| rfc9684v2.txt | rfc9684.txt | |||
|---|---|---|---|---|
| skipping to change at line 1134 ¶ | skipping to change at line 1134 ¶ | |||
| } | } | |||
| uses tpm12-attestation; | uses tpm12-attestation; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| rpc tpm20-challenge-response-attestation { | rpc tpm20-challenge-response-attestation { | |||
| if-feature "taa:tpm20"; | if-feature "taa:tpm20"; | |||
| description | description | |||
| "This RPC accepts the input for TSS TPM 2.0 commands of the | "This RPC accepts the input for TSS TPM 2.0 commands of the | |||
| managed device. /hardware/component/physical-index from the | managed device. Composite devices may contain several TPMs; | |||
| hardware management YANG module is used to refer to dedicated | /hardware/component/physical-index from the hardware management | |||
| TPMs in composite devices, e.g., smart NICs, is not covered."; | YANG module is used to refer to dedicated TPMs in composite | |||
| devices; however, devices without TPMs are not covered."; | ||||
| input { | input { | |||
| container tpm20-attestation-challenge { | container tpm20-attestation-challenge { | |||
| description | description | |||
| "This container includes every information element defined | "This container includes every information element defined | |||
| in the reference challenge-response interaction model for | in the reference challenge-response interaction model for | |||
| remote attestation. Corresponding values are based on | remote attestation. Corresponding values are based on | |||
| TPM 2.0 structure definitions."; | TPM 2.0 structure definitions."; | |||
| uses nonce; | uses nonce; | |||
| uses tpm20-pcr-selection; | uses tpm20-pcr-selection; | |||
| leaf-list certificate-name { | leaf-list certificate-name { | |||
| skipping to change at line 1597 ¶ | skipping to change at line 1598 ¶ | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| <CODE ENDS> | <CODE ENDS> | |||
| Figure 1 | Figure 1 | |||
| 2.1.2. ietf-tcg-algs | 2.1.2. ietf-tcg-algs | |||
| This document has encoded the TCG Algorithm definitions of | This document has encoded the TCG Algorithm definitions of Table 3 of | |||
| [TCG-Algos], revision 1.32. By including this full table as a | [TCG-Algos], revision 1.32. By including this full table as a | |||
| separate YANG file within this document, it is possible for other | separate YANG file within this document, it is possible for other | |||
| YANG modules to leverage the contents of this module. Specific | YANG modules to leverage the contents of this module. Specific | |||
| references to [TPM1.2-Structures], [TPM2.0], [RFC2104], [RFC8017], | references to [TPM1.2-Structures], [TPM2.0], [RFC2104], [RFC8017], | |||
| [RFC8032], [ISO-IEC-9797-1], [ISO-IEC-9797-2], [ISO-IEC-10116], | [RFC8032], [ISO-IEC-9797-1], [ISO-IEC-9797-2], [ISO-IEC-10116], | |||
| [ISO-IEC-10118-3], [ISO-IEC-14888-3], [ISO-IEC-15946-1], | [ISO-IEC-10118-3], [ISO-IEC-14888-3], [ISO-IEC-15946-1], | |||
| [ISO-IEC-18033-3], [IEEE-Std-1363-2000], [IEEE-Std-1363a-2004], | [ISO-IEC-18033-3], [IEEE-Std-1363-2000], [IEEE-Std-1363a-2004], | |||
| [NIST-FIPS-202], [NIST-SP800-38C], [NIST-SP800-38D], | [NIST-FIPS-202], [NIST-SP800-38C], [NIST-SP800-38D], | |||
| [NIST-SP800-38F], [NIST-SP800-56A], and [NIST-SP800-108] exist within | [NIST-SP800-38F], [NIST-SP800-56A], and [NIST-SP800-108] exist within | |||
| the YANG module. | the YANG module. | |||
| skipping to change at line 2421 ¶ | skipping to change at line 2422 ¶ | |||
| RESTCONF protocol operations and content. | RESTCONF protocol operations and content. | |||
| Of special consideration are the following nodes: | Of special consideration are the following nodes: | |||
| * In the 'tpms' container, the 'certificates' will expose | * In the 'tpms' container, the 'certificates' will expose | |||
| certificates used for attestation, potentially allowing selection | certificates used for attestation, potentially allowing selection | |||
| of a certificate that might be compromised. The 'type' could also | of a certificate that might be compromised. The 'type' could also | |||
| be misconfigured to represent a different type of key, which might | be misconfigured to represent a different type of key, which might | |||
| alter how a Verifier might evaluate the results. | alter how a Verifier might evaluate the results. | |||
| * Within the 'attester-supported-algos' container, will expose and | * Within the 'attester-supported-algos' container, each leaf-list | |||
| potentially allow changing of the encryption algorithms supported | will expose and potentially allow changing of the encryption | |||
| by a device. | algorithms supported by a device. | |||
| There are a number of data nodes defined in this YANG module that are | There are a number of data nodes defined in this YANG module that are | |||
| writable/creatable/deletable (i.e., _config true_, which is the | writable/creatable/deletable (i.e., _config true_, which is the | |||
| default). These data nodes may be considered sensitive or vulnerable | default). These data nodes may be considered sensitive or vulnerable | |||
| in some network environments. Write operations (e.g., _edit-config_) | in some network environments. Write operations (e.g., _edit-config_) | |||
| to these data nodes without proper protection can have a negative | to these data nodes without proper protection can have a negative | |||
| effect on network operations. These are the subtrees and data nodes | effect on network operations. These are the subtrees and data nodes | |||
| as well as their sensitivity/vulnerability: | as well as their sensitivity/vulnerability: | |||
| Container '/rats-support-structures/attester-supported-algos': 'tpm1 | Container '/rats-support-structures/attester-supported-algos': 'tpm1 | |||
| End of changes. 3 change blocks. | ||||
| 7 lines changed or deleted | 8 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||