Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changed TPM2 attestation statement from TPM2_Quote to TPM2_Certify, etc. #91

Merged
merged 10 commits into from
Feb 27, 2024
Merged

Changed TPM2 attestation statement from TPM2_Quote to TPM2_Certify, etc. #91

merged 10 commits into from
Feb 27, 2024

Conversation

mwiseman-byid
Copy link
Collaborator

No description provided.

@hannestschofenig hannestschofenig mentioned this pull request Feb 20, 2024
Closed
ionut-arm
ionut-arm reviewed Feb 23, 2024
View reviewed changes
draft-ietf-lamps-csr-attestation.md

The uniquely identifying TPM2 key is the Endorsement Key (the EK). As this is a privacy
sensitive key, the EK is not directly used to attest to any TPM2 asset. Instead,
the EK is used by an Attestation CA to create an Attestation Key (the AK). The AK is
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello! 👋🏻 Great write-up! I was reading through and got a bit confused by this line, specifically by the EK is used by an Attestation CA to create an Attestation Key. My understanding was that the EK is used to assure a 3rd party (in this case the Privacy CA / Attestation CA) that the AK is in the same TPM as the EK, not for the CA to issue the AK. Am I getting this wrong?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we are saying the same thing. The Attestation CA is just a special CA that uses the TPM protocols (including the EK) to prove the AK is in the same TPM (and has the expected attributes). The Attestation CA then issues a certificate for the AK. Since the AK is a signing key (the EK is a decryption key so the protocol is a bit awkward and non-standard - again, this is one of the reasons we use the term Attestation CA because it acts as a non-standard CA) it is easier to get a signed statement about the properties of a "user key". Defining that signed statement is the point of this effort.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree, but I don't see how that maps to used by an Attestation CA to create an Attestation Key - perhaps used by an Attestation CA to create an Attestation Key certificate is clearer?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ha, you are correct. Authors sometimes miss the subtitle wording and when I read ...create and Attestation Key... I meant what you said. A subtle but very important difference. Thanks for pointing this out.

@ounsworth ounsworth changed the base branch from main to monty-tpm2-example February 27, 2024 22:26
@ounsworth
Copy link
Contributor

I don't have push permissions on Monty's fork, so I am merging into a side branch, I'll do a few fixes, then merge into main.

@ounsworth ounsworth merged commit 40d30c6 into lamps-wg:monty-tpm2-example Feb 27, 2024
1 check passed
@ounsworth ounsworth mentioned this pull request Feb 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ionut-arm ionut-arm ionut-arm left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mwiseman-byid @ounsworth @ionut-arm @hannestschofenig @thomas-fossati