output {
list tpm20-attestation-response {
key tpm_name;
description
"The binary output of TPM2b_Quote. An TPMS_ATTEST structure
including a length, encapsulated in a signature";
uses tpm-name;
uses node-uptime;
uses compute-node;
container tpms-attest {
leaf pcrdigest {
type binary;
description
"split out value of TPMS_QUOTE_INFO for convenience";
}
leaf tpms-attest-result {
type binary;
description
"The complete TPM generate structure including
signature.";
}
leaf tpms-attest-result-length {
type uint32;
description
"Length of attest result provided by the TPM structure.";
}
description
"A composite of value and length and list of selected
pcrs (original name: [type]attested)";
}
leaf tpmt-signature {
type binary;
description
"Split out value of the signature for convenience.
TODO: check for length values that complent binary value
data node leafs.";
}
}
This challenge-response RPC output contains "pcrdigest", "tpms-attest-result", "tpms-attest-result-length”, “tpmt-signature”.
I think a list of PCR values for multiple banks should be included in list tpm20-attestation-response:
output {
list tpm20-attestation-response {
......
list pcr-bank-values {
key algo-registry-type;
description
"PCR values of every PCR bank";
uses hash-algo;
list pcr-values {
key pcr-index;
description
"List of one PCR bank";
leaf pcr-index {
type uint16;
description
"PCR index number";
}
leaf pcr-value {
type string;
description
"PCR value";
}
}
......
}
output { list tpm20-attestation-response { key tpm_name; description "The binary output of TPM2b_Quote. An TPMS_ATTEST structure including a length, encapsulated in a signature"; uses tpm-name; uses node-uptime; uses compute-node; container tpms-attest { leaf pcrdigest { type binary; description "split out value of TPMS_QUOTE_INFO for convenience"; } leaf tpms-attest-result { type binary; description "The complete TPM generate structure including signature."; } leaf tpms-attest-result-length { type uint32; description "Length of attest result provided by the TPM structure."; } description "A composite of value and length and list of selected pcrs (original name: [type]attested)"; } leaf tpmt-signature { type binary; description "Split out value of the signature for convenience. TODO: check for length values that complent binary value data node leafs."; } }
This challenge-response RPC output contains "pcrdigest", "tpms-attest-result", "tpms-attest-result-length”, “tpmt-signature”. I think a list of PCR values for multiple banks should be included in list tpm20-attestation-response:
output { list tpm20-attestation-response {