include x509 certificate in attest.EKData

Reviewed By: u1f35c Differential Revision: D51564215 fbshipit-source-id: 869b9d53aad47ba4d668f5ed64e7f6e70f467bcf
facebookincubator · Nov 28, 2023 · 96a0d41 · 96a0d41
1 parent 5653447
commit 96a0d41
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 0 deletions.
diff --git a/attest/attest.go b/attest/attest.go
@@ -18,6 +18,7 @@ import "io"
 
 // EKData contains metadata for a TPM 2.0 Endorsement Key
 type EKData struct {
+	Certificate                 []byte // Complete ASN.1 DER content.
 	IssuerCN                    string
 	SubjectCN                   string
 	SerialNumber                string

diff --git a/linux/tpm.go b/linux/tpm.go
@@ -91,6 +91,7 @@ func (tpm *tpmDevice) GetSecureHardwareVendorData() (*attestUtils.SecureHardware
 	for _, ek := range eks {
 		var ekData attestUtils.EKData
 		if ek.Certificate != nil {
+			ekData.Certificate = append(ekData.Certificate, ek.Certificate.Raw...)
 			ekData.IssuerCN = ek.Certificate.Issuer.CommonName
 			ekData.SubjectCN = ek.Certificate.Subject.CommonName
 			ekData.SerialNumber = ek.Certificate.SerialNumber.String()

diff --git a/sks_windows.go b/sks_windows.go
@@ -212,6 +212,7 @@ func getSecureHardwareVendorData() (*attest.SecureHardwareVendorData, error) {
 	for _, ek := range eks {
 		var ekData attest.EKData
 		if ek.Certificate != nil {
+			ekData.Certificate = append(ekData.Certificate, ek.Certificate.Raw...)
 			ekData.IssuerCN = ek.Certificate.Issuer.CommonName
 			ekData.SubjectCN = ek.Certificate.Subject.CommonName
 			ekData.SerialNumber = ek.Certificate.SerialNumber.String()