From c92aec35494e1df431ee558d0b593ad6b2904dd1 Mon Sep 17 00:00:00 2001 From: Shane Weeden Date: Wed, 19 Jul 2023 09:18:54 +1000 Subject: [PATCH] Clarify TPM attestation verification instructions --- index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.bs b/index.bs index c0d33b9dd..b239757b4 100644 --- a/index.bs +++ b/index.bs @@ -5874,8 +5874,8 @@ engine. - Verify that `extraData` is set to the hash of |attToBeSigned| using the hash algorithm employed in "alg". - Verify that `attested` contains a `TPMS_CERTIFY_INFO` structure as specified in [[!TPMv2-Part2]] section 10.12.3, whose `name` field contains a valid Name for |pubArea|, - as computed using the algorithm in the `nameAlg` field of |pubArea| using the procedure specified in [[!TPMv2-Part1]] - section 16. + as computed using the procedure specified in [[!TPMv2-Part1]] + section 16. Note that the hash algorithm is included within the attested `name` field of the TPMS_CERTIFY_INFO structure. - Verify that |x5c| is present. - Note that the remaining fields in the "Standard Attestation Structure" [[!TPMv2-Part1]] section 31.2, i.e., `qualifiedSigner`, `clockInfo` and `firmwareVersion` are ignored.