From 365c7b5d1b71f014ec4a0a804e4a3f0e3faa586b Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 16 Aug 2023 01:10:14 +0200 Subject: [PATCH] Fix Intel EK certificate URLs on Linux --- attest/wrapped_tpm20.go | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/attest/wrapped_tpm20.go b/attest/wrapped_tpm20.go index f7a3cac5..03ede645 100644 --- a/attest/wrapped_tpm20.go +++ b/attest/wrapped_tpm20.go @@ -212,13 +212,24 @@ func (t *wrappedTPM20) eks() ([]EK, error) { if pub.RSAParameters == nil { return nil, errors.New("ECC EK not yet supported") } + + i, err := t.info() + if err != nil { + return nil, fmt.Errorf("Retrieving TPM info failed: %v", err) + } + ekPub := &rsa.PublicKey{ + E: int(pub.RSAParameters.Exponent()), + N: pub.RSAParameters.Modulus(), + } + var certificateURL string + if i.Manufacturer.String() == manufacturerIntel { + certificateURL = intelEKURL(ekPub) + } return []EK{ { - Public: &rsa.PublicKey{ - E: int(pub.RSAParameters.Exponent()), - N: pub.RSAParameters.Modulus(), - }, - handle: commonRSAEkEquivalentHandle, + Public: ekPub, + CertificateURL: certificateURL, + handle: commonRSAEkEquivalentHandle, }, }, nil }