rpc tpm20-challenge-response-attestation {
description
"This RPC accepts the input for TSS TPM 2.0 commands of the
managed device. ComponentIndex from the hardware manager YANG
module to refer to dedicated TPM in composite devices,
e.g. smart NICs, is still a TODO.";
input {
container tpm20-attestation-challenge {
description
"This container includes every information element defined
in the reference challenge-response interaction model for
remote attestation. Corresponding values are based on
TPM 2.0 structure definitions";
uses tpm20-pcr-selection;
uses nonce;
uses tpm20-signature-scheme;
uses tpm20-attestation-key-identifier;
}
list tpms {
key tpm_name;
description
"TPMs to fetch the attestation information.";
uses tpm-name;
}
}
In this RPC input, ComponentIndex from the hardware manager YANG module is used to find dedicated TPM in composite devices. If we don't have hardware manager YANG module, could we encapsulate “Component Index” or "Node ID" into challenge-object?
input {
container tpm20-attestation-challenge {
uses nonce;
list challenge-objects {
key "node-id tpm-name";
description
"Nodes to fetch the attestation information, PCR selections and AK identifier.";
uses compute-node-identifier;
uses tpm-identifier;
uses tpm20-pcr-selection;
uses tpm20-attestation-key-identifier;
}
}
}
rpc tpm20-challenge-response-attestation { description "This RPC accepts the input for TSS TPM 2.0 commands of the managed device. ComponentIndex from the hardware manager YANG module to refer to dedicated TPM in composite devices, e.g. smart NICs, is still a TODO."; input { container tpm20-attestation-challenge { description "This container includes every information element defined in the reference challenge-response interaction model for remote attestation. Corresponding values are based on TPM 2.0 structure definitions"; uses tpm20-pcr-selection; uses nonce; uses tpm20-signature-scheme; uses tpm20-attestation-key-identifier; } list tpms { key tpm_name; description "TPMs to fetch the attestation information."; uses tpm-name; } }
In this RPC input, ComponentIndex from the hardware manager YANG module is used to find dedicated TPM in composite devices. If we don't have hardware manager YANG module, could we encapsulate “Component Index” or "Node ID" into challenge-object?