2.2.2.5 KeyAttestationStatement
The KeyAttestationStatement structure is defined as follows:<9>
-
typedef struct { UINT32 Magic; UINT32 Version; UINT32 Platform; UINT32 HeaderSize; UINT32 cbIdBinding; UINT32 cbKeyAttestation; UINT32 cbAIKOpaque; BYTE idBinding[cbIdBinding]; BYTE keyAttestation[cbKeyAttestation]; BYTE aikOpaque[cbAIKOpaque]; } KeyAttestationStatement;
Magic: The value MUST be 0x5453414B.
Version: The value MUST be 1.
Platform: The value MUST be either 1 or 2 indicating the TPM platform.
HeaderSize: An integer value denoting the size of the header.
cbIdBinding: An integer value denoting the size of the idBinding field.
cbKeyAttestation: An integer value denoting the size of the keyAttestation field.
cbAIKOpaque: An integer value denoting the size of the aikOpaque field.
idBinding: When the Platform member equals 1, a byte array containing the signature of a TPM_IDENTITY_CONTENTS structure, as defined in [TCG-Struct] section 12.5. When Platform equals 2, a byte array containing a concatenation of the following structures:<10>
A TPM2B_PUBLIC structure defined in [TCG-Struct-V2] section 12.2.5.
A TPM2B_CREATION_DATA structure defined in [TCG-Struct-V2] section 15.2.
A TPM2B_ATTEST structure defined in [TCG-Struct-V2] section 10.12.9.
A TPMT_SIGNATURE structure defined in [TCG-Struct-V2] section 11.3.4.
-
For information on how this signature is constructed, see the following references:
When Platform equals 1, [TCG-Commands] section 15.1.
When Platform equals 2, [TCG-Commands-V2] section 12.1.
keyAttestation: A structure that is defined as follows:
-
typedef struct { UINT32 Magic; UINT32 Platform; UINT32 HeaderSize; UINT32 cbKeyAttest; UINT32 cbSignature; UINT32 cbKeyBlob; BYTE keyAttest[cbKeyAttest]; BYTE signature[cbSignature]; BYTE keyBlob[cbKeyBlob]; } keyAttestation; -
Magic: The value MUST be 0x5344414B.
-
Platform: The value MUST be either 1 or 2 indicating the TPM platform.
-
HeaderSize: An integer value denoting the size of the header.
-
cbKeyAttest: An integer value denoting the size of the keyAttest array.
-
cbSignature: An integer value denoting the size of the signature array.
-
cbKeyBlob: An integer value denoting the size of the keyBlob array.
-
keyAttest: MUST be a TPM_CERTIFY_INFO structure if the Platform field equals 1, or a TPM_CERTIFY_INFO2 structure if Platform equals 2, as defined in [TCG-Struct] sections 11.1 and 11.2.
-
signature: Contains the signature of the keyAttest array using the AIK private key.
-
keyBlob: Contains a CSP-specific opaque format of the attested key.
aikOpaque: Contains a CSP-specific opaque format of the AIK private key.