From 96a0d4125cad053db59aa38807c9996863c5aafb Mon Sep 17 00:00:00 2001
From: Max Shegai <maxshegai@meta.com>
Date: Tue, 28 Nov 2023 01:44:11 -0800
Subject: [PATCH] include x509 certificate in attest.EKData

Reviewed By: u1f35c

Differential Revision: D51564215

fbshipit-source-id: 869b9d53aad47ba4d668f5ed64e7f6e70f467bcf
---
 attest/attest.go | 1 +
 linux/tpm.go     | 1 +
 sks_windows.go   | 1 +
 3 files changed, 3 insertions(+)

diff --git a/attest/attest.go b/attest/attest.go
index 869fc93..e979b0a 100644
--- a/attest/attest.go
+++ b/attest/attest.go
@@ -18,6 +18,7 @@ import "io"
 
 // EKData contains metadata for a TPM 2.0 Endorsement Key
 type EKData struct {
+	Certificate                 []byte // Complete ASN.1 DER content.
 	IssuerCN                    string
 	SubjectCN                   string
 	SerialNumber                string
diff --git a/linux/tpm.go b/linux/tpm.go
index f1362f2..e4c0d56 100644
--- a/linux/tpm.go
+++ b/linux/tpm.go
@@ -91,6 +91,7 @@ func (tpm *tpmDevice) GetSecureHardwareVendorData() (*attestUtils.SecureHardware
 	for _, ek := range eks {
 		var ekData attestUtils.EKData
 		if ek.Certificate != nil {
+			ekData.Certificate = append(ekData.Certificate, ek.Certificate.Raw...)
 			ekData.IssuerCN = ek.Certificate.Issuer.CommonName
 			ekData.SubjectCN = ek.Certificate.Subject.CommonName
 			ekData.SerialNumber = ek.Certificate.SerialNumber.String()
diff --git a/sks_windows.go b/sks_windows.go
index 1a38c33..b3bdd83 100644
--- a/sks_windows.go
+++ b/sks_windows.go
@@ -212,6 +212,7 @@ func getSecureHardwareVendorData() (*attest.SecureHardwareVendorData, error) {
 	for _, ek := range eks {
 		var ekData attest.EKData
 		if ek.Certificate != nil {
+			ekData.Certificate = append(ekData.Certificate, ek.Certificate.Raw...)
 			ekData.IssuerCN = ek.Certificate.Issuer.CommonName
 			ekData.SubjectCN = ek.Certificate.Subject.CommonName
 			ekData.SerialNumber = ek.Certificate.SerialNumber.String()