search

ietf-rats / draft-birkholz-rats-basic-yang-module

This repository is abandoned. The adopted I-D can be found at:
https://github.com/ietf-rats-wg/basic-yang-module
Other
0 stars 3 forks source link

Question about Certificates Retrieve #12

Open haknmcaobin opened 4 years ago

haknmcaobin commented 4 years ago

+--ro rats-support-structures +--ro supported-algos uint16 +--ro tpms [tpm_name] | +--ro tpm_name string | +--ro tpm-physical-index? int32 {ietfhw:entity-mib}? | +--ro certificates [] | +--ro certificate | +--ro certificate-name? string | +--ro certificate-type? enumeration | +--ro certificate-value? ietfct:end-entity-cert-cms +--ro compute-nodes [node-name] +--ro node-name string +--ro node-physical-index? int32 {ietfhw:entity-mib}?

This operation can get certificates, while the RPC basic-trust-establishment can also get certificates. What's the difference between these two operations?What are the corresponding scenarios?

henkbirkholz commented 4 years ago

In the datastore tree you can find every TPM endorsement certificate that is associated with a distinguishable TPM in the composite device (hence the compute-node statement).

Via the RPC you can retrieve a selection of attestation-key certificates associated with a given TPM.

The tree diagram does not yield this information, but it is captured in the corresponding statement descriptions.