Tpm attestation fields clarifications

w3c · Feb 8, 2018 · 45caac2 · 45caac2
1 parent ca4cf0f
commit 45caac2
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/index.bs b/index.bs
@@ -3203,6 +3203,8 @@ engine.
     - Verify that `attested` contains a `TPMS_CERTIFY_INFO` structure, whose `name` field contains a valid Name for |pubArea|,
         as computed using the algorithm in the `nameAlg` field of |pubArea| using the procedure specified in [[TPMv2-Part1]]
         section 16.
+    - Note that `qualifiedSigner`, `clockInfo` and `firmwareVersion` are ignored for specific validations.
+        These MAY be used as an input to risk engines.
 
     If |x5c| is present, this indicates that the attestation type is not [=ECDAA=]. In this case:
     - Verify the |sig| is a valid signature over |certInfo| using the attestation public key in |x5c| with the