Skip to content

Commit

Permalink
A note for Linux clients of tpm.EKs(). (#368)
Browse files Browse the repository at this point in the history
Fix the doc for attest.ActivateCredentialWithEK() as well.
  • Loading branch information
zhsh authored Mar 27, 2024
1 parent 5b37630 commit a9866d3
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
2 changes: 1 addition & 1 deletion attest/attest.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ func (k *AK) ActivateCredential(tpm *TPM, in EncryptedCredential) (secret []byte
return k.ak.activateCredential(tpm.tpm, in, nil)
}

// ActivateCredential decrypts the secret using the key to prove that the AK
// ActivateCredentialWithEK decrypts the secret using the key to prove that the AK
// was generated on the same TPM as the EK. This method can be used with TPMs
// that have an ECC EK. The 'ek' argument must be one of EKs returned from
// TPM.EKs() or TPM.EKCertificates().
Expand Down
4 changes: 4 additions & 0 deletions attest/tpm.go
Original file line number Diff line number Diff line change
Expand Up @@ -365,6 +365,10 @@ func (t *TPM) Close() error {
}

// EKs returns the endorsement keys burned-in to the platform.
// Note for Linux clients: for historical reasons, the method assumes that
// the TPM has a single EK, and the EK's type is RSA. If the EK's type is ECC
// and the TPM contains an ECC EK Certificate, the EKCertificates() method
// should be used to retrieve the EKs.
func (t *TPM) EKs() ([]EK, error) {
return t.tpm.eks()
}
Expand Down

0 comments on commit a9866d3

Please sign in to comment.