Skip to content

Commit bc9434a

Browse files
Dimitar Tomovdgarske
Dimitar Tomov
authored and
dgarske
committed
Update examples README files
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
1 parent 8528a32 commit bc9434a

2 files changed

Lines changed: 11 additions & 0 deletions

File tree

examples/README.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,15 @@ More information about how to test and use PCR attestation can be found in the i
4444
`./examples/pcr/extend`
4545
`./examples/pcr/reset`
4646

47+
### Remote Attestation challenge
48+
49+
Demonstrates how to create Remote Attestation challenge using the TPM 2.0 and afterwards prepare a response.
50+
51+
Detailed information about using these examples can be found in [examples/attestation/README.md](./examples/attestation/README.md)
52+
53+
`./examples/attestation/make_credential`
54+
`./examples/attestation/activate_credential`
55+
4756
## Parameter Encryption
4857

4958
### Key generation with encrypted authorization

examples/attestation/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ Complete list of the required examples is shown below:
1212
* `./examples/attestation/activate_credential`: Used by a client to decrypt the challenge and respond
1313
* `./examples/keygen/keygen`: Used to create a primary key(PK) and attestation key(AK)
1414

15+
Note: All of these example allow the use of the Endorsement Key and Attestation Key under the Endorsement Hierarchy. This is done by adding the `-eh` option when executing any of the three examples above. The advantage of using EK/EH is that the private key material of the EK never leaves the TPM. Anything encrypted using the public part of the EK can be encrypted only internally by the TPM owner of the EK, and EK is unique for every TPM chip. Therefore, creating challenges for Remote Attestation using the EK/EH has greater value in some scenarios. One drawback is that by using the EK the identity of the host under attestation is always known, because the EK private-public key pair identifies the TPM and in some scenarios this might rise privacy concerns. Our remote attestation examples support both AK under SRK and AK under EK. It is up to the developer to decide which one to use.
16+
1517
## Technology introduction
1618

1719
Remote Attestation is the process of a client providing an evidence to an attestation server that verifies if the client is in a known state.

0 commit comments

Comments
 (0)