REST API - info

esx attestation tpm2 settings: info

The info structure contains information that describes the TPM 2.0 protocol settings.

Representation:

JSON

{
"require_endorsement_keys" : true,
"require_certificate_validation" : true
}

Attributes:

Name	Type	Description
Required
require_endorsement_keys	boolean	Require registered TPM endorsement keys. During attestation, the attested host will always send its endorsement key to the Attestation Service. With this option is set, the Attestation Service will only proceed with attestation if the endorsement key has been added to the list of configured trusted endorsement keys.
require_certificate_validation	boolean	Require TPM endorsement key certificate validation. During attestation, the attested host will send its endorsement key certificate if one is available. With this option set, the Attestation Service will validate the endorsement key certificate against the list of configured trusted TPM CA certificates. Only endorsement key certificates that are signed by a trusted TPM CA certificate will be able to successfully attest.

Name

Type

Description

Required

require_endorsement_keys

boolean

Require registered TPM endorsement keys.

During attestation, the attested host will always send its endorsement key to the Attestation Service. With this option is set, the Attestation Service will only proceed with attestation if the endorsement key has been added to the list of configured trusted endorsement keys.

require_certificate_validation

boolean

Require TPM endorsement key certificate validation.

During attestation, the attested host will send its endorsement key certificate if one is available. With this option set, the Attestation Service will validate the endorsement key certificate against the list of configured trusted TPM CA certificates. Only endorsement key certificates that are signed by a trusted TPM CA certificate will be able to successfully attest.