search

ietf-rats / draft-birkholz-rats-basic-yang-module

This repository is abandoned. The adopted I-D can be found at:
https://github.com/ietf-rats-wg/basic-yang-module
Other
0 stars 3 forks source link

challenge-response for composite devide #15

Open haknmcaobin opened 4 years ago

haknmcaobin commented 4 years ago

rpc tpm20-challenge-response-attestation { description "This RPC accepts the input for TSS TPM 2.0 commands of the managed device. ComponentIndex from the hardware manager YANG module to refer to dedicated TPM in composite devices, e.g. smart NICs, is still a TODO."; input { container tpm20-attestation-challenge { description "This container includes every information element defined in the reference challenge-response interaction model for remote attestation. Corresponding values are based on TPM 2.0 structure definitions"; uses tpm20-pcr-selection; uses nonce; uses tpm20-signature-scheme; uses tpm20-attestation-key-identifier; } list tpms { key tpm_name; description "TPMs to fetch the attestation information."; uses tpm-name; } }

In this RPC input, ComponentIndex from the hardware manager YANG module is used to find dedicated TPM in composite devices. If we don't have hardware manager YANG module, could we encapsulate “Component Index” or "Node ID" into challenge-object?

input {
  container tpm20-attestation-challenge {
      uses nonce;
  list challenge-objects {
    key "node-id tpm-name";
      description
        "Nodes to fetch the attestation information, PCR selections and AK identifier.";
      uses compute-node-identifier;
      uses tpm-identifier;
      uses tpm20-pcr-selection;
      uses tpm20-attestation-key-identifier;
      }
  }
}