esx attestation report: tpm2 request
The
tpm2_request structure contains information used to specify an attestation report request using the TPM 2.0 protocol.Representation:
{
"types" : [
"KMS_AUTH_JWT",
"KMS_AUTH_JWT"
],
"identity" : {
"ek_cert" : "string",
"ek_pub" : "string"
},
"contexts" : [
"YmluYXJ5",
"YmluYXJ5"
]
}
"types" : [
"KMS_AUTH_JWT",
"KMS_AUTH_JWT"
],
"identity" : {
"ek_cert" : "string",
"ek_pub" : "string"
},
"contexts" : [
"YmluYXJ5",
"YmluYXJ5"
]
}
Attributes:
| Name | Type | Description |
|---|---|---|
| Required | ||
| identity | tpm2_identity | The remote TPM identity. |
| contexts | binary[] | A set of contexts that will be processed by the server. |
| types | string[] | The types of document being requested. |
| Optional | ||
| identity.ek_cert | string | TPM 2.0 endorsement key (EK) certificate When an endorsement key certificate is available, all attestation requests should begin by sending it as the remote host's identity. The server will validate the certificate against a configured set of trusted TPM certificate authorities (CAs). Optional. If unset, esx.attestation.report.tpm2_identity.ek_pub must be specified. |
| identity.ek_pub | string | TPM 2.0 public endorsement key (EK) When an endorsement key certificate is not available, an attestation request may be made using the public part of the endorsement key instead. This identification method will only work if the server is configured to accept unsigned EKs, and the public key has been added to the trusted set. Not required when esx.attestation.report.tpm2_identity.ek_cert is specified. Optional. If unset, esx.attestation.report.tpm2_identity.ek_cert must be specified. |