com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm

Interface EndorsementKeys

All Superinterfaces:

EndorsementKeysTypes, Service

All Known Implementing Classes:

EndorsementKeysStub

public interface EndorsementKeys
extends Service, EndorsementKeysTypes

The EndorsementKeys interface provides methods to get the Trusted Platform Module (TPM) Endorsement Key (EK) on a host. This interface was added in vSphere API 8.0.0.1.

Nested Class Summary

Nested classes/interfaces inherited from interface com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm.EndorsementKeysTypes

EndorsementKeysTypes.FilterSpec, EndorsementKeysTypes.Info, EndorsementKeysTypes.PolicyPcrSpec, EndorsementKeysTypes.Summary, EndorsementKeysTypes.Type, EndorsementKeysTypes.UnsealSpec

Field Summary

Fields inherited from interface com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm.EndorsementKeysTypes

_VAPI_SERVICE_ID, RESOURCE_TYPE

Method Summary

Modifier and Type	Method and Description
EndorsementKeysTypes.Info	get(java.lang.String host, java.lang.String tpm, java.lang.String key) Get the TPM endorsement key details on a host.
void	get(java.lang.String host, java.lang.String tpm, java.lang.String key, AsyncCallback<EndorsementKeysTypes.Info> asyncCallback) Get the TPM endorsement key details on a host.
void	get(java.lang.String host, java.lang.String tpm, java.lang.String key, AsyncCallback<EndorsementKeysTypes.Info> asyncCallback, InvocationConfig invocationConfig) Get the TPM endorsement key details on a host.
EndorsementKeysTypes.Info	get(java.lang.String host, java.lang.String tpm, java.lang.String key, InvocationConfig invocationConfig) Get the TPM endorsement key details on a host.
java.util.List<EndorsementKeysTypes.Summary>	list(java.lang.String host, java.lang.String tpm, EndorsementKeysTypes.FilterSpec filter) Return a list of configured endorsement keys on a host.
void	list(java.lang.String host, java.lang.String tpm, EndorsementKeysTypes.FilterSpec filter, AsyncCallback<java.util.List<EndorsementKeysTypes.Summary>> asyncCallback) Return a list of configured endorsement keys on a host.
void	list(java.lang.String host, java.lang.String tpm, EndorsementKeysTypes.FilterSpec filter, AsyncCallback<java.util.List<EndorsementKeysTypes.Summary>> asyncCallback, InvocationConfig invocationConfig) Return a list of configured endorsement keys on a host.
java.util.List<EndorsementKeysTypes.Summary>	list(java.lang.String host, java.lang.String tpm, EndorsementKeysTypes.FilterSpec filter, InvocationConfig invocationConfig) Return a list of configured endorsement keys on a host.
byte[]	unseal(java.lang.String host, java.lang.String tpm, java.lang.String key, EndorsementKeysTypes.UnsealSpec spec) Unseal a secret that is bound to an endorsement key.
void	unseal(java.lang.String host, java.lang.String tpm, java.lang.String key, EndorsementKeysTypes.UnsealSpec spec, AsyncCallback<byte[]> asyncCallback) Unseal a secret that is bound to an endorsement key.
void	unseal(java.lang.String host, java.lang.String tpm, java.lang.String key, EndorsementKeysTypes.UnsealSpec spec, AsyncCallback<byte[]> asyncCallback, InvocationConfig invocationConfig) Unseal a secret that is bound to an endorsement key.
byte[]	unseal(java.lang.String host, java.lang.String tpm, java.lang.String key, EndorsementKeysTypes.UnsealSpec spec, InvocationConfig invocationConfig) Unseal a secret that is bound to an endorsement key.

Method Detail

list

java.util.List<EndorsementKeysTypes.Summary> list(java.lang.String host,
                                                  java.lang.String tpm,
                                                  EndorsementKeysTypes.FilterSpec filter)

Return a list of configured endorsement keys on a host. This method was added in vSphere API 8.0.0.1.

Synchronous method overload. Result of the invocation will be reported as a method return value.

Parameters:

host - Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.

tpm - the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.

filter - a filter for the returned list. if , the behavior is equivalent to a EndorsementKeysTypes.FilterSpec with properties null.

Returns:

A list of configured endorsement keys.

Throws:

Error - if there is a generic error.

InvalidArgument - if the arguments are invalid.

NotFound - if the TPM device, or the host is not found.

ServiceUnavailable - if too many requests are in progress.

Unauthenticated - if the caller is not authenticated.

Unauthorized - if the caller is not authorized.

Unauthorized - if you do not have all of the privileges described as follows:

• The resource HostSystem referenced by the parameter host requires Host.Tpm.Read.

list

java.util.List<EndorsementKeysTypes.Summary> list(java.lang.String host,
                                                  java.lang.String tpm,
                                                  EndorsementKeysTypes.FilterSpec filter,
                                                  InvocationConfig invocationConfig)

Return a list of configured endorsement keys on a host. This method was added in vSphere API 8.0.0.1.

Synchronous method overload. Result of the invocation will be reported as a method return value. Use invocationConfig to specify configuration for this particular invocation.

Parameters:

host - Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.

tpm - the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.

filter - a filter for the returned list. if , the behavior is equivalent to a EndorsementKeysTypes.FilterSpec with properties null.

invocationConfig - Configuration for the method invocation.

Returns:

A list of configured endorsement keys.

Throws:

Error - if there is a generic error.

InvalidArgument - if the arguments are invalid.

NotFound - if the TPM device, or the host is not found.

ServiceUnavailable - if too many requests are in progress.

Unauthenticated - if the caller is not authenticated.

Unauthorized - if the caller is not authorized.

Unauthorized - if you do not have all of the privileges described as follows:

• The resource HostSystem referenced by the parameter host requires Host.Tpm.Read.

list

void list(java.lang.String host,
          java.lang.String tpm,
          EndorsementKeysTypes.FilterSpec filter,
          AsyncCallback<java.util.List<EndorsementKeysTypes.Summary>> asyncCallback)

Return a list of configured endorsement keys on a host. This method was added in vSphere API 8.0.0.1.

Asynchronous method overload. Result of the invocation will be reported via the specified asyncCallback.

Invocation Result:
A list of configured endorsement keys.

Operation Errors:
Error - if there is a generic error.
InvalidArgument - if the arguments are invalid.
NotFound - if the TPM device, or the host is not found.
ServiceUnavailable - if too many requests are in progress.
Unauthenticated - if the caller is not authenticated.
Unauthorized - if the caller is not authorized.
Unauthorized - if you do not have all of the privileges described as follows:

• The resource HostSystem referenced by the parameter host requires Host.Tpm.Read.

Parameters:

host - Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.

tpm - the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.

filter - a filter for the returned list. if , the behavior is equivalent to a EndorsementKeysTypes.FilterSpec with properties null.

asyncCallback - Receives the status (progress, result or error) of the operation invocation.

list

void list(java.lang.String host,
          java.lang.String tpm,
          EndorsementKeysTypes.FilterSpec filter,
          AsyncCallback<java.util.List<EndorsementKeysTypes.Summary>> asyncCallback,
          InvocationConfig invocationConfig)

Return a list of configured endorsement keys on a host. This method was added in vSphere API 8.0.0.1.

Asynchronous method overload. Result of the invocation will be reported via the specified asyncCallback. Use invocationConfig to specify configuration for this particular invocation.

Invocation Result:
A list of configured endorsement keys.

Operation Errors:
Error - if there is a generic error.
InvalidArgument - if the arguments are invalid.
NotFound - if the TPM device, or the host is not found.
ServiceUnavailable - if too many requests are in progress.
Unauthenticated - if the caller is not authenticated.
Unauthorized - if the caller is not authorized.
Unauthorized - if you do not have all of the privileges described as follows:

• The resource HostSystem referenced by the parameter host requires Host.Tpm.Read.

Parameters:

host - Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.

tpm - the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.

filter - a filter for the returned list. if , the behavior is equivalent to a EndorsementKeysTypes.FilterSpec with properties null.

asyncCallback - Receives the status (progress, result or error) of the operation invocation.

invocationConfig - Configuration for the method invocation.

get

EndorsementKeysTypes.Info get(java.lang.String host,
                              java.lang.String tpm,
                              java.lang.String key)

Get the TPM endorsement key details on a host.

The information returned is derived from executing the TPM2_ReadPublic command on the endorsement key object handle.

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.4 TPM2_ReadPublic

. This method was added in vSphere API 8.0.0.1.

Synchronous method overload. Result of the invocation will be reported as a method return value.

Parameters:

host - Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.

tpm - the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.

key - the endorsement key identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm.EndorsementKey.

Returns:

The endorsement key info.

Throws:

Error - if there is a generic error.

InvalidArgument - if the arguments are invalid.

NotFound - if the endorsement key, or the TPM device, or the host is not found.

ServiceUnavailable - if too many requests are in progress.

Unauthenticated - if the caller is not authenticated.

Unauthorized - if the caller is not authorized.

Unauthorized - if you do not have all of the privileges described as follows:

• The resource HostSystem referenced by the parameter host requires Host.Tpm.Read.

get

EndorsementKeysTypes.Info get(java.lang.String host,
                              java.lang.String tpm,
                              java.lang.String key,
                              InvocationConfig invocationConfig)

Get the TPM endorsement key details on a host.

The information returned is derived from executing the TPM2_ReadPublic command on the endorsement key object handle.

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.4 TPM2_ReadPublic

. This method was added in vSphere API 8.0.0.1.

Synchronous method overload. Result of the invocation will be reported as a method return value. Use invocationConfig to specify configuration for this particular invocation.

Parameters:

host - Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.

tpm - the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.

key - the endorsement key identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm.EndorsementKey.

invocationConfig - Configuration for the method invocation.

Returns:

The endorsement key info.

Throws:

Error - if there is a generic error.

InvalidArgument - if the arguments are invalid.

NotFound - if the endorsement key, or the TPM device, or the host is not found.

ServiceUnavailable - if too many requests are in progress.

Unauthenticated - if the caller is not authenticated.

Unauthorized - if the caller is not authorized.

Unauthorized - if you do not have all of the privileges described as follows:

• The resource HostSystem referenced by the parameter host requires Host.Tpm.Read.

get

void get(java.lang.String host,
         java.lang.String tpm,
         java.lang.String key,
         AsyncCallback<EndorsementKeysTypes.Info> asyncCallback)

Get the TPM endorsement key details on a host.

The information returned is derived from executing the TPM2_ReadPublic command on the endorsement key object handle.

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.4 TPM2_ReadPublic

. This method was added in vSphere API 8.0.0.1.

Asynchronous method overload. Result of the invocation will be reported via the specified asyncCallback.

Invocation Result:
The endorsement key info.

Operation Errors:
Error - if there is a generic error.
InvalidArgument - if the arguments are invalid.
NotFound - if the endorsement key, or the TPM device, or the host is not found.
ServiceUnavailable - if too many requests are in progress.
Unauthenticated - if the caller is not authenticated.
Unauthorized - if the caller is not authorized.
Unauthorized - if you do not have all of the privileges described as follows:

• The resource HostSystem referenced by the parameter host requires Host.Tpm.Read.

Parameters:

host - Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.

tpm - the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.

key - the endorsement key identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm.EndorsementKey.

asyncCallback - Receives the status (progress, result or error) of the operation invocation.

get

void get(java.lang.String host,
         java.lang.String tpm,
         java.lang.String key,
         AsyncCallback<EndorsementKeysTypes.Info> asyncCallback,
         InvocationConfig invocationConfig)

Get the TPM endorsement key details on a host.

The information returned is derived from executing the TPM2_ReadPublic command on the endorsement key object handle.

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.4 TPM2_ReadPublic

. This method was added in vSphere API 8.0.0.1.

Asynchronous method overload. Result of the invocation will be reported via the specified asyncCallback. Use invocationConfig to specify configuration for this particular invocation.

Invocation Result:
The endorsement key info.

Operation Errors:
Error - if there is a generic error.
InvalidArgument - if the arguments are invalid.
NotFound - if the endorsement key, or the TPM device, or the host is not found.
ServiceUnavailable - if too many requests are in progress.
Unauthenticated - if the caller is not authenticated.
Unauthorized - if the caller is not authorized.
Unauthorized - if you do not have all of the privileges described as follows:

• The resource HostSystem referenced by the parameter host requires Host.Tpm.Read.

Parameters:

host - Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.

tpm - the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.

key - the endorsement key identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm.EndorsementKey.

asyncCallback - Receives the status (progress, result or error) of the operation invocation.

invocationConfig - Configuration for the method invocation.

unseal

byte[] unseal(java.lang.String host,
              java.lang.String tpm,
              java.lang.String key,
              EndorsementKeysTypes.UnsealSpec spec)

Unseal a secret that is bound to an endorsement key.

Provided with duplicate key data, load the key as a child of the specified endorsement key using the TPM2_Import command and then unseal the secret data using the TPM2_Unseal command.

The duplicate key must include only inner wrapping (symmetric); outer wrapping (asymmetric) is not supported. The duplicate key cannot have a complex authorization policy (e.g. including command selection, locality, etc). Only PCR policy authorization is supported at this time.

Trusted Platform Module Library Part 1: Architecture, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 23.3 Duplication

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.7 TPM2_Unseal

. This method was added in vSphere API 8.0.0.1.

Synchronous method overload. Result of the invocation will be reported as a method return value.

Parameters:

host - Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.

tpm - the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.

key - the endorsement key identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm.EndorsementKey.

spec - the unseal spec.

Returns:

The unsealed secret.

Throws:

Error - if there is a generic error.

InvalidArgument - if the arguments are invalid.

NotFound - if the endorsement key or TPM is not found.

ServiceUnavailable - if too many requests are in progress.

Unauthenticated - if the caller is not authenticated.

Unauthorized - if the caller is not authorized.

Unauthorized - if you do not have all of the privileges described as follows:

• The resource HostSystem referenced by the parameter host requires Host.Tpm.Unseal.

unseal

byte[] unseal(java.lang.String host,
              java.lang.String tpm,
              java.lang.String key,
              EndorsementKeysTypes.UnsealSpec spec,
              InvocationConfig invocationConfig)

Unseal a secret that is bound to an endorsement key.

Provided with duplicate key data, load the key as a child of the specified endorsement key using the TPM2_Import command and then unseal the secret data using the TPM2_Unseal command.

The duplicate key must include only inner wrapping (symmetric); outer wrapping (asymmetric) is not supported. The duplicate key cannot have a complex authorization policy (e.g. including command selection, locality, etc). Only PCR policy authorization is supported at this time.

Trusted Platform Module Library Part 1: Architecture, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 23.3 Duplication

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.7 TPM2_Unseal

. This method was added in vSphere API 8.0.0.1.

Synchronous method overload. Result of the invocation will be reported as a method return value. Use invocationConfig to specify configuration for this particular invocation.

Parameters:

host - Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.

tpm - the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.

key - the endorsement key identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm.EndorsementKey.

spec - the unseal spec.

invocationConfig - Configuration for the method invocation.

Returns:

The unsealed secret.

Throws:

Error - if there is a generic error.

InvalidArgument - if the arguments are invalid.

NotFound - if the endorsement key or TPM is not found.

ServiceUnavailable - if too many requests are in progress.

Unauthenticated - if the caller is not authenticated.

Unauthorized - if the caller is not authorized.

Unauthorized - if you do not have all of the privileges described as follows:

• The resource HostSystem referenced by the parameter host requires Host.Tpm.Unseal.

unseal

void unseal(java.lang.String host,
            java.lang.String tpm,
            java.lang.String key,
            EndorsementKeysTypes.UnsealSpec spec,
            AsyncCallback<byte[]> asyncCallback)

Unseal a secret that is bound to an endorsement key.

Provided with duplicate key data, load the key as a child of the specified endorsement key using the TPM2_Import command and then unseal the secret data using the TPM2_Unseal command.

The duplicate key must include only inner wrapping (symmetric); outer wrapping (asymmetric) is not supported. The duplicate key cannot have a complex authorization policy (e.g. including command selection, locality, etc). Only PCR policy authorization is supported at this time.

Trusted Platform Module Library Part 1: Architecture, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 23.3 Duplication

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.7 TPM2_Unseal

. This method was added in vSphere API 8.0.0.1.

Asynchronous method overload. Result of the invocation will be reported via the specified asyncCallback.

Invocation Result:
The unsealed secret.

Operation Errors:
Error - if there is a generic error.
InvalidArgument - if the arguments are invalid.
NotFound - if the endorsement key or TPM is not found.
ServiceUnavailable - if too many requests are in progress.
Unauthenticated - if the caller is not authenticated.
Unauthorized - if the caller is not authorized.
Unauthorized - if you do not have all of the privileges described as follows:

• The resource HostSystem referenced by the parameter host requires Host.Tpm.Unseal.

Parameters:

host - Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.

tpm - the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.

key - the endorsement key identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm.EndorsementKey.

spec - the unseal spec.

asyncCallback - Receives the status (progress, result or error) of the operation invocation.

unseal

void unseal(java.lang.String host,
            java.lang.String tpm,
            java.lang.String key,
            EndorsementKeysTypes.UnsealSpec spec,
            AsyncCallback<byte[]> asyncCallback,
            InvocationConfig invocationConfig)

Unseal a secret that is bound to an endorsement key.

Provided with duplicate key data, load the key as a child of the specified endorsement key using the TPM2_Import command and then unseal the secret data using the TPM2_Unseal command.

The duplicate key must include only inner wrapping (symmetric); outer wrapping (asymmetric) is not supported. The duplicate key cannot have a complex authorization policy (e.g. including command selection, locality, etc). Only PCR policy authorization is supported at this time.

Trusted Platform Module Library Part 1: Architecture, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 23.3 Duplication

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.7 TPM2_Unseal

. This method was added in vSphere API 8.0.0.1.

Asynchronous method overload. Result of the invocation will be reported via the specified asyncCallback. Use invocationConfig to specify configuration for this particular invocation.

Invocation Result:
The unsealed secret.

Operation Errors:
Error - if there is a generic error.
InvalidArgument - if the arguments are invalid.
NotFound - if the endorsement key or TPM is not found.
ServiceUnavailable - if too many requests are in progress.
Unauthenticated - if the caller is not authenticated.
Unauthorized - if the caller is not authorized.
Unauthorized - if you do not have all of the privileges described as follows:

• The resource HostSystem referenced by the parameter host requires Host.Tpm.Unseal.

Parameters:

host - Identifier of the host. The parameter must be an identifier for the resource type: HostSystem.

tpm - the TPM identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.Tpm.

key - the endorsement key identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.hosts.hardware.tpm.EndorsementKey.

spec - the unseal spec.

asyncCallback - Receives the status (progress, result or error) of the operation invocation.

invocationConfig - Configuration for the method invocation.