM device path

func (*TPM2) EK ¶

func (tpm *TPM2) EK() crypto.PublicKey

Returns the Endorsement Public Key

func (*TPM2) EKAttributes ¶

func (tpm *TPM2) EKAttributes() (*keystore.KeyAttributes, error)

Returns the Endorsement Key atrributes using the handle defined in the platform configuration file.

func (*TPM2) EKCertificate ¶

func (tpm *TPM2) EKCertificate() (*x509.Certificate, error)

Retrieve the Endorsement Key Certificate. If the EK cert-handle is 0, the EK certificate is managed using an internal certificate store. If an EK cert-handle is defined, the certificate is retrieved from TPM NVRAM. If the certificate is not found in NVRAM, an attempt is made to download the certificate from the Manufacturer's EK cert service.

func (*TPM2) EKECC ¶

func (tpm *TPM2) EKECC() *ecdsa.PublicKey

Returns the Endorsement Public ECC Key. Errors are fatal.

func (*TPM2) EKPublic ¶

func (tpm *TPM2) EKPublic() (tpm2.TPM2BName, tpm2.TPMTPublic)

Returns the Endorsement Key name and public area. Errors are fatal.

func (*TPM2) EKRSA ¶

func (tpm *TPM2) EKRSA() *rsa.PublicKey

Returns the Endorsement Public RSA Key. Errors are fatal.

func (*TPM2) EventLog ¶

func (tpm *TPM2) EventLog() ([]byte, error)

Retrieves the raw event log from /sys/kernel/security/tpm*/binary_bios_measurements

func (*TPM2) FixedProperties ¶

func (tpm *TPM2) FixedProperties() (*PropertiesFixed, error)

func (*TPM2) Flush ¶

func (tpm *TPM2) Flush(handle tpm2.TPMHandle)

Flushes a handle from TPM memory

func (*TPM2) GoldenMeasurements ¶

func (tpm *TPM2) GoldenMeasurements() []byte

Captures platform Golden Integrity Measurements as described in TCG TPM 2.0 Provisioning Guidance - Section 7.6 - Golden Measurements.

Performs a sum across all PCR banks and their associated values using the hash function defined in the TPM section of the platform configuration file. Any errors encountered are treated as FatalError.

TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf

func (*TPM2) HMAC ¶

func (tpm *TPM2) HMAC(auth []byte) tpm2.Session

Creates an unsalted, unauthenticated HMAC session with the TPM. If session encryption is enabled in the platform configuration file, the TPM <-> CPU bus is encrypted using AES-128 CFB.

func (*TPM2) HMACSaltedSession ¶

func (tpm *TPM2) HMACSaltedSession(
	handle tpm2.TPMHandle,
	pub tpm2.TPMTPublic,
	auth []byte) (s tpm2.Session, close func() error, err error)

Creates an authenticated, salted HMAC session with the TPM. If session encryption is enabled in the platform configuration file, the TPM <-> CPU bus is encrypted using AES-128 CFB.

func (*TPM2) HMACSession ¶

func (tpm *TPM2) HMACSession(auth []byte) (s tpm2.Session, close func() error, err error)

Creates an authenticated, unsalted HMAC session with the TPM. If session encryption is enabled in the platform configuration file, the TPM <-> CPU bus is encrypted using AES-128 CFB.

func (*TPM2) Hash ¶

func (tpm *TPM2) Hash(
	keyAttrs *keystore.KeyAttributes,
	data []byte) ([]byte, []byte, error)

Performs a TPM2_Hash on the requested data. If the length is greater than 1024 bytes, the data is hashed using HashSequence commands.

func (*TPM2) HashSequence ¶

func (tpm *TPM2) HashSequence(
	keyAttrs *keystore.KeyAttributes,
	data []byte) ([]byte, []byte, error)

Performs a hash sequence using TPM2_HashSequenceStart, TPM2_SequenceUpdate, TPM2_SequenceComplete under the Endorsement Hierarchy, using the Hierarchy Authorization provided in the key attributes Parent field.

func (*TPM2) IAK ¶

func (tpm *TPM2) IAK() crypto.PublicKey

Returns the Initial Attestation Key Attributes

func (*TPM2) IAKAttributes ¶

func (tpm *TPM2) IAKAttributes() (*keystore.KeyAttributes, error)

Returns the Initial Attestation Key Attributes

func (*TPM2) IDevID ¶

func (tpm *TPM2) IDevID() crypto.PublicKey

Returns the Initial Attestation Key Attributes

func (*TPM2) IDevIDAttributes ¶

func (tpm *TPM2) IDevIDAttributes() (*keystore.KeyAttributes, error)

Returns the Initial Device IDentifier Key Attributes

func (*TPM2) Info ¶

func (tpm *TPM2) Info() (string, error)

func (*TPM2) Install ¶

func (tpm *TPM2) Install(soPIN keystore.Password) error

Install performs a safe, modified version of the TCG recommended provisioning guidance intended for platforms that have already been minimally provisioned by the TPM Manufacturer or Owner. Instead of clearing the hierarchies, setting hierarchy authorizations and provisioning new keys and certificates from scratch, this method will use pre-existing EK and SRK keys and certificates if they already exist. The provided soPIN parameter is used as the new Endorsement and Storage hierarchy authorizations during installation. The current hierarchy authorization is expected to be set to an empty password. You can use the included CLI or TPM2 tools to execute the TPM2_HierarchyChangeAuth command to set the password to an empty password.

func (*TPM2) IsFIPS140_2 ¶

func (tpm *TPM2) IsFIPS140_2() (bool, error)

func (*TPM2) KeyAttributes ¶

func (tpm *TPM2) KeyAttributes(
	handle tpm2.TPMHandle) (*keystore.KeyAttributes, error)

Reads the public area of the provided persistent TPM handle and returns a default set of KeyAttributes with the name, public area and algorithm set.

func (*TPM2) LoadKeyPair ¶

func (tpm *TPM2) LoadKeyPair(
	keyAttrs *keystore.KeyAttributes,
	session *tpm2.Session,
	backend keystore.KeyBackend) (*tpm2.LoadResponse, error)

Loads the requested TPMAlgKeyedHash encrypted public and private blobs from blob storage. The returned handle must be closed when finished to prevent memory leaks / exhaustion.

func (*TPM2) MakeCredential ¶

func (tpm *TPM2) MakeCredential(
	akName tpm2.TPM2BName,
	secret []byte) ([]byte, []byte, []byte, error)

Performs TPM2_MakeCredential, returning the new credential challenge for an Attestor. If the secret parameter is not provided, a random AES-256 secret will be generated.

func (*TPM2) NVRead ¶

func (tpm *TPM2) NVRead(
	keyAttrs *keystore.KeyAttributes,
	dataSize uint16) ([]byte, error)

Unseals data from NV RAM index protected by the Platform PCR policy

func (*TPM2) NVWrite ¶

func (tpm *TPM2) NVWrite(
	keyAttrs *keystore.KeyAttributes) error

Seals a secret to an NV RAM index against the Platform Policy

func (*TPM2) NonceSession ¶

func (tpm *TPM2) NonceSession(hierarchyAuth keystore.Password) (tpm2.Session, func() error, error)

Creates a one-time use TPM nonce session

func (*TPM2) Open ¶

func (tpm *TPM2) Open() error

Opens a new logical connection with the underlying TPM using an instance of this TPM2 object that's already been instantiated.

func (*TPM2) ParsePublicKey ¶

func (tpm *TPM2) ParsePublicKey(tpm2BPublic []byte) (crypto.PublicKey, error)

Parses a tpm2.TPM2BPublic byte array and returns the crypto.PublicKey

func (*TPM2) ParsedEventLog ¶

func (tpm *TPM2) ParsedEventLog() ([]Event, error)

Returns a parsed event log from /sys/kernel/security/tpm*/binary_bios_measurements

func (*TPM2) PlatformPolicyDigest ¶

func (tpm *TPM2) PlatformPolicyDigest() tpm2.TPM2BDigest

Returns the platform policy digest used to satisfy platform PCR authorization values

func (*TPM2) PlatformPolicyDigestHash ¶

func (tpm *TPM2) PlatformPolicyDigestHash() ([]byte, error)

Reads the current PCR value and returns it's digest buffer

func (*TPM2) PlatformPolicySession ¶

func (tpm *TPM2) PlatformPolicySession() (tpm2.Session, func() error, error)

Creates a new platform policy session with the platform PCR selected using the Owner child key created during platform provisioning under the SRK. Returns the policy session along with a session closer that needs to be called when finished with the session.

func (*TPM2) PlatformQuote ¶

func (tpm *TPM2) PlatformQuote(
	keyAttrs *keystore.KeyAttributes) (Quote, []byte, error)

Create a random nonce and issue a quote command to the TPM for the PCR specified in the platform configuration file.

func (*TPM2) Provision ¶

func (tpm *TPM2) Provision(soPIN keystore.Password) error

Provision the TPM as outlined in the TCG Provisioning Guidance - Section 11.1 - Provisioning the TPM. - Clear the TPM - Set Endorsement, Owner and Lockout authorizations - Create, verify & persist EK - Create, verify & persist IDevID - Create Initial Device Identity for touch-free provisioning - Create, & persist Shared SRK - Establish baseline PCRs - Capture Golden Integrity Measurements https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf

This operation requires hierarchy authorization to perform the TPM2_Clear command as the first step outlined in the TCG Provisioning Guidance, and assumes the auth parameter for these hierarchies to be set to an empty password. The TPM2_ChangeAuth command may be used prior to invoking this operation to set the hierarchy passwords to an empty value so this operation may complete. After this operation clears the TPM, the provided Security Officer PIN is used to set new Lockout, Endorsement and Owner authorization values. When this operation completes, the Lockout, Endorsement and Owner hierarchies are all owned by the Security Officer, the TPM is fully provisioned and ready for use. The hierarchy authorization values assigned during this operation may be safely modified to use authorization passwords and/or policies to align the platform with Enterprise or Platform Administrator requirements following this provisioning process.

func (*TPM2) ProvisionEKCert ¶

func (tpm *TPM2) ProvisionEKCert(hierarchyAuth, ekCertDER []byte) error

Writes an Endorsement Certificate to TPM NVRAM.

WARNING: This is a potentially destructive operation that will overwrite a TPM manufacturer or OEM certificate if it exists!

If an EK cert-handle is not configured, the certificate is saved to the x509 certificate store instead of writing to NV RAM. This provides a workaround for the 1024 byte limitation in the simulator and/or allows a user to conserve NV RAM in a real TPM.

func (*TPM2) ProvisionOwner ¶

func (tpm *TPM2) ProvisionOwner(
	soPIN keystore.Password) (*keystore.KeyAttributes, error)

Provisions a new Endorsement and Storage Root Key according to TCG Provisioning Guidance. The Endorsement Key (EK) is created and evicted to it's recommended persistent handle and a new Shared Storage Root Key (SRK) is created and evicted to it's recommended persistent handle.

func (*TPM2) Quote ¶

func (tpm *TPM2) Quote(pcrs []uint, nonce []byte) (Quote, error)

Performs a TPM 2.0 quote over the PCRs defined in the TPM section of the platform configuration file, used for local attestation. The quote, event log, and PCR state is optionally signed and saved to the CA blob store.

func (*TPM2) RSADecrypt ¶

func (tpm *TPM2) RSADecrypt(handle tpm2.TPMHandle, blob []byte) ([]byte, error)

Performs RSA decryption

func (*TPM2) RSAEncrypt ¶

func (tpm *TPM2) RSAEncrypt(handle tpm2.TPMHandle, message []byte) ([]byte, error)

Performs RSA encryption

func (*TPM2) Random ¶

func (tpm *TPM2) Random() ([]byte, error)

Reads a random 32 byte fixed length slice from RNG

func (*TPM2) RandomBytes ¶

func (tpm *TPM2) RandomBytes(fixedLength int) ([]byte, error)

Reads a random fixed length byte slice from RNG

func (*TPM2) RandomHex ¶

func (tpm *TPM2) RandomHex(fixedLength int) ([]byte, error)

Reads a random fixed length byte slice from RNG and returns the resulting bytes encoded in hexidecimal format.

func (*TPM2) RandomSource ¶

func (tpm *TPM2) RandomSource() io.Reader

Returns the TPM Random Number Generator source. If "entropy" is enabled in the platform configuration file, the TPM will be used as the source of entropy. If "entropy" is disabled, the system random number generator will be used as the source of entropy.

func (*TPM2) Read ¶

func (tpm *TPM2) Read(data []byte) (n int, err error)

Reads random bytes from the TPM into the data buffer. Optionally uses the EK to encrypt the session between the CPU <-> TPM if session encryption is enabled in the platform configuration file. If the TPM Endorsement Hierarchy authorization has an authorization password set, and the EK has not been made persistent, the tpm.hierarchyAuth property must be set before reading so a transient EK can be created (under the Endorsement Hierarchy) to encrypt the session. The hierarchy auth is automatically set during provisioning - ie, when Provision() is called. After provisioning is complete, subsequent platform startups will have to explicitly provide the hierarchy password, since it's never saved, loaded, or cached during normal operation. The hierarchy password is only cached in memory during provisioning and wiped from memory when the program exits.

func (*TPM2) ReadHandle ¶

func (tpm *TPM2) ReadHandle(handle tpm2.TPMHandle) (tpm2.TPM2BName, tpm2.TPMTPublic, error)

Returns the name and public area for the provided handle

func (*TPM2) ReadPCRs ¶

func (tpm *TPM2) ReadPCRs(pcrList []uint) ([]PCRBank, error)

Reads Platform Configuration Register (PCR) values across all supported banks with the corresponding PCR ID. This method supports SHA1, SHA256, SHA386, and SHA512. If one of the banks are not supported, the function stops processing and returns the banks that were successfully parsed without an error.

func (*TPM2) SSRKAttributes ¶

func (tpm *TPM2) SSRKAttributes() (*keystore.KeyAttributes, error)

Returns the Shared Storage Root Key under the Owner hierarchy using it's persistent handle.

func (*TPM2) SSRKPublic ¶

func (tpm *TPM2) SSRKPublic() (tpm2.TPM2BName, tpm2.TPMTPublic)

Returns the Shared Storage Root Key name and public area. Errors are fatal.

func (*TPM2) SaveKeyPair ¶

func (tpm *TPM2) SaveKeyPair(
	keyAttrs *keystore.KeyAttributes,
	outPrivate tpm2.TPM2BPrivate,
	outPublic tpm2.TPM2B[tpm2.TPMTPublic, *tpm2.TPMTPublic],
	backend keystore.KeyBackend,
	overwrite bool) error

Saves the requested TPMAlgKeyedHash encrypted public and private blobs to the blob store.

func (*TPM2) Seal ¶

func (tpm *TPM2) Seal(
	keyAttrs *keystore.KeyAttributes,
	backend keystore.KeyBackend,
	overwrite bool) (*tpm2.CreateResponse, error)

Creates a new key under the provided Storage Root Key (SRK), optionally sealing a provided secret to the current Platform Golden Integrity Measurements. If a secret is not provided, a random AES-256 key will be generated. If the HandleType is marked as TPMHTTransient, the created objects handles are left unflushed and the caller is responsible for flushing it when done.

func (*TPM2) SetHierarchyAuth ¶

func (tpm *TPM2) SetHierarchyAuth(oldPasswd, newPasswd keystore.Password, hierarchy *tpm2.TPMHandle) error

Takes ownership of the TPM by setting the Owner, Endorsement and Lockout hierarchy authorization passwords, as described in TCG TPM 2.0 Part 1 - Architecture - Section 13.8.1 - Taking Ownership https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf

If the optional hierarchy is provided, only the authorization password for the specified hierarchy will be set. If not provided, all hierarchies will be set to the same authorization password.

func (*TPM2) Sign ¶

func (tpm *TPM2) Sign(
	rand io.Reader,
	digest []byte,
	opts crypto.SignerOpts) (signature []byte, err error)

Signs the requested data using the key attributes provided by SignerOpts. Supports RSA and ECDSA.

func (*TPM2) SignValidate ¶

func (tpm *TPM2) SignValidate(
	keyAttrs *keystore.KeyAttributes,
	digest, validationDigest []byte) ([]byte, error)

Performs a sequential hash on the provided data using the hash algorithm and authorization defined by akAttrs. This operation uses the Handle, HashAlg, Name, SignatureAlgorithm and Password provided by akAttrs.

func (*TPM2) Transport ¶

func (tpm *TPM2) Transport() transport.TPM

Returns the underlying transport.TPM used to facilitate the logical connection to the TPM.

func (*TPM2) Unseal ¶

func (tpm *TPM2) Unseal(
	keyAttrs *keystore.KeyAttributes,
	backend keystore.KeyBackend) ([]byte, error)

Returns sealed data for a keyed hash using the platform PCR Policy Session to satisfy the TPM to release the secret.

func (*TPM2) VerifyTCGCSR ¶

func (tpm *TPM2) VerifyTCGCSR(
	csr *TCG_CSR_IDEVID,
	signatureAlgorithm x509.SignatureAlgorithm) (*keystore.KeyAttributes, *UNPACKED_TCG_CSR_IDEVID, error)

Verifies the TCG-CSR-IDEVID using the Identity Provisioning strategy defined in the platform configuration file. If a strategy is not defined, the method defined in Section 6.2 - OEM Installation of IAK and IDevID in a Single Pass of the TCG TPM 2.0 Keys for Device Identity and Attestation specification is used as the default strategy.

func (*TPM2) VerifyTCG_CSR_IAK ¶

func (tpm *TPM2) VerifyTCG_CSR_IAK(
	csr *TCG_CSR_IDEVID,
	signatureAlgorithm x509.SignatureAlgorithm) (*keystore.KeyAttributes, *UNPACKED_TCG_CSR_IDEVID, error)

Extracts the Attestation Public Key from TCG_CSR_IDEVID and performs verification per TCG TPM 2.0 Keys for Device Identity and Attestation per Section 6.1.2 - Procedure for OEM Creation of an IAK Certificate. 5. The CA verifies the received data: a. Verify the signature on the TCG-CSR-IDEVID: i. Extract the IAK Public Key from the IAK Public Area in the TCG-CSR-IDEVID. ii. Use the IAK public key to verify the signature on the TCG-CSR-IDEVID. b. Extract the EK certificate from the TCG-CSR-IDEVID and verify the EK Certificate using the indicated TPM manufacturer’s public key. c. Verify the attributes (TPMA_OBJECT bits) of the IAK Public Area to ensure that the key is a Restricted, fixedTPM, fixedParent signing key. Ensure all other attributes meet CA policy. NOTE: Step b is not implemented here. The EK certificate should be verified by the CA package using the Verify(certificate *x509.Certificate) method.

func (*TPM2) VerifyTCG_CSR_IDevID ¶

func (tpm *TPM2) VerifyTCG_CSR_IDevID(
	csr *TCG_CSR_IDEVID,
	signatureAlgorithm x509.SignatureAlgorithm) (*keystore.KeyAttributes, *UNPACKED_TCG_CSR_IDEVID, error)

Extracts the Attestation Public Key from TCG_CSR_IDEVID and performs verification per TCG TPM 2.0 Keys for Device Identity and Attestation per Section 6.2.2 - Procedure for OEM Installation of IAK and IDevID in a Single Pass. 7. The CA verifies the received data: a. Extract IDevID public key and verify the signature on TCG-CSR-IDEVID b. Verify the EK Certificate using the indicated TPM manufacturer’s public key c. Verify TPM residency of IDevID key using the IAK public key to validate the signature of the TPMB_Attest structure. d. Verify the attributes of the IDevID key public area. e. Verify the attributes of the IAK public area. f. Calculate the Name of the IAK, by hashing its public area with its associated hash algorithm, prepended with the Algorithm ID of the hashing algorithm. Refer to TPM 2.0 Library Specification [2] Part 1, Section 16, “Names”. g. Using the sequence described in the TPM 2.0 Library Specification [2] Part 3, section 12.6.3 (TPM2_MakeCredential Detailed Actions), create the encrypted “credential” structure to be sent to the device. When building this encrypted structure, objectName is the Name of the IAK calculated in step ‘a’ and Certificate (which is the payload field) holds a nonce (whose size matches the Name hash). Retain the nonce for use in later steps. NOTE: Step b is not implemented here. The EK certificate should be verified by the CA package using the Verify(certificate *x509.Certificate) method.