Tpm attestation fields clarification

index.bs

@@ -3200,9 +3200,13 @@ engine.
     - Verify that `magic` is set to `TPM_GENERATED_VALUE`.
     - Verify that `type` is set to `TPM_ST_ATTEST_CERTIFY`.
     - Verify that `extraData` is set to the hash of |attToBeSigned| using the hash algorithm employed in "alg".
-    - Verify that `attested` contains a `TPMS_CERTIFY_INFO` structure, whose `name` field contains a valid Name for |pubArea|,
+    - Verify that `attested` contains a `TPMS_CERTIFY_INFO` structure as specified in [[TPMv2-Part2]] section 10.12.3,
+        whose `name` field contains a valid Name for |pubArea|,
         as computed using the algorithm in the `nameAlg` field of |pubArea| using the procedure specified in [[TPMv2-Part1]]
         section 16.
+    - Note that the remaining fields in the "Standard Attestation Structure" [[TPMv2-Part1]] 
+        section 31.2, i.e., `qualifiedSigner`, `clockInfo` and `firmwareVersion` are ignored.
+        These fields MAY be used as an input to risk engines.
 
     If |x5c| is present, this indicates that the attestation type is not [=ECDAA=]. In this case:
     - Verify the |sig| is a valid signature over |certInfo| using the attestation public key in |x5c| with the