WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #360 from dgarske/get_ek_certs 

Support for getting TPM EK Certificates
pull/362/head
Eric Blankenhorn 2024-07-26 18:00:38 -05:00 committed by GitHub
parent fb7e321ac0 8f1e35a342
commit 4b0e42c1f3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 1401 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -79,6 +79,7 @@ examples/boot/secret_seal
examples/boot/secret_unseal
examples/firmware/ifx_fw_extract
examples/firmware/ifx_fw_update
examples/endorsement/get_ek_certs
# Generated Cert Files
certs/ca-*.pem

11
README.md
View File

@ -34,6 +34,7 @@ Portable TPM 2.0 project designed for embedded use.
* Parameter encryption support using AES-CFB or XOR.
* Support for salted unbound authenticated sessions.
* Support for HMAC Sessions.
* Support for reading Endorsement certificates (EK Credential Profile).
Note: See [examples/README.md](examples/README.md) for details on using the examples.
@ -168,7 +169,7 @@ make install
# then for some other library such as wolfTPM:
# cd /your-wolftpm-repo
./configure --enable-swtpm --with-wolfcrypt=~/workspace/my_wolfssl_bin
./configure --enable-swtpm --with-wolfcrypt=~/workspace/my_wolfssl_bin
```
### Build options and defines
@ -823,9 +824,15 @@ Connection: close
```
### TPM Endorsement Key Certificates
The TCG EK Credential Profile defines how manufacturers provision endorsement certificates in the TCG NV index range (see TPM_20_TCG_NV_SPACE).
The `get_ek_certs` example shows how to retrieve those EK cerificates, validate them and create a primary EK handle for signing.
See `./examples/endorsement/get_ek_certs`.
## Todo
* Add support for Endorsement certificates (EK Credential Profile).
* Update to v1.59 of specification (adding CertifyX509).
* Inner wrap support for SensitiveToPrivate.
* Add support for IRQ (interrupt line)

46
examples/endorsement/README.md 100644
View File

@ -0,0 +1,46 @@
# TPM Endorsement Certificates
TPM manufactures provision Endorsement Certificates based on a TPM key. This certificate can be used for signing/endorsement.
The `get_ek_certs` example will enumerate and validate the Endorsement Key Certificates stored in the NV TCG region.
We have loaded some of the root and intermediate CA's into the trusted_certs.h file.
## Example Detail
1) Get handles in the TCG NV range using `wolfTPM2_GetHandles` with `TPM_20_TCG_NV_SPACE`.
2) Get size of the certificate by reading the public NV information using `wolfTPM2_NVReadPublic`.
3) Read the NV data (certificate DER/ASN.1) from the NV index using `wolfTPM2_NVReadAuth`.
4) Get the EK public template using the NV index by calling `wolfTPM2_GetKeyTemplate_EKIndex` or `wolfTPM2_GetKeyTemplate_EK`.
5) Create the primary endorsement key with public template and TPM_RH_ENDORSEMENT hierarchy using `wolfTPM2_CreatePrimaryKey`.
6) Parse the ASN.1/DER certificate using `wc_ParseCert` to extract issuer, serial number, etc...
7) The URI for the CA issuer certificate can be obtained in `extAuthInfoCaIssuer`.
8) Import the certificate public key and compare it against the primary EK public unique area.
9) Use the wolfSSL Certificate Manager to validate the EK certificate. Trusted certificates are loaded using `wolfSSL_CertManagerLoadCABuffer` and the EK certificate is validated using `wolfSSL_CertManagerVerifyBuffer`.
10) Optionally covert to PEM and export using `wc_DerToPem`.
## Example certificate chains
### Infineon SLB9672
Infineon certificates for TPM 2.0 can be downloaded from the following URLs (replace xxx with 3-digit CA number):
https://pki.infineon.com/OptigaRsaMfrCAxxx/OptigaRsaMfrCAxxx.crt
https://pki.infineon.com/OptigaEccMfrCAxxx/OptigaEccMfrCAxxx.crt
Examples:
- Infineon OPTIGA(TM) RSA Root CA 2
- Infineon OPTIGA(TM) TPM 2.0 RSA CA 059
- Infineon OPTIGA(TM) ECC Root CA 2
- Infineon OPTIGA(TM) TPM 2.0 ECC CA 059
### STMicro ST33KTPM
Example:
- STSAFE RSA root CA 02 (http://sw-center.st.com/STSAFE/STSAFERsaRootCA02.crt)
- STSAFE-TPM RSA intermediate CA 10 (http://sw-center.st.com/STSAFE/stsafetpmrsaint10.crt)
- STSAFE ECC root CA 02 (http://sw-center.st.com/STSAFE/STSAFEEccRootCA02.crt)
- STSAFE-TPM ECC intermediate CA 10 (http://sw-center.st.com/STSAFE/stsafetpmeccint10.crt)

35
examples/endorsement/endorsement.h 100644
View File

@ -0,0 +1,35 @@
/* endorsement.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfTPM.
*
* wolfTPM is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfTPM is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _WOLFTPM_ENDORSEMENT_H_
#define _WOLFTPM_ENDORSEMENT_H_
#ifdef __cplusplus
extern "C" {
#endif
int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[]);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* _WOLFTPM_ENDORSEMENT_H_ */

418
examples/endorsement/get_ek_certs.c 100644
View File

@ -0,0 +1,418 @@
/* get_ek_certs.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfTPM.
*
* wolfTPM is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfTPM is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* This example shows how to decrypt a credential for Remote Attestation
* and extract the secret for challenge response to an attestation server
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolftpm/tpm2_wrap.h>
#include <stdio.h>
#ifndef WOLFTPM2_NO_WRAPPER
#include <examples/endorsement/endorsement.h>
#include <hal/tpm_io.h>
#ifndef WOLFTPM2_NO_WOLFCRYPT
#include <wolfssl/wolfcrypt/asn.h>
#include "trusted_certs.h"
#endif
/******************************************************************************/
/* --- BEGIN TPM2.0 Endorsement certificate tool -- */
/******************************************************************************/
#ifndef MAX_CERT_SZ
#define MAX_CERT_SZ 2048
#endif
static void usage(void)
{
printf("Expected usage:\n");
printf("./examples/endorsement/get_ek_certs\n");
}
static void dump_hex_bytes(const byte* buf, word32 sz)
{
word32 i;
/* Print as : separated hex bytes - max 15 bytes per line */
printf("\t");
for (i=0; i<sz; i++) {
printf("%02x", buf[i]);
if (i+1 < sz) {
printf(":");
if (i>0 && ((i+1)%16)==0) printf("\n\t");
}
}
printf("\n");
}
/* Display EK public information */
static void show_ek_public(const TPM2B_PUBLIC* pub)
{
printf("EK %s, Hash: %s, objAttr: 0x%X\n",
TPM2_GetAlgName(pub->publicArea.type),
TPM2_GetAlgName(pub->publicArea.nameAlg),
(unsigned int)pub->publicArea.objectAttributes);
/* parameters and unique field depend on algType */
if (pub->publicArea.type == TPM_ALG_RSA) {
printf("\tKeyBits: %d, exponent: 0x%X, unique size %d\n",
pub->publicArea.parameters.rsaDetail.keyBits,
(unsigned int)pub->publicArea.parameters.rsaDetail.exponent,
pub->publicArea.unique.rsa.size);
dump_hex_bytes(pub->publicArea.unique.rsa.buffer,
pub->publicArea.unique.rsa.size);
}
else if (pub->publicArea.type == TPM_ALG_ECC) {
const char* curveName = "NULL";
#ifndef WOLFTPM2_NO_WOLFCRYPT
curveName = wc_ecc_get_name(
TPM2_GetWolfCurve(pub->publicArea.parameters.eccDetail.curveID));
#endif
printf("\tCurveID %s (0x%x), size %d, unique X/Y size %d/%d\n",
curveName, pub->publicArea.parameters.eccDetail.curveID,
TPM2_GetCurveSize(pub->publicArea.parameters.eccDetail.curveID),
pub->publicArea.unique.ecc.x.size,
pub->publicArea.unique.ecc.y.size);
dump_hex_bytes(pub->publicArea.unique.ecc.x.buffer,
pub->publicArea.unique.ecc.x.size);
dump_hex_bytes(pub->publicArea.unique.ecc.y.buffer,
pub->publicArea.unique.ecc.y.size);
}
}
#ifndef WOLFTPM2_NO_WOLFCRYPT
static int compare_ek_public(const TPM2B_PUBLIC* ekpub,
const TPM2B_PUBLIC* certpub)
{
int rc = -1;
if (ekpub->publicArea.type == TPM_ALG_RSA) {
if (ekpub->publicArea.unique.rsa.size ==
certpub->publicArea.unique.rsa.size) {
rc = XMEMCMP(ekpub->publicArea.unique.rsa.buffer,
certpub->publicArea.unique.rsa.buffer,
ekpub->publicArea.unique.rsa.size);
}
}
else if (ekpub->publicArea.type == TPM_ALG_ECC) {
if (ekpub->publicArea.parameters.eccDetail.curveID ==
certpub->publicArea.parameters.eccDetail.curveID &&
ekpub->publicArea.unique.ecc.x.size ==
certpub->publicArea.unique.ecc.x.size &&
ekpub->publicArea.unique.ecc.y.size ==
certpub->publicArea.unique.ecc.y.size) {
rc = XMEMCMP(ekpub->publicArea.unique.ecc.x.buffer,
certpub->publicArea.unique.ecc.x.buffer,
ekpub->publicArea.unique.ecc.x.size);
if (rc == 0) {
rc = XMEMCMP(ekpub->publicArea.unique.ecc.y.buffer,
certpub->publicArea.unique.ecc.y.buffer,
ekpub->publicArea.unique.ecc.y.size);
}
}
}
return rc;
}
#endif
int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
{
int rc = -1, nvIdx;
WOLFTPM2_DEV dev;
TPML_HANDLE handles;
TPMS_NV_PUBLIC nvPublic;
WOLFTPM2_NV nv;
WOLFTPM2_KEY endorse;
WOLFTPM2_KEY certPubKey;
uint8_t certBuf[MAX_CERT_SZ];
uint32_t certSz;
TPMT_PUBLIC publicTemplate;
word32 nvIndex;
#ifndef WOLFTPM2_NO_WOLFCRYPT
int i;
#ifndef WOLFCRYPT_ONLY
WOLFSSL_CERT_MANAGER* cm = NULL;
#endif
DecodedCert cert;
#ifdef WOLFSSL_DER_TO_PEM
char* pem = NULL;
word32 pemSz = 0;
#endif
#endif
XMEMSET(&endorse, 0, sizeof(endorse));
XMEMSET(&handles, 0, sizeof(handles));
XMEMSET(&nvPublic, 0, sizeof(nvPublic));
XMEMSET(&certPubKey, 0, sizeof(certPubKey));
if (argc >= 2) {
if (XSTRCMP(argv[1], "-?") == 0 ||
XSTRCMP(argv[1], "-h") == 0 ||
XSTRCMP(argv[1], "--help") == 0) {
usage();
return 0;
}
}
printf("Get Endorsement Certificate(s)\n");
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
if (rc != TPM_RC_SUCCESS) {
printf("wolfTPM2_Init failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
/* List TCG stored handles */
rc = wolfTPM2_GetHandles(TPM_20_TCG_NV_SPACE, &handles);
if (rc < 0) {
goto exit;
}
rc = 0;
printf("Found %d TCG handles\n", handles.count);
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(WOLFCRYPT_ONLY)
/* load trusted certificates to cert manager */
certSz = 0;
cm = wolfSSL_CertManagerNew();
if (cm != NULL) {
for (i=0; i<(int)(sizeof(trusted_certs)/sizeof(const char*)); i++) {
const char* pemCert = trusted_certs[i];
rc = wolfSSL_CertManagerLoadCABuffer(cm,
(const unsigned char*)pemCert, XSTRLEN(pemCert),
WOLFSSL_FILETYPE_PEM);
if (rc == WOLFSSL_SUCCESS) {
certSz++;
rc = 0;
}
else {
printf("Warning: Failed to load trusted PEM at index %d\n", i);
/* not fatal, continue loading trusted certs */
}
}
printf("Loaded %d trusted certificates\n", certSz);
}
else {
printf("Warning: Failed to setup a trusted certificate manager\n");
}
#endif
for (nvIdx=0; nvIdx<(int)handles.count; nvIdx++) {
nvIndex = handles.handle[nvIdx];
XMEMSET(&nv, 0, sizeof(nv)); /* Must reset the NV for each read */
XMEMSET(certBuf, 0, sizeof(certBuf));
printf("TCG Handle 0x%x\n", nvIndex);
/* Get Endorsement Public Key template using NV index */
rc = wolfTPM2_GetKeyTemplate_EKIndex(nvIndex, &publicTemplate);
if (rc != 0) {
printf("EK Index 0x%08x not valid\n", nvIndex);
continue;
}
/* Read Public portion of NV to get actual size */
rc = wolfTPM2_NVReadPublic(&dev, nvIndex, &nvPublic);
if (rc != 0) {
printf("Failed to read public for NV Index 0x%08x\n", nvIndex);
}
/* Read data */
if (rc == 0) {
certSz = (uint32_t)sizeof(certBuf);
if (certSz > nvPublic.dataSize) {
certSz = nvPublic.dataSize;
}
rc = wolfTPM2_NVReadAuth(&dev, &nv, nvIndex, certBuf, &certSz, 0);
if (rc == 0) {
#ifdef DEBUG_WOLFTPM
printf("EK Data: %d\n", certSz);
TPM2_PrintBin(certBuf, certSz);
#endif
}
}
/* Create Endorsement Key */
if (rc == 0) {
/* Create Endorsement Key using EK auth policy */
printf("Creating Endorsement Key\n");
rc = wolfTPM2_CreatePrimaryKey(&dev, &endorse, TPM_RH_ENDORSEMENT,
&publicTemplate, NULL, 0);
if (rc != 0) goto exit;
printf("Endorsement key loaded at handle 0x%08x\n",
endorse.handle.hndl);
/* Display EK public information */
show_ek_public(&endorse.pub);
}
#ifndef WOLFTPM2_NO_WOLFCRYPT
if (rc == 0) {
/* Attempt to parse certificate */
printf("Parsing certificate (%d bytes)\n", certSz);
wc_InitDecodedCert(&cert, certBuf, certSz, NULL);
rc = wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
if (rc == 0) {
printf("\tSuccessfully parsed\n");
#if defined(WOLFSSL_ASN_CA_ISSUER) || \
defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
/* print the "Authority Information Access" for accessing
* CA Issuers */
if (cert.extAuthInfoCaIssuerSz > 0) {
printf("CA Issuers: %.*s\n",
cert.extAuthInfoCaIssuerSz, cert.extAuthInfoCaIssuer);
}
#endif
if (cert.serialSz > 0) {
if (cert.serialSz == 4) {
/* serial number is 32-bits */
word32 serial;
XMEMCPY(&serial, cert.serial, cert.serialSz);
#ifndef BIG_ENDIAN_ORDER
serial = ByteReverseWord32(serial);
#endif
printf("Serial Number: %08u (0x%08x)\n",
serial, serial);
}
else {
/* Print serial as : separated hex bytes */
printf("Serial Number (%d bytes)\n", cert.serialSz);
dump_hex_bytes(cert.serial, cert.serialSz);
}
}
/* Import certificate public key */
rc = wolfTPM2_ImportPublicKeyBuffer(&dev,
endorse.pub.publicArea.type, &certPubKey,
ENCODING_TYPE_ASN1,
(const char*)cert.publicKey, cert.pubKeySize,
endorse.pub.publicArea.objectAttributes
);
if (rc == 0) {
/* compare public unique areas */
if (compare_ek_public(&endorse.pub, &certPubKey.pub) == 0) {
printf("Cert public key and EK public match\n");
}
else {
printf("Error: Cert public key != EK public!\n");
show_ek_public(&certPubKey.pub);
}
}
else {
printf("Error importing certificates public key! %s (%d)\n",
TPM2_GetRCString(rc), rc);
rc = 0; /* ignore error */
}
}
else {
printf("Error parsing certificate! %s (%d)\n",
TPM2_GetRCString(rc), rc);
}
wc_FreeDecodedCert(&cert);
#ifndef WOLFCRYPT_ONLY
if (rc == 0) {
/* Validate EK certificate against trusted certificates */
rc = wolfSSL_CertManagerVerifyBuffer(cm, certBuf, certSz,
WOLFSSL_FILETYPE_ASN1);
printf("EK Certificate is %s\n",
(rc == WOLFSSL_SUCCESS) ? "VALID" : "INVALID");
}
#endif
#ifdef WOLFSSL_DER_TO_PEM
/* Convert certificate to PEM and display */
rc = wc_DerToPem(certBuf, certSz, NULL, 0, CERT_TYPE);
if (rc > 0) { /* returns actual PEM size */
pemSz = (word32)rc;
rc = 0;
pemSz++; /* for '\0'*/
pem = (char*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
rc = MEMORY_E;
}
}
if (rc == 0) {
XMEMSET(pem, 0, pemSz);
rc = wc_DerToPem(certBuf, certSz, (byte*)pem, pemSz, CERT_TYPE);
if (rc > 0) { /* returns actual PEM size */
pemSz = (word32)rc;
rc = 0;
}
}
if (rc == 0) {
printf("Endorsement Cert PEM\n");
puts(pem);
}
#endif /* WOLFSSL_DER_TO_PEM */
}
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
wolfTPM2_UnloadHandle(&dev, &endorse.handle);
XMEMSET(&endorse, 0, sizeof(endorse));
}
exit:
#ifndef WOLFTPM2_NO_WOLFCRYPT
#ifdef WOLFSSL_DER_TO_PEM
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFCRYPT_ONLY
wolfSSL_CertManagerFree(cm);
#endif
#endif
wolfTPM2_UnloadHandle(&dev, &endorse.handle);
wolfTPM2_Cleanup(&dev);
return rc;
}
/******************************************************************************/
/* --- END TPM2.0 Endorsement certificate tool -- */
/******************************************************************************/
#endif /* !WOLFTPM2_NO_WRAPPER */
#ifndef NO_MAIN_DRIVER
int main(int argc, char *argv[])
{
int rc = -1;
#ifndef WOLFTPM2_NO_WRAPPER
rc = TPM2_EndorsementCert_Example(NULL, argc, argv);
#else
printf("Wrapper code not compiled in\n");
(void)argc;
(void)argv;
#endif /* !WOLFTPM2_NO_WRAPPER */
return rc;
}
#endif

20
examples/endorsement/include.am 100644
View File

@ -0,0 +1,20 @@
# vim:ft=automake
# All paths should be given relative to the root
if BUILD_EXAMPLES
noinst_HEADERS += \
examples/endorsement/endorsement.h \
examples/endorsement/trusted_certs.h
noinst_PROGRAMS += examples/endorsement/get_ek_certs
examples_endorsement_get_ek_certs_SOURCES = examples/endorsement/get_ek_certs.c
examples_endorsement_get_ek_certs_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
examples_endorsement_get_ek_certs_DEPENDENCIES = src/libwolftpm.la
endif
EXTRA_DIST+=examples/endorsement/README.md
example_endorsementdir = $(exampledir)/endorsement
dist_example_endorsement_DATA = \
examples/endorsement/get_ek_certs.c
DISTCLEANFILES+= examples/endorsement/.libs/get_ek_certs

581
examples/endorsement/trusted_certs.h 100644
View File

@ -0,0 +1,581 @@
#ifndef WOLFTPM_TRUSTED_CERTS_H
#define WOLFTPM_TRUSTED_CERTS_H
/* These are root and intermediate certificates used by chip vendors for
* their endorsement certificates.
*/
/* webauthn has a good source of TPM root certs:
* https://hackage.haskell.org/package/webauthn-0.10.0.0/src/root-certs/tpm/
*/
/* tpm2-tss fapi header has a well maintained list of TPM root certificates:
* https://github.com/tpm2-software/tpm2-tss/blob/master/src/tss2-fapi/fapi_certificates.h
*/
static const char* trusted_certs[] = {
/* ---------------------------------------------------------------*/
/* Infineon Technologies AG */
/* ---------------------------------------------------------------*/
/* Subject: CN=Infineon OPTIGA(TM) ECC Root CA 2
* Algorithms: ECDSA SECP521R1, SHA2-512
* Validity: Nov 22 23:59:59 2054 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIICrTCCAg6gAwIBAgIBWjAKBggqhkjOPQQDBDB5MQswCQYDVQQGEwJERTEhMB8G\n"
"A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo\n"
"VE0pIERldmljZXMxKjAoBgNVBAMMIUluZmluZW9uIE9QVElHQShUTSkgRUNDIFJv\n"
"b3QgQ0EgMjAgFw0xOTExMjIwMDAwMDBaGA8yMDU0MTEyMjIzNTk1OVoweTELMAkG\n"
"A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEbMBkG\n"
"A1UECwwST1BUSUdBKFRNKSBEZXZpY2VzMSowKAYDVQQDDCFJbmZpbmVvbiBPUFRJ\n"
"R0EoVE0pIEVDQyBSb290IENBIDIwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABABD\n"
"6MnFaakBVM/vveSWg55BTIdxWdxAzGf2+fEUo5b9hMF6kVSWaR0wAAm2p9qeXNAV\n"
"j7tfQkhz1CxvNz4TauSBQQGf94WLcIKyh7d6zC6/AIloqPizTIGb5xl4ogqyz6ZC\n"
"T/D5FiOPA98TYzoThdqM8cpcI74e2xOyNgAffsm/BRiuFKNCMEAwHQYDVR0OBBYE\n"
"FIK4PcxxuD5+9pzWHchNUjJwbMedMA4GA1UdDwEB/wQEAwIABjAPBgNVHRMBAf8E\n"
"BTADAQH/MAoGCCqGSM49BAMEA4GMADCBiAJCAOXJYwRt86BtRKSuiN5LNATNX6Nc\n"
"hs4DUiggpQhbgggV3Lf+T39l71KvCIPb8n5ZjSi5AKflmPGzumCjqDAPsgmsAkIA\n"
"vpqNqptg4Sf3hrdAsLAqNPZGnx8gRBnsTvvQzNUOZETuBp+nbmSrKMWZpd5G7HkM\n"
"9uXFb5ctX1cZQUbYFA2qG5g=\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) TPM 2.0 ECC CA 059
* Issuer: CN=Infineon OPTIGA(TM) ECC Root CA 2
* Algorithms: ECDSA SECP521R1, SHA2-512
* Validity: Mar 10 10:30:49 2042 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIDpzCCAwigAwIBAgIEM8fygzAKBggqhkjOPQQDBDB5MQswCQYDVQQGEwJERTEh\n"
"MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ\n"
"R0EoVE0pIERldmljZXMxKjAoBgNVBAMMIUluZmluZW9uIE9QVElHQShUTSkgRUND\n"
"IFJvb3QgQ0EgMjAeFw0yMjAzMTAxMDMwNDlaFw00MjAzMTAxMDMwNDlaMHYxCzAJ\n"
"BgNVBAYTAkRFMSEwHwYDVQQKDBhJbmZpbmVvbiBUZWNobm9sb2dpZXMgQUcxEzAR\n"
"BgNVBAsMCk9QVElHQShUTSkxLzAtBgNVBAMMJkluZmluZW9uIE9QVElHQShUTSkg\n"
"VFBNIDIuMCBFQ0MgQ0EgMDU5MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAdFmJ\n"
"CLLqN+9xRN+gDqG1qYoDj6+B4OCy5rXG2+cTp6OPraIEIs7ZCtsdxv0hGM45SJI5\n"
"4nl6WUqdILKdqhA1cTMABVhN6Nm6oVwXwjStVRslqSjeY4IOy5Rwg109IENZZ4mL\n"
"F5BFJPUHIQ65m7vWF091CcmK9yOjhZ19aawMUQDpCiCjggE8MIIBODBZBggrBgEF\n"
"BQcBAQRNMEswSQYIKwYBBQUHMAKGPWh0dHA6Ly9wa2kuaW5maW5lb24uY29tL09w\n"
"dGlnYUVjY1Jvb3RDQTIvT3B0aWdhRWNjUm9vdENBMi5jcnQwHQYDVR0OBBYEFMfY\n"
"6hrNmsmcNQkPCrXM5ISJzxUdMA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAG\n"
"AQH/AgEAME4GA1UdHwRHMEUwQ6BBoD+GPWh0dHA6Ly9wa2kuaW5maW5lb24uY29t\n"
"L09wdGlnYUVjY1Jvb3RDQTIvT3B0aWdhRWNjUm9vdENBMi5jcmwwFQYDVR0gBA4w\n"
"DDAKBggqghQARAEUATAfBgNVHSMEGDAWgBSCuD3Mcbg+fvac1h3ITVIycGzHnTAQ\n"
"BgNVHSUECTAHBgVngQUIATAKBggqhkjOPQQDBAOBjAAwgYgCQgCxOZetx3JsIj/x\n"
"tmQiqH24lCydvK+YD+HFXfPqSTkqyAl1k6oq7oHOVDfDwiFO34l5ZCpk+Om7y4hE\n"
"CN813X4+YQJCAOMAUk7PWKDHg7avff7v8T3U0jBhrj/zcna2d1Wt5YG814+Jpk9j\n"
"OyD3mUxh8uFPhavNYLdFtrwguXqTVyZcZB+D\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) ECC Root CA
* Algorithms: ECDSA SECP384R1, SHA2-384
* Validity: Jul 25 23:59:59 2043 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIICWzCCAeKgAwIBAgIBBDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEhMB8G\n"
"A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo\n"
"VE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUNDIFJv\n"
"b3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYDVQQG\n"
"EwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQL\n"
"DBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShU\n"
"TSkgRUNDIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQm1HxLVgvAu1q2\n"
"GM+ymTz12zdTEu0JBVG9CdsVEJv/pE7pSWOlsG3YwU792YAvjSy7zL+WtDK40KGe\n"
"Om8bSWt46QJ00MQUkYxz6YqXbb14BBr06hWD6u6IMBupNkPd9pKjQjBAMB0GA1Ud\n"
"DgQWBBS0GIXISkrFEnryQDnexPWLHn5K0TAOBgNVHQ8BAf8EBAMCAAYwDwYDVR0T\n"
"AQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjA6QZcV8DjjbPuKjKDZQmTRywZk\n"
"MAn8wE6kuW3EouVvBt+/2O+szxMe4vxj8R6TDCYCMG7c9ov86ll/jDlJb/q0L4G+\n"
"+O3Bdel9P5+cOgzIGANkOPEzBQM3VfJegfnriT/kaA==\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) ECC Manufacturing CA 004
* Issuer: CN=Infineon OPTIGA(TM) ECC Root CA
* Algorithms: ECDSA SECP256R1, SHA2-256
* Validity: Nov 24 15:50:15 2034 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIDRzCCAs2gAwIBAgIEfqIJfTAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh\n"
"MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ\n"
"R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND\n"
"IFJvb3QgQ0EwHhcNMTQxMTI0MTU1MDE1WhcNMzQxMTI0MTU1MDE1WjCBgzELMAkG\n"
"A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG\n"
"A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH\n"
"QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDA0MFkwEwYHKoZIzj0CAQYIKoZI\n"
"zj0DAQcDQgAEU4vVtCu+sc2VldUl0QToWhbfRiAhumb2S3Seqm1P56agXPJsXw2h\n"
"ssA8ic0Jw7h1bGpM6+EzNBesTpGksBYuLqOCATgwggE0MFcGCCsGAQUFBwEBBEsw\n"
"STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj\n"
"Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFL1sacB1nqqV3W0V\n"
"bqZBcMS5s2x4MA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG\n"
"A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj\n"
"Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB\n"
"FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF\n"
"Z4EFCAEwCgYIKoZIzj0EAwMDaAAwZQIwTJ3astNZ2hyRMPG3RO1BeKieoANrv0jr\n"
"n5GONNPGZ11mVZYgFVSiheBZ9xqOFMvZAjEA9Qk+Dwmei1FuY/ztnGeRLw7bJ7lo\n"
"u+rdhyvlzIO6aI8x5wgJsbcX6ST5QEncz99t\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) TPM 2.0 ECC CA 042
* Issuer: CN=Infineon OPTIGA(TM) ECC Root CA
* Algorithms: ECDSA SECP256R1, SHA2-384
* Validity: Feb 8 15:39:27 2043 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIDOjCCAr+gAwIBAgIEGVn1IzAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh\n"
"MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ\n"
"R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND\n"
"IFJvb3QgQ0EwHhcNMjMwMjA4MTUzOTI3WhcNNDMwMjA4MTUzOTI3WjB2MQswCQYD\n"
"VQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRMwEQYD\n"
"VQQLDApPUFRJR0EoVE0pMS8wLQYDVQQDDCZJbmZpbmVvbiBPUFRJR0EoVE0pIFRQ\n"
"TSAyLjAgRUNDIENBIDA0MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHy6yq3F\n"
"3TCvBXY63AGJzHxRf45Gipj7C+W9mnAyz3LAEMTIVBtS4XcvHR6oQBt7RRvrpwLe\n"
"TJjg1Ngg0F4zHPGjggE4MIIBNDBXBggrBgEFBQcBAQRLMEkwRwYIKwYBBQUHMAKG\n"
"O2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVjY1Jvb3RDQS9PcHRpZ2FF\n"
"Y2NSb290Q0EuY3J0MB0GA1UdDgQWBBSxHzPMpgZWuiWcLpBaO1Q/UkSXkTAOBgNV\n"
"HQ8BAf8EBAMCAAYwEgYDVR0TAQH/BAgwBgEB/wIBADBMBgNVHR8ERTBDMEGgP6A9\n"
"hjtodHRwOi8vcGtpLmluZmluZW9uLmNvbS9PcHRpZ2FFY2NSb290Q0EvT3B0aWdh\n"
"RWNjUm9vdENBLmNybDAVBgNVHSAEDjAMMAoGCCqCFABEARQBMB8GA1UdIwQYMBaA\n"
"FLQYhchKSsUSevJAOd7E9YsefkrRMBAGA1UdJQQJMAcGBWeBBQgBMAoGCCqGSM49\n"
"BAMDA2kAMGYCMQCyjrqHq1qqHCQQ14dvBtqUT90XuvfSOwE6Hda3GlIa9FdYC4Ue\n"
"AVJ/CuRKHi/VQSkCMQDc+HAcnipcopZBsa/jPV6Y6YdgnVCcDY0tdwtaeQgGNBRz\n"
"GRt1rxF2x8QNOKB9f28=\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) RSA Root CA 2
* Algorithms: RSA 4096-bit, SHA2-256
* Validity: Nov 22 23:59:59 2054 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIFsTCCA5mgAwIBAgIBWTANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJERTEh\n"
"MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ\n"
"R0EoVE0pIERldmljZXMxKjAoBgNVBAMMIUluZmluZW9uIE9QVElHQShUTSkgUlNB\n"
"IFJvb3QgQ0EgMjAgFw0xOTExMjIwMDAwMDBaGA8yMDU0MTEyMjIzNTk1OVoweTEL\n"
"MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEb\n"
"MBkGA1UECwwST1BUSUdBKFRNKSBEZXZpY2VzMSowKAYDVQQDDCFJbmZpbmVvbiBP\n"
"UFRJR0EoVE0pIFJTQSBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\n"
"ggIKAoICAQClvyAQlJNoJwAXwO5AojnaZO3rYqEbnox1r4jVvsjVnbDYSm9qYMIh\n"
"X0lEweLh3GmC/B0VgN0eoVTdfUZ/H9laK+PETmzQnKya8Gsq/XSCq8nWKslTgdoY\n"
"w44ddSBrTKoLWLPb8VW0FU0YIZaQEdXtWCQ2UqP+3Y6HbR8+RPO5DW64VsaGbeDx\n"
"VZgskZauH0oZ4eU7pCa9z6WwhExHMqgTOMHNuCgAWD/OkxqBsS74/2L4nv6zJD9+\n"
"yPLF3PjbVolC5WzR8M3ZUhN2iGp9V80/SEmj8SGS/z5l0cIwqua9DLhj/VCTo2Tl\n"
"qJ1hjQVaKYRnPaLPnxOmjbwPkCBO/Tj4jHVLfjk1XArSR3tjZK2CvRERweLC/XdK\n"
"doJuPPASeR8qmbhaj39wHBT5CTpJ8Hlh3uL1nMpeRJHJ0qM+7enirx/7WPuoI6FZ\n"
"N9xEWh7k6kma8wjjettN8r8qHBJjQN6IeJ8p2dETfRK+Wva718S2TKf3RyrD2aX3\n"
"RUGjFPxZcwDAX+YlqW7p03/77nf1SYnvyX7EyTZ99fRUjghVnM2tnTC4Soi6Sv1Z\n"
"oXxWFSOMUeRb3YN+OlWvqnVIJ1UNiTe5l1qCnEE+P+lj87sSjwSP63ME4xaNFmlT\n"
"v50t3+Gxpj92h8/owOpUBTD1uwLiZNDXhBE3qTtqO5T655ulTBsiZQIDAQABo0Iw\n"
"QDAdBgNVHQ4EFgQU+0/LDx9uXdViIvTFSiU55L1NaigwDgYDVR0PAQH/BAQDAgAG\n"
"MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFUkfuMp8AubFwcY\n"
"id4j4W5d3vTkSHxLWQ+ILgw8t3goF/Zp1ikDJMPVynEaVEIet5qjT5jZe56j0HkI\n"
"gyrOtjUxXXXvjSYEiUsoghp4ECM6EMj3nUmSqFkP8A9eGLtfpjTDFml0kPsBrK3e\n"
"o0+moWLvRsFRL9wVKKu2OTdA3aUG8hfNocvu/H7yqsLNg1DAwmhBajQl3PtICjPB\n"
"xUmhE1mxq998CVvdId7PqkTrBmUK8mNTNnLsDqFP2API//XxPWI9/LCib4StwM1w\n"
"v0ECNelb/bAw3FDx6HcJqkA8mRqfjg+cngOCPQXa3MWXbod5RM6DzQhwgAaofSlv\n"
"PzZGZvOu84FILJkSxj9ZpPVDy3bgTS2AE9Iy0C6y/1GyeHhDYFYdxg40osoCOBxu\n"
"1WwsEPr0FkYYXX2YSRa3MmrkkWzXrgx1JKzJB6p/mQ14j1R3eMiYWKx5DjtkAmM9\n"
"9qsnIU42jIpbwvQF1YC41GYclP2pX45LmDGTWgBDSBBtjEPnn2gwYH6uaSR3zndx\n"
"nqu/imr4HSyvrsIGNak5RLEed8e02nbjTAehOLAZGdj+TMnvbQBS0AiZZO3qWx9T\n"
"/ABQ8gFSGgorfvS5Lg7ANIiBSsCsVIa28I2eiYrJZatuFAo1Xg4z3n2kvL7S1wZy\n"
"8MZsUVujMk+IInhi81MQZFUR2QbA\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) TPM 2.0 RSA CA 059
* Issuer: CN=Infineon OPTIGA(TM) RSA Root CA 2
* Algorithms: RSA 4096-bit, SHA2-384
* Validity: Mar 10 10:36:34 2042 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIGqzCCBJOgAwIBAgIEavSCmDANBgkqhkiG9w0BAQwFADB5MQswCQYDVQQGEwJE\n"
"RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP\n"
"UFRJR0EoVE0pIERldmljZXMxKjAoBgNVBAMMIUluZmluZW9uIE9QVElHQShUTSkg\n"
"UlNBIFJvb3QgQ0EgMjAeFw0yMjAzMTAxMDM2MzRaFw00MjAzMTAxMDM2MzRaMHYx\n"
"CzAJBgNVBAYTAkRFMSEwHwYDVQQKDBhJbmZpbmVvbiBUZWNobm9sb2dpZXMgQUcx\n"
"EzARBgNVBAsMCk9QVElHQShUTSkxLzAtBgNVBAMMJkluZmluZW9uIE9QVElHQShU\n"
"TSkgVFBNIDIuMCBSU0EgQ0EgMDU5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC\n"
"CgKCAgEA5Eq4pO/DJwsbPLocqJJGHoA6ZcoSKV0Te2nCdTRGVhH+Ba0nhlwI2k/K\n"
"6lxoZ6DTJ7sQajy8nHq+7lxg/C35pN1/20Wh3aCd4AKdiRZRE7odg9exNT0TMAos\n"
"aHAHU6jJcTIfnREXev63SDJgdkg3bY4sHdjTirUj+BI315eZi871Gh1dFh+W9WFT\n"
"JPbuvvWWRe4fNtvEnpLQLSTbR9c2LE+Udo6Cax1aUP4CqqQS+iUnoU1XJ2wMDk2O\n"
"R2SUtLDfEUhRzqsqw5pEu2lS8lnmxZwKz2n32PKKoqEAWmRQ9mq8mmybB5mf+KOk\n"
"BKU2DhpKltMewsONL72gQ800W17B2szEBYkk7weckMfWiSaDT8HNQthY7BZ7qyzu\n"
"7pM/nPIsElvEN+oY4QGPcH1IFQXZpUq27lNalsiFKN+PFTkDmWpTCLWwtqRgXqSw\n"
"eMzE/C9ifQvlyPYH5ZmpMKl6fZfBl5jLWkW7VTJXNAf0cHU6d9jw02zZwj3esd5K\n"
"Sj7fYSt6kxEv/QQ+91O6ceMd1rQ7Wo1ufi6Y8bMmhDDUQCbhtUveMs/zNhtZ9Dy7\n"
"2AxE1INaHj9Xwj/nvSAS0oE/6CUbpiloxYuTdY4k+CUA+Ob5/GX6h3IPZyHwlP1x\n"
"vjoald5nSq9ffdn+X4yWtyINaR0D6X+elGxHjsMLRnUMhin9lx8CAwEAAaOCATww\n"
"ggE4MFkGCCsGAQUFBwEBBE0wSzBJBggrBgEFBQcwAoY9aHR0cDovL3BraS5pbmZp\n"
"bmVvbi5jb20vT3B0aWdhUnNhUm9vdENBMi9PcHRpZ2FSc2FSb290Q0EyLmNydDAd\n"
"BgNVHQ4EFgQU7lMg7m2CeMnsa+6Wu4I6TyUdwxMwDgYDVR0PAQH/BAQDAgAGMBIG\n"
"A1UdEwEB/wQIMAYBAf8CAQAwTgYDVR0fBEcwRTBDoEGgP4Y9aHR0cDovL3BraS5p\n"
"bmZpbmVvbi5jb20vT3B0aWdhUnNhUm9vdENBMi9PcHRpZ2FSc2FSb290Q0EyLmNy\n"
"bDAVBgNVHSAEDjAMMAoGCCqCFABEARQBMB8GA1UdIwQYMBaAFPtPyw8fbl3VYiL0\n"
"xUolOeS9TWooMBAGA1UdJQQJMAcGBWeBBQgBMA0GCSqGSIb3DQEBDAUAA4ICAQB9\n"
"+nOzisSHWLtHLpTviVdtUIuW9WxrHqcE1+OD9kMnGW0R6DWacPNWb+rjQ9V0aZgd\n"
"SRxlRqsQtPXgYjO10iPQmhKIhL7bWmYcm5If3NOiaFXSS9Xb7cNoPk+FJNWoY85F\n"
"CKQWld0+RooebSDe1tLjE+kUuGMMvtoLumBiEBVcu+F2wuibO+Mo8Xr7VPl7o3J1\n"
"asV2ZFtmrqHykfEWaJhswjw/FSQec2bFNafWW2dS3za658eoFEjmE59mIDCqx4p3\n"
"4Qmm195P+zFqYTXJMifkoizIi2lJGtdoLZB4c6AzHeT+UOVjr027fdSqUxAyQeUI\n"
"uZfApcfWR21jxrpOxfkmy8GmtolrmRBZVbEKED1tsk3PxxCx1EeVrO46DaamkGFj\n"
"TQYOjvdmCD+KcmCvG39Ftj4dy7kaObrdAVkQwFa/aCTH90vHGOlZUl/WuMg2PQlq\n"
"kqkcAnBUPGbJIr9RJWZCxv4w0Mu5RnHWcs39HF4WSubLiuImbQRgLQuDuSJCMxZn\n"
"DGYublH8ff8/abMvxI51XxpmaPLe9ZFP6LSdD1poeTT4j46yAH2GacsaysOzXuPB\n"
"dgXXMFHAomRi10j/mp3Fv1nz73zVVy0e+4aj6Wh4+omKvXgwH8YgQVbMrPQfhbQg\n"
"Q6kr1MlRyGqkQFTEeOHGI0PngcLQJzKYfjHDDEZ+GA==\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) RSA Root CA
* Algorithms: RSA 4096-bit, SHA2-256
* Validity: Jul 25 23:59:59 2043 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIFqzCCA5OgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJERTEh\n"
"MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ\n"
"R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgUlNB\n"
"IFJvb3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYD\n"
"VQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYD\n"
"VQQLDBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElH\n"
"QShUTSkgUlNBIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\n"
"AQC7E+gc0B5T7awzux66zMMZMTtCkPqGv6a3NVx73ICg2DSwnipFwBiUl9soEodn\n"
"25SVVN7pqmvKA2gMTR5QexuYS9PPerfRZrBY00xyFx84V+mIRPg4YqUMLtZBcAwr\n"
"R3GO6cffHp20SBH5ITpuqKciwb0v5ueLdtZHYRPq1+jgy58IFY/vACyF/ccWZxUS\n"
"JRNSe4ruwBgI7NMWicxiiWQmz1fE3e0mUGQ1tu4M6MpZPxTZxWzN0mMz9noj1oIT\n"
"ZUnq/drN54LHzX45l+2b14f5FkvtcXxJ7OCkI7lmWIt8s5fE4HhixEgsR2RX5hzl\n"
"8XiHiS7uD3pQhBYSBN5IBbVWREex1IUat5eAOb9AXjnZ7ivxJKiY/BkOmrNgN8k2\n"
"7vOS4P81ix1GnXsjyHJ6mOtWRC9UHfvJcvM3U9tuU+3dRfib03NGxSPnKteL4SP1\n"
"bdHfiGjV3LIxzFHOfdjM2cvFJ6jXg5hwXCFSdsQm5e2BfT3dWDBSfR4h3Prpkl6d\n"
"cAyb3nNtMK3HR5yl6QBuJybw8afHT3KRbwvOHOCR0ZVJTszclEPcM3NQdwFlhqLS\n"
"ghIflaKSPv9yHTKeg2AB5q9JSG2nwSTrjDKRab225+zJ0yylH5NwxIBLaVHDyAEu\n"
"81af+wnm99oqgvJuDKSQGyLf6sCeuy81wQYO46yNa+xJwQIDAQABo0IwQDAdBgNV\n"
"HQ4EFgQU3LtWq/EY/KaadREQZYQSntVBkrkwDgYDVR0PAQH/BAQDAgAGMA8GA1Ud\n"
"EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGHTBUx3ETIXYJsaAgb2pyyN\n"
"UltVL2bKzGMVSsnTCrXUU8hKrDQh3jNIMrS0d6dU/fGaGJvehxmmJfjaN/IFWA4M\n"
"BdZEnpAe2fJEP8vbLa/QHVfsAVuotLD6QWAqeaC2txpxkerveoV2JAwj1jrprT4y\n"
"rkS8SxZuKS05rYdlG30GjOKTq81amQtGf2NlNiM0lBB/SKTt0Uv5TK0jIWbz2WoZ\n"
"gGut7mF0md1rHRauWRcoHQdxWSQTCTtgoQzeBj4IS6N3QxQBKV9LL9UWm+CMIT7Y\n"
"np8bSJ8oW4UdpSuYWe1ZwSjZyzDiSzpuc4gTS6aHfMmEfoVwC8HN03/HD6B1Lwo2\n"
"DvEaqAxkya9IYWrDqkMrEErJO6cqx/vfIcfY/8JYmUJGTmvVlaODJTwYwov/2rjr\n"
"la5gR+xrTM7dq8bZimSQTO8h6cdL6u+3c8mGriCQkNZIZEac/Gdn+KwydaOZIcnf\n"
"Rdp3SalxsSp6cWwJGE4wpYKB2ClM2QF3yNQoTGNwMlpsxnU72ihDi/RxyaRTz9OR\n"
"pubNq8Wuq7jQUs5U00ryrMCZog1cxLzyfZwwCYh6O2CmbvMoydHNy5CU3ygxaLWv\n"
"JpgZVHN103npVMR3mLNa3QE+5MFlBlP3Mmystu8iVAKJas39VO5y5jad4dRLkwtM\n"
"6sJa8iBpdRjZrBp5sJBI\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) RSA Manufacturing CA 004
* Issuer: CN=Infineon OPTIGA(TM) RSA Root CA
* Algorithms: RSA 2048-bit, SHA2-256
* Validity: Nov 24 15:39:16 2034 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIFszCCA5ugAwIBAgIEIe/JKTANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE\n"
"RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP\n"
"UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg\n"
"UlNBIFJvb3QgQ0EwHhcNMTQxMTI0MTUzOTE2WhcNMzQxMTI0MTUzOTE2WjCBgzEL\n"
"MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa\n"
"MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q\n"
"VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDA0MIIBIjANBgkqhkiG9w0B\n"
"AQEFAAOCAQ8AMIIBCgKCAQEAhFAEamE+AGtKlpCDU1ILU3NUVjkrU2MiD+RcYM44\n"
"/+t6Ho90lVLIarwpjUC9E6skZDwSfjDFv1yR+xJ6nnfK05PX6CcW4I6xIYsPLESQ\n"
"Pe988Ug9FoTvqgQ/yy+5Ru16xFNWWCCF1KgMwyxgaX2hnkUU7aOIVPD1pHS/17TN\n"
"6F2zl46OL8qX9z9yHi+DRtjWZrQhQQ6lvi+hU+fgtFKGUUdZL/jyZXALVMvTt9hO\n"
"o7HPJDbzAIfCY5TZQByTbUwN+61twPw3m8QzNI79GlDDewD2nVzomDJUvV02Dbrb\n"
"e+NiLnZ/jZcHzWmF0ERqXM/sNnsWxSx7ECQV9mb4LPscCwIDAQABo4IBODCCATQw\n"
"VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u\n"
"LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E\n"
"FgQUJjt0TYVBK65uE+lKU8I1GFuk7uwwDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB\n"
"/wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv\n"
"bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g\n"
"BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS\n"
"uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEANY49i1/+6S9J\n"
"VS/yaHfxn49uVFMwJNeM7Ez6sANMxZ6UlSW5tz1xcwBo9ysViyt9W45MmKbXz0jz\n"
"HQBTuq3jq+aDjYJAtpvlQoqARSa0P6hXPMYXXLas7z/DwUeWomV+iYczG067Swsh\n"
"jQ4WKtg3o4f82Zmd39oJpYgIbJJPC7KyaNuDionRw5fiVfgEPRmUsB1jQGWz/d/r\n"
"YWjFU6zr6kqrVoostGls6PXxfyYcw9iiMsHWgsekyW3q+4mDRSaLJMyixw1Vwfy0\n"
"TmYjrwg6hi9+JrIJpnFCb8aCjZvZ0JZj+tWgjGnmw0acej2SEFItMBz0UHQNXn0j\n"
"BLVYfu9RwulqFWd52pumJVHECoDEQn93MdzippYAqEE9kaEl5wt8cd+9uRCcBuy2\n"
"OPleKXWvuYEEjqH7SbBxHiZuqdHZvFkfRdSNc1dW7sKE6N4UZ+b8+UoCha2pUzE2\n"
"yYeE3dkv/E1K+6uq38Fe42Iz22hlZrEeA3aGrHopOFvUY2MOM8ksdDBwQZ5YzBQ4\n"
"HcD5RHrvsYUbkcPnnVVkN+M8IKJ+6LVowx3EG+ytzVixHrSVJ91ooG9ocD2vxZAU\n"
"bY8gLugWaRbOZkgYaHTj4Rjq3ZxuEPXEDKrSm7nUgMMlq5BDYhVzBWXrJtyYIv37\n"
"QHaD0AfWGx+CiPbtXWmvkhC+QLzYnWI=\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) TPM 2.0 RSA CA 042
* Issuer: CN=Infineon OPTIGA(TM) RSA Root CA
* Algorithms: RSA 2048-bit, SHA2-256
* Validity: Feb 8 15:28:15 2043 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIFpTCCA42gAwIBAgIEX/V0ezANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE\n"
"RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP\n"
"UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg\n"
"UlNBIFJvb3QgQ0EwHhcNMjMwMjA4MTUyODE1WhcNNDMwMjA4MTUyODE1WjB2MQsw\n"
"CQYDVQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRMw\n"
"EQYDVQQLDApPUFRJR0EoVE0pMS8wLQYDVQQDDCZJbmZpbmVvbiBPUFRJR0EoVE0p\n"
"IFRQTSAyLjAgUlNBIENBIDA0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\n"
"ggEBAIVUeKYRnVu2bZCwKKd5zH3oOYz73J3ZPoMviq90y51mccnCiydAwR5k+uSr\n"
"NBjIUUVpQc11K005HbU42lA02XHBlchHVAd1rHPUp55Qvscsh/OU0MTV7Cb7LLnS\n"
"Mm9hD7K5bwdNjnSxD6gayoBwAOa5p23FBuqCiUPNzUD+1rtrkYyFD3t8WmnDbfxe\n"
"UWh5wWzIV0PGV7sKPOov+IXEfXFF+fWAwsGXTPi5+cibRLwoy88Rk/+vRLVxg0eZ\n"
"OnxH8B+qcpEIPmXfxbdGqUoY82icT1Nj1EjCjkyMTAxH5Q+8PVDHDjyRLNg+6aYt\n"
"MXYTX0D6MxhobOVjYLgZAnQPlkcCAwEAAaOCATgwggE0MFcGCCsGAQUFBwEBBEsw\n"
"STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhUnNh\n"
"Um9vdENBL09wdGlnYVJzYVJvb3RDQS5jcnQwHQYDVR0OBBYEFF0IFZUfX2Bjimnn\n"
"JS8+xL7NdVSyMA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG\n"
"A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYVJz\n"
"YVJvb3RDQS9PcHRpZ2FSc2FSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB\n"
"FAEwHwYDVR0jBBgwFoAU3LtWq/EY/KaadREQZYQSntVBkrkwEAYDVR0lBAkwBwYF\n"
"Z4EFCAEwDQYJKoZIhvcNAQELBQADggIBAHvzvbu2R2CTigvQNVNIBD+10puObvI7\n"
"p4n2u7ckS+RJaaFYysnC939IexEzqMHgZOSGJD2Fzq9Yqa2gMHzgsnzdj1V4ssfz\n"
"GEboIVJ3nhItIqgVj0HXfQrb1JXU7noI+db87MGA0gfLG52wqTI26gqZtb9GH6JB\n"
"y6OIL8NvmrRUpgOb6r0ltAhmIDnQz73M7qW0j1Y/OKa3M8T8QVSdbDeNydH2eSck\n"
"NzvbkeZED63YPcztxMGqZ3kL1NfzGHqtPvjlS53kQ4k+uvU42X4uzldBsXaByXMK\n"
"gjQKaEgG64lCLafQWB3KjgF6U37oHQ3GvCOeR6HZx/MOZXr9+T6ZzdVQJPZcIPu2\n"
"9dhftbLYYKlnkSab8JwPX1cpXJL+xMqd6Bjpr044iOTrD/Hjqck+QvhCt2pSpB4e\n"
"72z21KboAFb6xLUYf8KIvnhY9XFeBGpLabKn1Gq79x4BLsXJQuuQ8bmwWDa+e+F5\n"
"rb16CgnTvwMJE8+B0hOdk+/40whTwVwc7OlAwkRHiVKfPw7JOP4pyOV0QIlyWLcH\n"
"2yg7raQFCjdtnvIX0Eq3RDwFk6b9hK3+89uIuA8/uW3bY5HuJEQd0bWZoeD2WBHf\n"
"V9iAx0TwwBsEPrHwQxB6uktXjqCKk1PJAtaiAB6hFQpe26gAopXnxA6ezpgMKGVt\n"
"e1NOreRnWJCu\n"
"-----END CERTIFICATE-----\n",
/* ---------------------------------------------------------------*/
/* STMicroelectronics NV */
/* ---------------------------------------------------------------*/
/* Subject: CN=STSAFE ECC Root CA 02
* Algorithms: ECDSA SECP521R1, SHA2-512
* Validity: Dec 31 00:00:00 9999 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIICWjCCAbugAwIBAgIGVR0gAAECMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAkNI\n"
"MR4wHAYDVQQKExVTVE1pY3JvZWxlY3Ryb25pY3MgTlYxHjAcBgNVBAMTFVNUU0FG\n"
"RSBFQ0MgUm9vdCBDQSAwMjAgFw0yMjAxMjAwMDAwMDBaGA85OTk5MTIzMTAwMDAw\n"
"MFowTTELMAkGA1UEBhMCQ0gxHjAcBgNVBAoTFVNUTWljcm9lbGVjdHJvbmljcyBO\n"
"VjEeMBwGA1UEAxMVU1RTQUZFIEVDQyBSb290IENBIDAyMIGbMBAGByqGSM49AgEG\n"
"BSuBBAAjA4GGAAQAJFgkbtp5mZpvISjL8zAUSSJXxXpPhxhSVGQfqU0GEjPBIMMD\n"
"KNvc23xCcyIsiFTMD4MZQ1wov0SaBE3M31bWx78BrbiPCJ4lXUvJWiwm9+v3EL1z\n"
"lznBtyJDYUkrUe2n7r8NH7kAQ1X/csItvyomECdRtm4wwD8VX1n+l3npVlMNOxWj\n"
"QjBAMB0GA1UdDgQWBBT1XLcHvEsXQiYkgEBLu3yAulo8vjAOBgNVHQ8BAf8EBAMC\n"
"AQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBjAAwgYgCQgC85uufYwd5\n"
"yelX2EKkjx7s8LP6qgcXHxkO1zZYrTU7umomS5beVyPf2hA12yPVG9VnYUqs9+RA\n"
"L0mbODJNfHR5yAJCAUf2a5qPe3a/BpZBoY7YI68nUt1UD8ScX+IbkLJQ6mPe8pNR\n"
"xRJfSy8RvtTJcPEqH7kpj5sZjlRC5GUG/3Sco8uX\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STSAFE TPM ECC Intermediate CA 10
* Issuer: CN=STSAFE ECC Root CA 02
* Algorithms: ECDSA SECP384R1, SHA2-384
* Validity: Jan 1 00:00:00 2042 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIDQjCCAqOgAwIBAgIEQQAAEDAKBggqhkjOPQQDAzBNMQswCQYDVQQGEwJDSDEe\n"
"MBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMR4wHAYDVQQDExVTVFNBRkUg\n"
"RUNDIFJvb3QgQ0EgMDIwHhcNMjIwMTIwMDAwMDAwWhcNNDIwMTAxMDAwMDAwWjBZ\n"
"MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSow\n"
"KAYDVQQDEyFTVFNBRkUgVFBNIEVDQyBJbnRlcm1lZGlhdGUgQ0EgMTAwdjAQBgcq\n"
"hkjOPQIBBgUrgQQAIgNiAASTJN1bV66WKZt1gjvbSCbHJbo3HFyT/jqJ7+rqeMHK\n"
"Z55dI/FYfY/qgK1A9xTy3S3aUysFnTo5RQSy8EqcY2JxijlKU0hISan3IRV/ycA0\n"
"1KeA1AzDj6SKY0BCO07kc7yjggFGMIIBQjAdBgNVHQ4EFgQUnLOZx0g2wg9IQLg/\n"
"lCqnQZj6s1owHwYDVR0jBBgwFoAU9Vy3B7xLF0ImJIBAS7t8gLpaPL4wQwYDVR0g\n"
"AQH/BDkwNzA1BgRVHSAAMC0wKwYIKwYBBQUHAgEWH2h0dHA6Ly9zdy1jZW50ZXIu\n"
"c3QuY29tL1NUU0FGRS8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C\n"
"AQAwUAYIKwYBBQUHAQEERDBCMEAGCCsGAQUFBzAChjRodHRwOi8vc3ctY2VudGVy\n"
"LnN0LmNvbS9TVFNBRkUvU1RTQUZFRWNjUm9vdENBMDIuY3J0MEUGA1UdHwQ+MDww\n"
"OqA4oDaGNGh0dHA6Ly9zdy1jZW50ZXIuc3QuY29tL1NUU0FGRS9TVFNBRkVFY2NS\n"
"b290Q0EwMi5jcmwwCgYIKoZIzj0EAwMDgYwAMIGIAkIB9BxSCiEYdXzw4InfqOVA\n"
"JXxwDySjdgGZkckh9eu6OAwzPoRsjwt59/R1LRxISsE8BFRCyL+/0Stae8W6CaUa\n"
"YgkCQgEEZpf+KEZYKG+XFIfavWzFAFHgShQD2+fd21ncprh7rZDruPbeCqS6JEYc\n"
"qKsm6vl5yWjrv88UV/UeeTqlz6WTww==\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STSAFE TPM ECC Intermediate CA 11
* Issuer: CN=STSAFE ECC Root CA 02
* Algorithms: ECDSA SECP384R1, SHA2-384
* Validity: Jan 1 00:00:00 2042 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIDQjCCAqOgAwIBAgIEQQAAETAKBggqhkjOPQQDAzBNMQswCQYDVQQGEwJDSDEe\n"
"MBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMR4wHAYDVQQDExVTVFNBRkUg\n"
"RUNDIFJvb3QgQ0EgMDIwHhcNMjIwMTIwMDAwMDAwWhcNNDIwMTAxMDAwMDAwWjBZ\n"
"MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSow\n"
"KAYDVQQDEyFTVFNBRkUgVFBNIEVDQyBJbnRlcm1lZGlhdGUgQ0EgMTEwdjAQBgcq\n"
"hkjOPQIBBgUrgQQAIgNiAAT1l1mAZbejAFPcYl7AyR0vQUzcM4a/AVzs4ctaxKOH\n"
"PcXmxT6EeeXXDX4JcbuEgD7zZr+nw1AeZRCbO89o86+OM2yMKPqAl4tToRYAUIyl\n"
"mYjHe8wUKeyUbMUMg5FZ92qjggFGMIIBQjAdBgNVHQ4EFgQU+A/ygAr/JRzH4rpY\n"
"vietSY6qitYwHwYDVR0jBBgwFoAU9Vy3B7xLF0ImJIBAS7t8gLpaPL4wQwYDVR0g\n"
"AQH/BDkwNzA1BgRVHSAAMC0wKwYIKwYBBQUHAgEWH2h0dHA6Ly9zdy1jZW50ZXIu\n"
"c3QuY29tL1NUU0FGRS8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C\n"
"AQAwUAYIKwYBBQUHAQEERDBCMEAGCCsGAQUFBzAChjRodHRwOi8vc3ctY2VudGVy\n"
"LnN0LmNvbS9TVFNBRkUvU1RTQUZFRWNjUm9vdENBMDIuY3J0MEUGA1UdHwQ+MDww\n"
"OqA4oDaGNGh0dHA6Ly9zdy1jZW50ZXIuc3QuY29tL1NUU0FGRS9TVFNBRkVFY2NS\n"
"b290Q0EwMi5jcmwwCgYIKoZIzj0EAwMDgYwAMIGIAkIBG7lZLscwwyv/6EMhsalu\n"
"1kMx4rG8y0hQvB43eapAdpiwWJU93FF12Agtf5aDLr/zzjTy2epE1LOpBTDs431w\n"
"exwCQgHvMXOrbU26af1JTw1TD92QorKeYX9AspNRfHTJqijcue4MIMa3lAdssvCy\n"
"3QJ/mdWzkS8U0LlHNOV2Lb9PF4B10A==\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STM TPM ECC Root CA 01
* Algorithms: ECDSA SECP384R1, SHA2-384
* Validity: Jan 19 03:14:07 2038 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIICyDCCAk+gAwIBAgIORyzLp/OdsAvb9r+66LowCgYIKoZIzj0EAwMwgYsxOzA5\n"
"BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg\n"
"QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTcwNQYDVQQDEy5HbG9iYWxT\n"
"aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIEVDQyBSb290IENBMB4XDTE1MTAy\n"
"ODAwMDAwMFoXDTM4MDExOTAzMTQwN1owTjELMAkGA1UEBhMCQ0gxHjAcBgNVBAoT\n"
"FVNUTWljcm9lbGVjdHJvbmljcyBOVjEfMB0GA1UEAxMWU1RNIFRQTSBFQ0MgUm9v\n"
"dCBDQSAwMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABG7/OLXMiprQQHwNnkpT6aqG\n"
"zOGLcbbAgUtyjlXOZtuv0GB0ttJ6fwMwgFtt8RKlko8Bwn89/BoZOUcI4ne8ddRS\n"
"oqE6StnU3I13qqjalToq3Rnz61Omn6NErK1pxUe3j6OBtTCBsjAOBgNVHQ8BAf8E\n"
"BAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUIJJWPAtDqAVyUwMp\n"
"BxwH4OvsAwQwHwYDVR0jBBgwFoAUYT78EZkKf7CpW5CgJl4pYUe3MAMwTAYDVR0g\n"
"BEUwQzBBBgkrBgEEAaAyAVowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xv\n"
"YmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCgYIKoZIzj0EAwMDZwAwZAIwWnuUAzwy\n"
"vHUhHehymKTZ2QcPUwHX0LdcVTac4ohyEL3zcuv/dM0BN62kFxHgBOhWAjAIxt9i\n"
"50yAxy0Z/MeV2NTXqKpLwdhWNuzOSFZnzRKsh9MxY3zj8nebDNlHTDGSMR0=\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STM TPM ECC Intermediate CA 02
* Issuer: CN=STM TPM ECC Root CA 01
* Algorithms: ECDSA SECP256R1, SHA2-384
* Validity: Nov 22 00:00:00 2038 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIICZTCCAeygAwIBAgIEQAAAAjAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJDSDEe\n"
"MBwGA1UECgwVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMR8wHQYDVQQDDBZTVE0gVFBN\n"
"IEVDQyBSb290IENBIDAxMB4XDTE4MTEyMjAwMDAwMFoXDTM4MTEyMjAwMDAwMFow\n"
"VjELMAkGA1UEBhMCQ0gxHjAcBgNVBAoMFVNUTWljcm9lbGVjdHJvbmljcyBOVjEn\n"
"MCUGA1UEAwweU1RNIFRQTSBFQ0MgSW50ZXJtZWRpYXRlIENBIDAyMFkwEwYHKoZI\n"
"zj0CAQYIKoZIzj0DAQcDQgAE08t33aGM5M5aeBmzcn5H3HS31CGBJ2bbJ6fvJJ0i\n"
"VCfZrN9sesL0D+NGfwtEklk7mgT/2vfW2dO9OqsyukSw2aOBrzCBrDAdBgNVHQ4E\n"
"FgQUZi2PHOzf8UeotvDqKWr38kyt+c8wHwYDVR0jBBgwFoAUIJJWPAtDqAVyUwMp\n"
"BxwH4OvsAwQwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYBBQUHAgEWIWh0\n"
"dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAPBgNVHQ8BAf8EBQMDAQQC\n"
"MBIGA1UdEwEB/wQIMAYBAf8CAQAwCgYIKoZIzj0EAwMDZwAwZAIwJl4q6QuGhqQD\n"
"pvP1gBBu8OhbQAXL8Rwhg1FWs8BvC4VYt6Tqe9xLqjbtbgR8UOyvAjAhzSbC+r8A\n"
"2Wx1aOwAIqs1tmBXpofqcOXYeCSXKajOv5Jlzk6sDnEH2omN+ydt924=\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STSAFE RSA Root CA 02
* Algorithms: RSA 4096-bit, SHA2-384
* Validity: Dec 31 00:00:00 9999 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIFXjCCA0agAwIBAgIGVR0gAAACMA0GCSqGSIb3DQEBDAUAME0xCzAJBgNVBAYT\n"
"AkNIMR4wHAYDVQQKExVTVE1pY3JvZWxlY3Ryb25pY3MgTlYxHjAcBgNVBAMTFVNU\n"
"U0FGRSBSU0EgUm9vdCBDQSAwMjAgFw0yMjAxMjAwMDAwMDBaGA85OTk5MTIzMTAw\n"
"MDAwMFowTTELMAkGA1UEBhMCQ0gxHjAcBgNVBAoTFVNUTWljcm9lbGVjdHJvbmlj\n"
"cyBOVjEeMBwGA1UEAxMVU1RTQUZFIFJTQSBSb290IENBIDAyMIICIjANBgkqhkiG\n"
"9w0BAQEFAAOCAg8AMIICCgKCAgEAyDtHbW51K/pnDbnPdLQTls2U/bu/aDATTi1W\n"
"CZDAtFC9sWtCRK6jQ0SG9DCCys7ur170V3Q+HVov88FzH6bYg4TWY7+wEQKLR/4W\n"
"IgdCjcW3uXMimsh9tOb+UlfRMW0yEozi7F+F/v07lULTJg+itCOMASi/caV1ySYI\n"
"cX5z/5Woj3hDgJGa4scOoxdOfPg1GCkEjQPy7fG/IBt883palE/T4UNg1megfLcg\n"
"hjOrbaPTFB3qXmm6E07QDYMkPiqryz3v9MCnOw62EXGcQLFIK4DwPxySU7NxO0ta\n"
"DHXv+8B5ljv4Jtx5OLkDf9YAfjEg6ZOpsyIGKI+bgIoVYtGbXTDZAtoMKw3ystQX\n"
"va9ceQ4cIQQUjpH6nFm8dbm/TOrkZd6m9pmLftR6kTuzRd8hhKCwpfcKbxQlMI2u\n"
"TDVbw03IFUhk23uDSTOzsyOjB2f93SLEw1yTBuiYXhO2YHUHFJckbiuz7RdE4sjN\n"
"1J0LwxKKbm9kleYEP+Kah6IJ0Zs7vbP3WNZUpmt6/XTmszb+paTSpanUYbBr2/IE\n"
"aQCRiAlv0H26i5u4CjSHRjjRIqLAuGnpn0gZ2Zgs1espJwmey7MPKvTJtK1H+TQN\n"
"0HZW8DYtcdzPkpxqKndWIUR7JTnozVPCVOcirSPGdkSvhbAGPyoyv7ju86RnTiT0\n"
"NLz7SbECAwEAAaNCMEAwHQYDVR0OBBYEFHzCjb5uWdhKVANGmxMIANL48G0nMA4G\n"
"A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4IC\n"
"AQCykiyYyHAXHzRBdqJ3QLr8qTDDNO3RdLToZmiFRdslaRr2RtlDDjcAEFKf1u/E\n"
"1qprZe926Ob5KxWIQREvDAgqAbRS9fd3+w6hZ+ZrmHNh5aH2UEgsfAi9vZ3K8BH/\n"
"rReqTm0oxCMz4socJ9tIpvGSZhJg6PDTidsIscr8iNcSsVYJO60wSMxn7tv+Buh+\n"
"ZgJFddzEYZqTuezsdiXswkAkwqTJY9KM1w0bFLHrmifkc0y6I+jeBgjGxMknz8G5\n"
"p7YX4GoeJp5LjM8z36qBFKcjkKpYEb2H+u6CxgXFsxu6nkB0pn3u2uNwmXTYIQKO\n"
"trcshrmoKUv7mDvtaNIa0blMTRTEZzkwrR1BsHm/Gz7NLhgkDIv9p1u5oiCwlebh\n"
"eJ1cDJ9I7puSBPiDDpkdvVPg0wNFPai/SAhjW0OaULcybVR7kXzST9/xerCoquYp\n"
"I+qLjTs+RqahgL5a9ZRPVABX3DwvnDCarwVqMSfRjGP4e8b2BspDM+wPTvQH1K4O\n"
"xk+qc9HT7YubzqhtJ/yfcYd/eKTsk60aNmknatNZDSFzq03lxN048n3D9mcjGDkR\n"
"15Kv5NX8DhZuCNcBddkGC96uYpgSvl089RgnSL/qPlM+QlVjPbqDpISd/z3X4RNb\n"
"vdT+agOdZZJRB1MROQXDnACVdQB1ba/DTO4UNEou27D03Q==\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STSAFE TPM RSA Intermediate CA 10
* Issuer: CN=STSAFE RSA Root CA 02
* RSA 4096-bit, SHA2-384
* Validity: Jan 1 00:00:00 2042 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIGbDCCBFSgAwIBAgIEQAAAEDANBgkqhkiG9w0BAQwFADBNMQswCQYDVQQGEwJD\n"
"SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMR4wHAYDVQQDExVTVFNB\n"
"RkUgUlNBIFJvb3QgQ0EgMDIwHhcNMjIwMTIwMDAwMDAwWhcNNDIwMTAxMDAwMDAw\n"
"WjBZMQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5W\n"
"MSowKAYDVQQDEyFTVFNBRkUgVFBNIFJTQSBJbnRlcm1lZGlhdGUgQ0EgMTAwggIi\n"
"MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDLtTMVm6icY4GkyBPSGRG4x04Z\n"
"s3QDarRa1jdXDDD5yYNsdenk+9wNb+pOoepnsAoD8oJ4w8MiER4eDln40c26w2fg\n"
"s+8UWDJY5zgTn/A+NBoIZ4wpOhFiE5MEWki7hLB6WPgZYDpMY38vG0RrBd9eJHxh\n"
"h32wa7ko0NDoUl7DHLIn6xyMePknl/RKcWJHtpn3KBky4qxuJf0SIgKLsjTMqpaa\n"
"15HWeYDaij2GDSV/0IY0svLrDwyP/tnONN15PnogkYKpVzXcHKoue2ViBDGqFrDv\n"
"/itYz3ze1TMqj6+iiTGG3Hg1exmch8w923Zj5BTn+Fe2kdngzOFf9jVCnRxyYZm3\n"
"A60MthkJyAjN8zkZcaepumkbF99WUJQQ2eyK4jGsVzMlmHGcMHOB2AG2W0jbnteo\n"
"0Y4PhcVkjeP9KVHu19A3PpIgThwwqeiJN+QyxSIPfwk82GfflxpXeb256hv7xvqn\n"
"2YQ0sI5UgU9aQBOZbktxRprTBipqZJbX07oLVCgRuZtm3aCTCIPVQLVGGv7wSjs8\n"
"63jQsO/52mTKHz5AAXamWKuX197OJANBWPQyk3u3+OvV8tSaetC7yuezfQUHw0ca\n"
"CgAUCit6bX02EKAb0ZZbKzGWEyBhbiw+EICWvRQktX+5S+LnVntBSx2e4zHfAcoA\n"
"KKZ6e0OZbvHaPkBOZQIDAQABo4IBRjCCAUIwHQYDVR0OBBYEFGVwYqcQVpFvjH95\n"
"ipLd5tgdCpjaMB8GA1UdIwQYMBaAFHzCjb5uWdhKVANGmxMIANL48G0nMEMGA1Ud\n"
"IAEB/wQ5MDcwNQYEVR0gADAtMCsGCCsGAQUFBwIBFh9odHRwOi8vc3ctY2VudGVy\n"
"LnN0LmNvbS9TVFNBRkUvMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/\n"
"AgEAMFAGCCsGAQUFBwEBBEQwQjBABggrBgEFBQcwAoY0aHR0cDovL3N3LWNlbnRl\n"
"ci5zdC5jb20vU1RTQUZFL1NUU0FGRVJzYVJvb3RDQTAyLmNydDBFBgNVHR8EPjA8\n"
"MDqgOKA2hjRodHRwOi8vc3ctY2VudGVyLnN0LmNvbS9TVFNBRkUvU1RTQUZFUnNh\n"
"Um9vdENBMDIuY3JsMA0GCSqGSIb3DQEBDAUAA4ICAQCATjBOFHEiOfz5pGvjB0GR\n"
"aRSOMQI/kccR5FBSrsJV3wVhnEBA9WPc9sMZ5VarDiNpSYWihtyFAe72QWqsRar6\n"
"oRYAHvwsRio2l5W6GbCe50cbdvaOQlVC5wHQnP+kywdOUyK0VRKGP5qJhgS6Ze8v\n"
"0Ppc6f1UsxNHWmI1uy1oVGjF+Vl3d23EDz6G2BLRwzzMsNKZ6MM0xfNh8Us4Qvpj\n"
"Dfm+ysmX7wKYoJBAcxipaFDAEzNGLScagsJ9UvJ5whEyxvG1TrvPyvM/b+aU7H8B\n"
"aBNIsUdVKwfwkVHQah4Cyd3aXultFhJoTT44HiM6kYqfe+tPd3KbqxhEobAbFyZV\n"
"Eot3CYMQV+ZVK5xfG4Te7s9rE6HLeGGP3vWlOTtVCsMWG39FfVz+4oshygXk8c6G\n"
"rAUWSD2A96z0N4eg4MKemGmE56zaQx65jfjk5HiFDsf+A7zMAZ0P61FVUZ/GWLJY\n"
"6SicMpev12sGN4tUkqZOabgZEAzxdnaKrWUSOFVVE8e6l+TnQKS/xGDyCu0ANOPR\n"
"qMLM3x5Kx9kVZ8kGYs+8FRiVXx61WVJHztmfJmcUQirroIJZuEwAJYTt576sOQxH\n"
"U9R2VOyUgNRAdwYSvy6PU7IjDjMuTYaeMyJCJGFRcnFk/QqbHXFI4eNN5gtDKhT7\n"
"uKErQfPEhjYLdzF8/OYW7w==\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STM TPM EK Root CA
* Algorithms: RSA 2048-bit, SHA2-256
* Validity: Dec 31 23:59:59 2039 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIEDDCCAvSgAwIBAgILBAAAAAABIsFs834wDQYJKoZIhvcNAQELBQAwgYcxOzA5\n"
"BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg\n"
"QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTMwMQYDVQQDEypHbG9iYWxT\n"
"aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIFJvb3QgQ0EwHhcNMDkwNzI4MTIw\n"
"MDAwWhcNMzkxMjMxMjM1OTU5WjBKMQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RN\n"
"aWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0gVFBNIEVLIFJvb3QgQ0Ew\n"
"ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxBLG5wcB9J0MsiJMreoWQ\n"
"l21bBN12SSGZPJ3HoPjzcrzAz6SPy+TrFmZ6eUVspsFL/23wdPprqTUtDHi+C2pw\n"
"k/3dF3/Rb2t/yHgiPlbCshYpi5f/rJ7nzbQ1ca2LzX3saBe53VfNQQV0zd5uM0DT\n"
"SrmAKU1RIAj2WlZFWXoN4NWTyRtqT5suPHa2y8FlCWMZKlS0FiY4pfM20b5YQ+EL\n"
"4zqb9zN53u/TdYZegrfSlc30Nl9G13Mgi+8rtPFKwsxx05EBbhVroH7aKVI1djsf\n"
"E1MVrUzw62PHik3xlzznXML8OjY//xKeiCWcsApuGCaIAf7TsTRi2l8DNB3rCr1X\n"
"AgMBAAGjgbQwgbEwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQEw\n"
"HQYDVR0OBBYEFG/mxWwHt2yLCoGSg1zLQR72jtEnMEsGA1UdIAREMEIwQAYJKwYB\n"
"BAGgMgFaMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2xvYmFsc2lnbi5uZXQv\n"
"cmVwb3NpdG9yeS8wHwYDVR0jBBgwFoAUHiNj8IW19iVO7RrAUL5lfMfUFXowDQYJ\n"
"KoZIhvcNAQELBQADggEBAFrKpwFmRh7BGdpPZWc1Y6wIbdTAF6T+q1KwDJcyAjgJ\n"
"qThFp3xTAt3tvyVrCRf7T/YARYE24DNa0iFaXsIXeQASDYHJjAZ6LQTslYBeRYLb\n"
"C9v8ZE2ocKSCiC8ALYlJWk39Wob0H1Lk6l2zcUo3oKczGiAcRrlmwV496wvGyted\n"
"2RBcLZro7yhOOGr9KMabV14fNl0lG+31J1nWI2hgTqh53GXg1QH2YpggD3b7UbVm\n"
"c6GZaX37N3z15XfQafuAfHt10kYCNdePzC9tOwirHIsO8lrxoNlzOSxX8SqQGbBI\n"
"+kWoe5+SY3gdOGGDQKIdw3W1poMN8bQ5x7XFcgVMwVU=\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STM TPM EK Intermediate CA 06
* Issuer: CN=STM TPM EK Root CA
* Algorithms: RSA 2048-bit, SHA2-256
* Validity: Jan 1 00:00:00 2038 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIDzDCCArSgAwIBAgIEQAAABzANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD\n"
"SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g\n"
"VFBNIEVLIFJvb3QgQ0EwHhcNMTgxMDMxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBV\n"
"MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw\n"
"JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwNjCCASIwDQYJKoZI\n"
"hvcNAQEBBQADggEPADCCAQoCggEBAOvIjXBLbVBfIC7SFjcz4hm6R0IyuRJpJ45n\n"
"pYytlAHmoVosoT3isl52T4UB4T1r1b8y7Y+vW3Ed0sZO+m/pHtUc5h9050ynGedt\n"
"0uvuNZ1cVnX2h/XTcdKIawqEBVXRZQ5OJMp/aDlUwsUeBT+SlhAagNhmyNw2tC2a\n"
"b5d7qr8FU03Ds6io892aSD23z51yLAix121uUHIPmHByaZRnaKctTbu7ulwINlrd\n"
"cB953Z0WVQhil5yjZs14yd4yAnA3Z1ZW+mrOkr8ehVsUbvrUxyfhMInMrETIxR4R\n"
"9X5cTIVia2SVTtfqrb6XMC1/T7K1PH90QXtlt3WILMMNJhLDy+kCAwEAAaOBrjCB\n"
"qzAdBgNVHQ4EFgQU+xfXDXNIcOkZxOjmA5deZk4OQ94wHwYDVR0jBBgwFoAUb+bF\n"
"bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB\n"
"BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B\n"
"Af8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA\n"
"OiwipeVJ4yK/hBF6KgfcCUltlqmoPoHyffzfpPjNBeYqmdaRqxJdbY9FaSrcbJBA\n"
"hKRHfWYPCB03TnWstmfadgzbC/8mITx56Cb2EXpvYhrAu8G7a54h0sIhEloK/FAx\n"
"Zdgg3Y2tnPhihQ80xdqtaZRoXqjiqKq1p7IHwtQZiFCCCD1jny8qfZLCOYx50/mJ\n"
"QXk8WvzPl0xsAOhp5Id6OAeq/6dmwjUBpZBzhwmbnt5kX7OKnuoVr3H+8X1Zycz8\n"
"lq3znYqMaPWDTIQm6gnm//ahb9bBN0GL57fT6RuNy6jH7SRZYZ4zZRtAHyPogA/b\n"
"gbBsXr0NrHh671Y1j4cOYA==\n"
"-----END CERTIFICATE-----\n",
};
#endif /* WOLFTPM_TRUSTED_CERTS_H */

1
examples/include.am
View File

@ -17,6 +17,7 @@ include examples/gpio/include.am
include examples/seal/include.am
include examples/attestation/include.am
include examples/firmware/include.am
include examples/endorsement/include.am
if BUILD_EXAMPLES
EXTRA_DIST += examples/run_examples.sh

31
examples/nvram/read.c
View File

@ -55,6 +55,7 @@ static void usage(void)
printf("* -priv: Read ony the private part\n");
printf("* -pub: Read only the public part\n");
printf("* -aes/xor: Use Parameter Encryption\n");
printf("* -endorsement/platform/owner: Auth hierarchy\n");
}
int TPM2_NVRAM_Read_Example(void* userCtx, int argc, char *argv[])
@ -68,7 +69,7 @@ int TPM2_NVRAM_Read_Example(void* userCtx, int argc, char *argv[])
WOLFTPM2_NV nv;
TPM2B_AUTH auth;
word32 readSize;
TPMI_RH_NV_AUTH authHandle = TPM_RH_OWNER; /* or TPM_RH_PLATFORM */
TPMI_RH_NV_AUTH authHandle = TPM_RH_OWNER;
int paramEncAlg = TPM_ALG_NULL;
int partialRead = 0;
int offset = 0;
@ -89,13 +90,7 @@ int TPM2_NVRAM_Read_Example(void* userCtx, int argc, char *argv[])
if (XSTRNCMP(argv[argc-1], "-nvindex=", XSTRLEN("-nvindex=")) == 0) {
const char* nvIndexStr = argv[argc-1] + XSTRLEN("-nvindex=");
nvIndex = (word32)XSTRTOL(nvIndexStr, NULL, 0);
if (!(authHandle == TPM_RH_PLATFORM && (
nvIndex > TPM_20_PLATFORM_MFG_NV_SPACE &&
nvIndex < TPM_20_OWNER_NV_SPACE)) &&
!(authHandle == TPM_RH_OWNER && (
nvIndex > TPM_20_OWNER_NV_SPACE &&
nvIndex < TPM_20_TCG_NV_SPACE)))
{
if (nvIndex < NV_INDEX_FIRST || nvIndex > NV_INDEX_LAST) {
fprintf(stderr, "Invalid NV Index %s\n", nvIndexStr);
fprintf(stderr, "\tPlatform Range: 0x%x -> 0x%x\n",
TPM_20_PLATFORM_MFG_NV_SPACE, TPM_20_OWNER_NV_SPACE);
@ -105,6 +100,15 @@ int TPM2_NVRAM_Read_Example(void* userCtx, int argc, char *argv[])
return -1;
}
}
else if (XSTRCMP(argv[argc-1], "-endorsement") == 0) {
authHandle = TPM_RH_ENDORSEMENT;
}
else if (XSTRCMP(argv[argc-1], "-platform") == 0) {
authHandle = TPM_RH_PLATFORM;
}
else if (XSTRCMP(argv[argc-1], "-owner") == 0) {
authHandle = TPM_RH_OWNER;
}
else if (XSTRCMP(argv[argc-1], "-aes") == 0) {
paramEncAlg = TPM_ALG_CFB;
}
@ -123,14 +127,19 @@ int TPM2_NVRAM_Read_Example(void* userCtx, int argc, char *argv[])
argc--;
}
printf("NV Read\n");
printf("\tNV Index: 0x%08x\n", nvIndex);
printf("\tAuth: %s\n",
(authHandle == TPM_RH_ENDORSEMENT) ? "Endorsement" :
(authHandle == TPM_RH_PLATFORM) ? "Platform" : "Owner");
if (paramEncAlg == TPM_ALG_CFB) {
printf("Parameter Encryption: Enabled. (AES CFB)\n\n");
printf("\tParameter Encryption: Enabled. (AES CFB)\n\n");
}
else if (paramEncAlg == TPM_ALG_XOR) {
printf("Parameter Encryption: Enabled. (XOR)\n\n");
printf("\tParameter Encryption: Enabled. (XOR)\n\n");
}
else {
printf("Parameter Encryption: Not enabled (try -aes or -xor).\n\n");
printf("\tParameter Encryption: Not enabled (try -aes or -xor).\n\n");
}
XMEMSET(&keyBlob, 0, sizeof(keyBlob));

7
examples/run_examples.sh
View File

@ -600,6 +600,13 @@ if [ $WOLFCRYPT_ENABLE -eq 1 ]; then
fi
# Endorsement key and certificate
echo -e "Endorsement Key (EK) and Certificate"
./examples/endorsement/get_ek_certs >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "get_ek_certs failed! $RESULT" && exit 1
rm -f keyblob.bin
echo -e "Success!"

6
examples/tls/tls_client.c
View File

@ -29,7 +29,8 @@
#include <stdio.h>
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(WOLFCRYPT_ONLY)
!defined(NO_WOLFSSL_CLIENT) && !defined(WOLFCRYPT_ONLY) && \
(defined(WOLFTPM_CRYPTOCB) || defined(HAVE_PK_CALLBACKS))
#include <hal/tpm_io.h>
#include <examples/tpm_test.h>
@ -633,7 +634,8 @@ int main(int argc, char* argv[])
int rc = -1;
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(WOLFCRYPT_ONLY)
!defined(NO_WOLFSSL_CLIENT) && !defined(WOLFCRYPT_ONLY) && \
(defined(WOLFTPM_CRYPTOCB) || defined(HAVE_PK_CALLBACKS))
rc = TPM2_TLS_ClientArgs(NULL, argc, argv);
#else
(void)argc;

6
examples/tls/tls_server.c
View File

@ -29,7 +29,8 @@
#include <stdio.h>
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
!defined(NO_WOLFSSL_SERVER) && !defined(WOLFCRYPT_ONLY)
!defined(NO_WOLFSSL_SERVER) && !defined(WOLFCRYPT_ONLY) && \
(defined(WOLFTPM_CRYPTOCB) || defined(HAVE_PK_CALLBACKS))
#include <hal/tpm_io.h>
#include <examples/tpm_test.h>
@ -623,7 +624,8 @@ int main(int argc, char* argv[])
int rc = -1;
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
!defined(NO_WOLFSSL_SERVER) && !defined(WOLFCRYPT_ONLY)
!defined(NO_WOLFSSL_SERVER) && !defined(WOLFCRYPT_ONLY) && \
(defined(WOLFTPM_CRYPTOCB) || defined(HAVE_PK_CALLBACKS))
rc = TPM2_TLS_ServerArgs(NULL, argc, argv);
#else
(void)argc;

9
src/tpm2.c
View File

@ -5495,8 +5495,6 @@ int TPM2_IFX_FieldUpgradeCommand(TPM_CC cc, uint8_t* data, uint32_t size)
}
return rc;
}
#endif /* WOLFTPM_SLB9672 || WOLFTPM_SLB9673 */
#endif /* WOLFTPM_FIRMWARE_UPGRADE */
@ -6004,6 +6002,10 @@ int TPM2_GetTpmCurve(int curve_id)
case ECC_SECP521R1:
ret = TPM_ECC_NIST_P521;
break;
case ECC_BRAINPOOLP256R1:
ret = TPM_ECC_BN_P256;
break;
case TPM_ECC_BN_P638:
default:
ret = ECC_CURVE_OID_E;
}
@ -6033,7 +6035,10 @@ int TPM2_GetWolfCurve(int curve_id)
ret = ECC_SECP521R1;
break;
case TPM_ECC_BN_P256:
ret = ECC_BRAINPOOLP256R1;
break;
case TPM_ECC_BN_P638:
default:
ret = ECC_CURVE_OID_E;
}
#endif

174
src/tpm2_wrap.c
View File

@ -1413,6 +1413,12 @@ static int wolfTPM2_EncryptSecret_RSA(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* tpm
hashType = WC_HASH_TYPE_SHA256;
mgf = WC_MGF1SHA256;
}
#ifdef WOLFSSL_SHA384
else if (publicArea->nameAlg == TPM_ALG_SHA384) {
hashType = WC_HASH_TYPE_SHA384;
mgf = WC_MGF1SHA384;
}
#endif
else {
return NOT_COMPILED_IN;
}
@ -5711,7 +5717,8 @@ int GetKeyTemplateRSA(TPMT_PUBLIC* publicTemplate,
((objectAttributes & TPMA_OBJECT_decrypt) &&
(objectAttributes & TPMA_OBJECT_restricted))) {
publicTemplate->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
publicTemplate->parameters.rsaDetail.symmetric.keyBits.aes = 128;
publicTemplate->parameters.rsaDetail.symmetric.keyBits.aes =
(keyBits > 2048) ? 256 : 128;
publicTemplate->parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB;
}
else {
@ -5750,7 +5757,8 @@ int GetKeyTemplateECC(TPMT_PUBLIC* publicTemplate,
((objectAttributes & TPMA_OBJECT_decrypt) &&
(objectAttributes & TPMA_OBJECT_restricted))) {
publicTemplate->parameters.eccDetail.symmetric.algorithm = TPM_ALG_AES;
publicTemplate->parameters.eccDetail.symmetric.keyBits.aes = 128;
publicTemplate->parameters.eccDetail.symmetric.keyBits.aes =
(curveSz >= 48) ? 256 : 128;
publicTemplate->parameters.eccDetail.symmetric.mode.aes = TPM_ALG_CFB;
}
else {
@ -5857,40 +5865,154 @@ int wolfTPM2_GetKeyTemplate_KeySeal(TPMT_PUBLIC* publicTemplate, TPM_ALG_ID name
return TPM_RC_SUCCESS;
}
int wolfTPM2_GetKeyTemplate_RSA_EK(TPMT_PUBLIC* publicTemplate)
int wolfTPM2_GetKeyTemplate_EK(TPMT_PUBLIC* publicTemplate, TPM_ALG_ID alg,
int keyBits, TPM_ECC_CURVE curveID, TPM_ALG_ID nameAlg, int highRange)
{
int ret;
int rc;
TPMA_OBJECT objectAttributes = (
TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent |
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_adminWithPolicy |
TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt);
ret = GetKeyTemplateRSA(publicTemplate, TPM_ALG_SHA256,
objectAttributes, 2048, 0, TPM_ALG_NULL, TPM_ALG_NULL);
if (ret == 0) {
publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY);
XMEMCPY(publicTemplate->authPolicy.buffer,
TPM_20_EK_AUTH_POLICY, publicTemplate->authPolicy.size);
if (highRange) {
/* High range requires userWithAuth=1 */
objectAttributes |= TPMA_OBJECT_userWithAuth;
}
return ret;
if (alg == TPM_ALG_RSA) {
rc = GetKeyTemplateRSA(publicTemplate, nameAlg,
objectAttributes, keyBits, 0, TPM_ALG_NULL, TPM_ALG_NULL);
if (rc == 0 && highRange) { /* high range uses 0 unique size */
publicTemplate->unique.rsa.size = 0;
}
}
else if (alg == TPM_ALG_ECC) {
rc = GetKeyTemplateECC(publicTemplate, nameAlg,
objectAttributes, curveID, TPM_ALG_NULL, TPM_ALG_NULL);
if (rc == 0 && highRange) { /* high range uses 0 unique size */
publicTemplate->unique.ecc.x.size = 0;
publicTemplate->unique.ecc.y.size = 0;
}
}
else {
rc = BAD_FUNC_ARG; /* not supported */
}
if (rc == 0) {
if (nameAlg == TPM_ALG_SHA256 && !highRange) {
publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY);
XMEMCPY(publicTemplate->authPolicy.buffer,
TPM_20_EK_AUTH_POLICY, publicTemplate->authPolicy.size);
}
else if (nameAlg == TPM_ALG_SHA256) {
publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY_SHA256);
XMEMCPY(publicTemplate->authPolicy.buffer,
TPM_20_EK_AUTH_POLICY_SHA256, publicTemplate->authPolicy.size);
}
#ifdef WOLFSSL_SHA384
else if (nameAlg == TPM_ALG_SHA384) {
publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY_SHA384);
XMEMCPY(publicTemplate->authPolicy.buffer,
TPM_20_EK_AUTH_POLICY_SHA384, publicTemplate->authPolicy.size);
}
#endif
#ifdef WOLFSSL_SHA512
else if (nameAlg == TPM_ALG_SHA512) {
publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY_SHA512);
XMEMCPY(publicTemplate->authPolicy.buffer,
TPM_20_EK_AUTH_POLICY_SHA512, publicTemplate->authPolicy.size);
}
#endif
}
return rc;
}
int wolfTPM2_GetKeyTemplate_EKIndex(word32 nvIndex,
TPMT_PUBLIC* publicTemplate)
{
TPM_ALG_ID alg = TPM_ALG_NULL;
TPM_ALG_ID nameAlg = TPM_ALG_NULL;
TPM_ECC_CURVE curveID = TPM_ECC_NONE;
uint32_t keyBits = 0;
int highRange = 0;
/* validate index is in NV EK range */
if (nvIndex < TPM_20_TCG_NV_SPACE ||
nvIndex > TPM_20_TCG_NV_SPACE + 0x1FF) {
return BAD_FUNC_ARG;
}
/* determine if low or high range */
if (nvIndex >= TPM2_NV_EK_RSA2048) {
highRange = 1;
}
/* Determine algorithm based on index */
switch (nvIndex) {
case TPM2_NV_RSA_EK_CERT: /* EK (Low Range): RSA 2048 */
case TPM2_NV_EK_RSA2048: /* EK (High Range) */
alg = TPM_ALG_RSA;
nameAlg = TPM_ALG_SHA256;
keyBits = 2048;
break;
case TPM2_NV_EK_RSA3072:
alg = TPM_ALG_RSA;
nameAlg = TPM_ALG_SHA384;
keyBits = 3072;
break;
case TPM2_NV_EK_RSA4096:
alg = TPM_ALG_RSA;
nameAlg = TPM_ALG_SHA512;
keyBits = 4096;
break;
case TPM2_NV_ECC_EK_CERT: /* EK (Low Range): ECC P256 */
case TPM2_NV_EK_ECC_P256: /* EK (High Range) */
alg = TPM_ALG_ECC;
curveID = TPM_ECC_NIST_P256;
nameAlg = TPM_ALG_SHA256;
keyBits = 256;
break;
case TPM2_NV_EK_ECC_P384:
alg = TPM_ALG_ECC;
curveID = TPM_ECC_NIST_P384;
nameAlg = TPM_ALG_SHA384;
keyBits = 384;
break;
case TPM2_NV_EK_ECC_P521:
alg = TPM_ALG_ECC;
curveID = TPM_ECC_NIST_P521;
nameAlg = TPM_ALG_SHA512;
keyBits = 521;
break;
case TPM2_NV_EK_ECC_SM2:
alg = TPM_ALG_SM2;
curveID = TPM_ECC_SM2_P256;
nameAlg = TPM_ALG_SHA256;
keyBits = 256;
break;
default:
alg = TPM_ALG_NULL;
curveID = TPM_ECC_NONE;
nameAlg = TPM_ALG_NULL;
keyBits = 0;
break;
}
return wolfTPM2_GetKeyTemplate_EK(publicTemplate, alg, keyBits, curveID,
nameAlg, highRange);
}
int wolfTPM2_GetKeyTemplate_RSA_EK(TPMT_PUBLIC* publicTemplate)
{
return wolfTPM2_GetKeyTemplate_EK(publicTemplate, TPM_ALG_RSA, 2048,
TPM_ALG_NULL, TPM_ALG_SHA256, 0);
}
int wolfTPM2_GetKeyTemplate_ECC_EK(TPMT_PUBLIC* publicTemplate)
{
int ret;
TPMA_OBJECT objectAttributes = (
TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent |
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_adminWithPolicy |
TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt);
ret = GetKeyTemplateECC(publicTemplate, TPM_ALG_SHA256,
objectAttributes, TPM_ECC_NIST_P256, TPM_ALG_NULL, TPM_ALG_NULL);
if (ret == 0) {
publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY);
XMEMCPY(publicTemplate->authPolicy.buffer,
TPM_20_EK_AUTH_POLICY, publicTemplate->authPolicy.size);
}
return ret;
return wolfTPM2_GetKeyTemplate_EK(publicTemplate, TPM_ALG_ECC, 256,
TPM_ECC_NIST_P256, TPM_ALG_SHA256, 0);
}
int wolfTPM2_GetKeyTemplate_RSA_SRK(TPMT_PUBLIC* publicTemplate)

67
wolftpm/tpm2.h
View File

@ -1649,18 +1649,67 @@ typedef struct TPM2_AUTH_SESSION {
#define TPM_20_OWNER_NV_SPACE ((TPM_HT_NV_INDEX << 24) | (0x02 << 22))
#define TPM_20_TCG_NV_SPACE ((TPM_HT_NV_INDEX << 24) | (0x03 << 22))
#define TPM_20_NV_INDEX_EK_CERTIFICATE (TPM_20_PLATFORM_MFG_NV_SPACE + 2)
#define TPM_20_NV_INDEX_EK_NONCE (TPM_20_PLATFORM_MFG_NV_SPACE + 3)
#define TPM_20_NV_INDEX_EK_TEMPLATE (TPM_20_PLATFORM_MFG_NV_SPACE + 4)
/* EK (Low Range): RSA 2048 */
#define TPM2_NV_RSA_EK_CERT (TPM_20_TCG_NV_SPACE + 0x2)
#define TPM2_NV_RSA_EK_NONCE (TPM_20_TCG_NV_SPACE + 0x3)
#define TPM2_NV_RSA_EK_TEMPLATE (TPM_20_TCG_NV_SPACE + 0x4)
/* Predetermined TPM 2.0 Endorsement policy auth template for SHA2-256 */
/* EK (Low Range): ECC P256 */
#define TPM2_NV_ECC_EK_CERT (TPM_20_TCG_NV_SPACE + 0xA)
#define TPM2_NV_ECC_EK_NONCE (TPM_20_TCG_NV_SPACE + 0xB)
#define TPM2_NV_ECC_EK_TEMPLATE (TPM_20_TCG_NV_SPACE + 0xC)
/* EK (High Range) */
#define TPM2_NV_EK_RSA2048 (TPM_20_TCG_NV_SPACE + 0x12)
#define TPM2_NV_EK_ECC_P256 (TPM_20_TCG_NV_SPACE + 0x14)
#define TPM2_NV_EK_ECC_P384 (TPM_20_TCG_NV_SPACE + 0x16)
#define TPM2_NV_EK_ECC_P521 (TPM_20_TCG_NV_SPACE + 0x18)
#define TPM2_NV_EK_ECC_SM2 (TPM_20_TCG_NV_SPACE + 0x1A)
#define TPM2_NV_EK_RSA3072 (TPM_20_TCG_NV_SPACE + 0x1C)
#define TPM2_NV_EK_RSA4096 (TPM_20_TCG_NV_SPACE + 0x1E)
/* EK Certificate Chains (0x100 - 0x1FF) - Not common */
#define TPM2_NV_EK_CHAIN (TPM_20_TCG_NV_SPACE + 0x100)
/* Predetermined TPM 2.0 Endorsement policy auth templates */
/* SHA256 (Low Range) */
static const BYTE TPM_20_EK_AUTH_POLICY[] = {
0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xb3, 0xf8, 0x1a, 0x90, 0xcc,
0x8d, 0x46, 0xa5, 0xd7, 0x24, 0xfd, 0x52, 0xd7, 0x6e, 0x06, 0x52,
0x0b, 0x64, 0xf2, 0xa1, 0xda, 0x1b, 0x33, 0x14, 0x69, 0xaa,
0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8,
0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24,
0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64,
0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA
};
/* SHA256 (PolicyB - High Range) */
static const BYTE TPM_20_EK_AUTH_POLICY_SHA256[] = {
0xCA, 0x3D, 0x0A, 0x99, 0xA2, 0xB9, 0x39, 0x06,
0xF7, 0xA3, 0x34, 0x24, 0x14, 0xEF, 0xCF, 0xB3,
0xA3, 0x85, 0xD4, 0x4C, 0xD1, 0xFD, 0x45, 0x90,
0x89, 0xD1, 0x9B, 0x50, 0x71, 0xC0, 0xB7, 0xA0
};
#ifdef WOLFSSL_SHA384
/* SHA384 (PolicyB - High Range) */
static const BYTE TPM_20_EK_AUTH_POLICY_SHA384[] = {
0xB2, 0x6E, 0x7D, 0x28, 0xD1, 0x1A, 0x50, 0xBC,
0x53, 0xD8, 0x82, 0xBC, 0xF5, 0xFD, 0x3A, 0x1A,
0x07, 0x41, 0x48, 0xBB, 0x35, 0xD3, 0xB4, 0xE4,
0xCB, 0x1C, 0x0A, 0xD9, 0xBD, 0xE4, 0x19, 0xCA,
0xCB, 0x47, 0xBA, 0x09, 0x69, 0x96, 0x46, 0x15,
0x0F, 0x9F, 0xC0, 0x00, 0xF3, 0xF8, 0x0E, 0x12
};
#endif
#ifdef WOLFSSL_SHA512
/* SHA512 (PolicyB - High Range) */
static const BYTE TPM_20_EK_AUTH_POLICY_SHA512[] = {
0xB8, 0x22, 0x1C, 0xA6, 0x9E, 0x85, 0x50, 0xA4,
0x91, 0x4D, 0xE3, 0xFA, 0xA6, 0xA1, 0x8C, 0x07,
0x2C, 0xC0, 0x12, 0x08, 0x07, 0x3A, 0x92, 0x8D,
0x5D, 0x66, 0xD5, 0x9E, 0xF7, 0x9E, 0x49, 0xA4,
0x29, 0xC4, 0x1A, 0x6B, 0x26, 0x95, 0x71, 0xD5,
0x7E, 0xDB, 0x25, 0xFB, 0xDB, 0x18, 0x38, 0x42,
0x56, 0x08, 0xB4, 0x13, 0xCD, 0x61, 0x6A, 0x5F,
0x6D, 0xB5, 0xB6, 0x07, 0x1A, 0xF9, 0x9B, 0xEA
};
#endif
/* HAL IO Callbacks */
struct TPM2_CTX;

46
wolftpm/tpm2_wrap.h
View File

@ -134,10 +134,6 @@ typedef struct WOLFTPM2_CAPS {
word16 req_wait_state : 1; /* requires SPI wait state */
} WOLFTPM2_CAPS;
/* NV Handles */
#define TPM2_NV_RSA_EK_CERT 0x01C00002
#define TPM2_NV_ECC_EK_CERT 0x01C0000A
/* Wrapper API's to simplify TPM use */
@ -2678,6 +2674,46 @@ WOLFTPM_API int wolfTPM2_GetKeyTemplate_KeyedHash(TPMT_PUBLIC* publicTemplate,
*/
WOLFTPM_API int wolfTPM2_GetKeyTemplate_KeySeal(TPMT_PUBLIC* publicTemplate, TPM_ALG_ID nameAlg);
/*!
\ingroup wolfTPM2_Wrappers
\brief Prepares a TPM public template for generating the TPM Endorsement Key
\return TPM_RC_SUCCESS: successful
\return BAD_FUNC_ARG: check the provided arguments
\param publicTemplate pointer to an empty structure of TPMT_PUBLIC type, to store the new template
\param alg can be only TPM_ALG_RSA or TPM_ALG_ECC, see Note above
\param keyBits integer value, specifying bits for the key, typically 2048 (RSA) or 256 (ECC)
\param curveId use one of the accepted TPM_ECC_CURVE values like TPM_ECC_NIST_P256 (only used when alg=TPM_ALG_ECC)
\param nameAlg integer value of TPMI_ALG_HASH type, specifying a valid TPM2 hashing algorithm (typically TPM_ALG_SHA256)
\param highRange integer value: 0=low range, 1=high range
\sa wolfTPM2_GetKeyTemplate_ECC_EK
\sa wolfTPM2_GetKeyTemplate_RSA_SRK
\sa wolfTPM2_GetKeyTemplate_RSA_AIK
\sa wolfTPM2_GetKeyTemplate_EKIndex
*/
WOLFTPM_API int wolfTPM2_GetKeyTemplate_EK(TPMT_PUBLIC* publicTemplate, TPM_ALG_ID alg,
int keyBits, TPM_ECC_CURVE curveID, TPM_ALG_ID nameAlg, int highRange);
/*!
\ingroup wolfTPM2_Wrappers
\brief Helper to get the Endorsement public key template by NV index
\return TPM_RC_SUCCESS: successful
\return BAD_FUNC_ARG: check the provided arguments
\param nvIndex handle for NV index. Typically starting from TPM_20_TCG_NV_SPACE
\param publicTemplate pointer to an empty structure of TPMT_PUBLIC type, to store the new template
\sa wolfTPM2_GetKeyTemplate_EK
\sa wolfTPM2_GetKeyTemplate_ECC_EK
\sa wolfTPM2_GetKeyTemplate_RSA_SRK
\sa wolfTPM2_GetKeyTemplate_RSA_AIK
*/
WOLFTPM_API int wolfTPM2_GetKeyTemplate_EKIndex(word32 nvIndex,
TPMT_PUBLIC* publicTemplate);
/*!
\ingroup wolfTPM2_Wrappers
\brief Prepares a TPM public template for generating the TPM Endorsement Key of RSA type
@ -2687,6 +2723,7 @@ WOLFTPM_API int wolfTPM2_GetKeyTemplate_KeySeal(TPMT_PUBLIC* publicTemplate, TPM
\param publicTemplate pointer to an empty structure of TPMT_PUBLIC type, to store the new template
\sa wolfTPM2_GetKeyTemplate_EK
\sa wolfTPM2_GetKeyTemplate_ECC_EK
\sa wolfTPM2_GetKeyTemplate_RSA_SRK
\sa wolfTPM2_GetKeyTemplate_RSA_AIK
@ -2702,6 +2739,7 @@ WOLFTPM_API int wolfTPM2_GetKeyTemplate_RSA_EK(TPMT_PUBLIC* publicTemplate);
\param publicTemplate pointer to an empty structure of TPMT_PUBLIC type, to store the new template
\sa wolfTPM2_GetKeyTemplate_EK
\sa wolfTPM2_GetKeyTemplate_RSA_EK
\sa wolfTPM2_GetKeyTemplate_ECC_SRK
\sa wolfTPM2_GetKeyTemplate_ECC_AIK