Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The KeyAttestationStatement structure is defined as follows:<9>
-
typedef struct { UINT32 Magic; UINT32 Version; UINT32 Platform; UINT32 HeaderSize; UINT32 cbIdBinding; UINT32 cbKeyAttestation; UINT32 cbAIKOpaque; BYTE idBinding[cbIdBinding]; BYTE keyAttestation[cbKeyAttestation]; BYTE aikOpaque[cbAIKOpaque]; } KeyAttestationStatement;
Magic: The value MUST be 0x5453414B.
Version: The value MUST be 1.
Platform: The value MUST be either 1 or 2 indicating the TPM platform.
HeaderSize: An integer value denoting the size of the header.
cbIdBinding: An integer value denoting the size of the idBinding field.
cbKeyAttestation: An integer value denoting the size of the keyAttestation field.
cbAIKOpaque: An integer value denoting the size of the aikOpaque field.
idBinding: When the Platform member equals 1, a byte array containing the signature of a TPM_IDENTITY_CONTENTS structure, as defined in [TCG-Struct] section 12.5. When Platform equals 2, a byte array containing a concatenation of the following structures:<10>
A TPM2B_PUBLIC structure defined in [TCG-Struct-V2] section 12.2.5.
A TPM2B_CREATION_DATA structure defined in [TCG-Struct-V2] section 15.2.
A TPM2B_ATTEST structure defined in [TCG-Struct-V2] section 10.12.9.
A TPMT_SIGNATURE structure defined in [TCG-Struct-V2] section 11.3.4.
-
For information on how this signature is constructed, see the following references:
When Platform equals 1, [TCG-Commands] section 15.1.
When Platform equals 2, [TCG-Commands-V2] section 12.1.
keyAttestation: A structure that is defined as follows:
-
typedef struct { UINT32 Magic; UINT32 Platform; UINT32 HeaderSize; UINT32 cbKeyAttest; UINT32 cbSignature; UINT32 cbKeyBlob; BYTE keyAttest[cbKeyAttest]; BYTE signature[cbSignature]; BYTE keyBlob[cbKeyBlob]; } keyAttestation; -
Magic: The value MUST be 0x5344414B.
-
Platform: The value MUST be either 1 or 2 indicating the TPM platform.
-
HeaderSize: An integer value denoting the size of the header.
-
cbKeyAttest: An integer value denoting the size of the keyAttest array.
-
cbSignature: An integer value denoting the size of the signature array.
-
cbKeyBlob: An integer value denoting the size of the keyBlob array.
-
keyAttest: MUST be a TPM_CERTIFY_INFO structure if the Platform field equals 1, or a TPM_CERTIFY_INFO2 structure if Platform equals 2, as defined in [TCG-Struct] sections 11.1 and 11.2.
-
signature: Contains the signature of the keyAttest array using the AIK private key.
-
keyBlob: Contains a CSP-specific opaque format of the attested key.
aikOpaque: Contains a CSP-specific opaque format of the AIK private key.