nicowilliams
commented
1 year ago @geoffthorpe
Open nicowilliams opened 1 year ago
nicowilliams
commented
1 year ago @geoffthorpe
nicowilliams
commented
1 year ago So, basically we'd encrypt to the EKpub as in the WK method but with the name of the subject public key from the IDevID/IAK certificate as the activation object.
We don't even need to actually use the private keys for the IDevID/IAK -- the fact that TPM2_ActivateCredential() would require that key object to be loaded would enough.
Currently Safeboot has an enrollment protocol where an admin enrolls
{hostname, EKcert}(or even{hostname, EKpub}where there is a different way to validate theEKpub).When systems come with
IDevIDorIAKcertificates, then we could enroll{hostname, serial_number}, and the binding of anEKpubcould then happen in an automated protocol where the client sends itsIDevIDorIAKcertificate, and theEKpub, and then the enrollment protocol would encrypt assets for the host to the host'sEKpubbut with the cryptographic name of theIDevID/IAKas the activation object.This makes for a simpler manual step than today: instead of having to boot trusted media to extract an
EKcert, the admin would only have to copy a serial number from a manifest into an inventory system and assign a hostname.The part of the protocol where the host sends its
IDevIDorIAKcerts and theEKpubcould be run in an isolated lab or in production networks. (In the former case the enrollment servers can be isolated for extra security.)