Add ctx.get_time #551
Add ctx.get_time #551
Conversation
| self.optional_session_1(), | ||
| self.optional_session_2(), |
There was a problem hiding this comment.
I think these two are actually required, the first one for the endorsement, the second for the signing key. Looking at quote above I wonder if that's a bug, AFAICT the spec asks for one authorization session at least there.
There was a problem hiding this comment.
TCG TSS 2.0 Enhanced System API (ESAPI) Specification, Version 1.00, Revision 14, October 1, 2021
11.3.45 Esys_GetTime Functions
TSS2_DLL_EXPORT TSS2_RC Esys_GetTime_Async(
ESYS_CONTEXT *esysContext,
ESYS_TR privacyAdminHandle,
ESYS_TR signHandle,
ESYS_TR privacyAdminHandleSession1,
ESYS_TR signHandleSession2,
ESYS_TR optionalSession3,
TPM2B_DATA const *qualifyingData,
TPMT_SIG_SCHEME const *inScheme);
I think you are right only the third session is optional.
There was a problem hiding this comment.
Regarding Esys_Quote.
TCG TSS 2.0 Enhanced System API (ESAPI) Specification, Version 1.00, Revision 14, October 1, 2021
11.3.42 Esys_Quote Functions
TSS2_DLL_EXPORT TSS2_RC Esys_Quote_Async(
ESYS_CONTEXT *esysContext,
ESYS_TR signHandle,
ESYS_TR signHandleSession1,
ESYS_TR optionalSession2,
ESYS_TR optionalSession3,
TPM2B_DATA const *qualifyingData,
TPMT_SIG_SCHEME const *inScheme,
TPML_PCR_SELECTION const *PCRselect);
So it seems Quote is wrong as well because the first session should be required.
Signed-off-by: Nils Bourcarde <[email protected]>
Signed-off-by: Maurice Blattmann <[email protected]>
|
@nilsb99 I did not ask this before. But do you need this in an official release? Because if you do I suggest you cherry-pick this to the 7.x.y branch in a new PR. |
For a time-based remote attestation project in a uni class, we needed this function and wanted to contribute it to upstream.
We followed the existing implementation of
ctx.quote()to writectx.get_time()and its test.