Enrollment protocol future options: privacy CA? #143
Comments
|
Having a non-interactive enrollment protocol means not having a privacy CA, but a non-interactive enrollment protocol is very convenient in some use-cases. As an alternative we could have two enrollment options:
followed by
|
|
@geoffthorpe supposes that if the enrollment server is configured to generate a private key and certificate for the host, that we can trade it for a key generate on the host's TPM, with |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It might be nice to have an option where the enrollment protocol client can provide:
a
fixedTPM,fixedParent, long-term (i.e., nostClear) signing (i.e.,sign) key for various purposes, not necessarily limited to attestationThe purpose of enrolling a signing key would be to allow the enrollment server to certify a TPM-resident signing key for the client that it could use for various purposes.
Such a key could be used as a long-term AK, and/or for other purposes, mainly authenticating the device.
Currently Safeboot.dev can issue certificates to enrolled devices, but their private keys are generated on the enrollment server.
an alternative to the enrolled device's
EKpub-- a public key for a primary in theownerhierarchy, sayThe purpose of the alternative to the
EKpubwould be just for the purpose of allowing theendorsementhierarchy to be locked, really, for the purpose of adhering to TCG notions of privacy by having a "privacy CA" in Safeboot.dev.Both of these options would require a
TPM2_MakeCredential()/TPM2_ActivateCredential()round trip plus a confirmation round trip to create a cryptographic binding of theEKpuband the other keys, making an enrollment protocol with these options enabled an interactive protocol.The text was updated successfully, but these errors were encountered: