You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem: The "Platform Version" field as described in section 2.1.5.6 of the v1.1 version of the TCG platform cert spec is listed as a MUST in the table of section 2.1.5 so a Verifier is obligated to check/process it. It does have the following note: "platform version is encoded as a string and is the manufacturer-specific implementation version of the platform", so a manufacturer could technically add whatever value it wanted. Any value, however, makes it rather difficult for Verifier to match in this case.
The Platform Version attribute within a Platform Certificate typically defaults to either "Unknown" or "Not Specified" if the platform does not track its version (many devices will typically change a model number versus tracking a version). This can lead to a mis-compare by the ACA during the provisioning process (i.e. a false negative).
Proposed solution: If the ACA finds a Platform Version field within a Platform certificate with a value of either "Unknown" or "Not Specified" (not case sensitive) it should skip the comparison with the actual value returned from the provisioner. If it is not one of the the two values it should proceed with the comparison.
The text was updated successfully, but these errors were encountered:
Problem: The "Platform Version" field as described in section 2.1.5.6 of the v1.1 version of the TCG platform cert spec is listed as a MUST in the table of section 2.1.5 so a Verifier is obligated to check/process it. It does have the following note: "platform version is encoded as a string and is the manufacturer-specific implementation version of the platform", so a manufacturer could technically add whatever value it wanted. Any value, however, makes it rather difficult for Verifier to match in this case.
The Platform Version attribute within a Platform Certificate typically defaults to either "Unknown" or "Not Specified" if the platform does not track its version (many devices will typically change a model number versus tracking a version). This can lead to a mis-compare by the ACA during the provisioning process (i.e. a false negative).
Proposed solution: If the ACA finds a Platform Version field within a Platform certificate with a value of either "Unknown" or "Not Specified" (not case sensitive) it should skip the comparison with the actual value returned from the provisioner. If it is not one of the the two values it should proceed with the comparison.
The text was updated successfully, but these errors were encountered: