Open haknmcaobin opened 4 years ago
In the datastore tree you can find every TPM endorsement certificate that is associated with a distinguishable TPM in the composite device (hence the compute-node statement).
Via the RPC you can retrieve a selection of attestation-key certificates associated with a given TPM.
The tree diagram does not yield this information, but it is captured in the corresponding statement descriptions.
+--ro rats-support-structures +--ro supported-algos uint16 +--ro tpms [tpm_name] | +--ro tpm_name string | +--ro tpm-physical-index? int32 {ietfhw:entity-mib}? | +--ro certificates [] | +--ro certificate | +--ro certificate-name? string | +--ro certificate-type? enumeration | +--ro certificate-value? ietfct:end-entity-cert-cms +--ro compute-nodes [node-name] +--ro node-name string +--ro node-physical-index? int32 {ietfhw:entity-mib}?
This operation can get certificates, while the RPC basic-trust-establishment can also get certificates. What's the difference between these two operations?What are the corresponding scenarios?