-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tpm2_getekcertificate auto-discover TPM manufacturer's server URL #1698
Comments
I wonder if TCG has a registry of these URL's. If not will have to get this information from TPM manufacturers. |
If there's a registry that would be great. Is the protocol documented somewhere? When I was adding support for requesting ECC certs last night, I just guessed the simplest reasonable request format, and thankfully it was right. I couldn't find anything explaining how it's supposed to work. |
|
For Infineon TPM's the EK is stored on the TPM (see TCG_IWG_Credential_Profile_EK_V2.1_R13 chapter 2.2.1) |
Duplicate #1885 |
tpm2_getekcertificate already has logic for checking the TPM's manufacturer and reporting whether it's going to be able to get a certificate from the server. It might as well also supply a default server URL if known; e.g., "https://ekop.intel.com/ekcertservice/" for INTC.
Users would still need to provide an explicit URL in offline mode, or if the manufacturer is not known.
The text was updated successfully, but these errors were encountered: