WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Documentation and minor fixes. Tested with older SLB9670 and ST33TPH.

pull/360/head
David Garske 2024-07-26 14:38:29 -07:00
parent 57f12df97b
commit 65d0e6aa76
4 changed files with 339 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -824,6 +824,13 @@ Connection: close
```
### TPM Endorsement Key Certificates
The TCG EK Credential Profile defines how manfactures provision endorsement certificates in the TCG NV index range (see TPM_20_TCG_NV_SPACE).
The `get_ek_certs` example show how to retrieve those EK cerificates, validate them and create a primary EK handle for signing key.
See `./examples/endorsement/get_ek_certs`.
## Todo
* Update to v1.59 of specification (adding CertifyX509).

23
examples/endorsement/README.md
View File

@ -1,12 +1,27 @@
# TPM Endorsement Certificates
The `get_ek_certs` example will enumerate and validate the Endorsement Key Certificates stored in the NV TCG region.
TPM manufactures provision Endorsement Certificates based on a TPM key. This certificate can be used for signing/endorsement.
The `get_ek_certs` example will enumerate and validate the Endorsement Key Certificates stored in the NV TCG region.
We have loaded some of the root and intermediate CA's into the trusted_certs.h file.
## Infineon SLB9672 EK Certificate Chain
## Example Detail
1) Get handles in the TCG NV range using `wolfTPM2_GetHandles` with `TPM_20_TCG_NV_SPACE`.
2) Get size of the certificate by reading the public NV information using `wolfTPM2_NVReadPublic`.
3) Read the NV data (certificate DER/ASN.1) from the NV index using `wolfTPM2_NVReadAuth`.
4) Get the EK public template using the NV index by calling `wolfTPM2_GetKeyTemplate_EKIndex` or `wolfTPM2_GetKeyTemplate_EK`.
5) Create the primary endorsement key with public template and TPM_RH_ENDORSEMENT hierarchy using `wolfTPM2_CreatePrimaryKey`.
6) Parse the ASN.1/DER certificate using `wc_ParseCert` to extract issuer, serial number, etc...
7) The URI for the CA issuer certificate can be obtained in `extAuthInfoCaIssuer`.
8) Import the certificate public key and compare it against the primary EK public unique area.
9) Use the wolfSSL Certificate Manager to validate the EK certificate. Trusted certificates are loaded using `wolfSSL_CertManagerLoadCABuffer` and the EK certificate is validated using `wolfSSL_CertManagerVerifyBuffer`.
10) Optionally covert to PEM and export using `wc_DerToPem`.
## Example certificate chains
### Infineon SLB9672
Infineon certificates for TPM 2.0 can be downloaded from the following URLs (replace xxx with 3-digit CA number):
@ -21,7 +36,7 @@ Examples:
- Infineon OPTIGA(TM) ECC Root CA 2
- Infineon OPTIGA(TM) TPM 2.0 ECC CA 059
## STMicro ST33KTPM EK Certificate Chain
### STMicro ST33KTPM
Example:

60
examples/endorsement/get_ek_certs.c
View File

@ -223,39 +223,40 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
for (nvIdx=0; nvIdx<(int)handles.count; nvIdx++) {
nvIndex = handles.handle[nvIdx];
XMEMSET(&nv, 0, sizeof(nv)); /* Must reset the NV for each read */
XMEMSET(certBuf, 0, sizeof(certBuf));
printf("TCG Handle 0x%x\n", nvIndex);
/* Read Public portion of NV */
rc = wolfTPM2_NVReadPublic(&dev, nvIndex, &nvPublic);
/* Get Endorsement Public Key template using NV index */
rc = wolfTPM2_GetKeyTemplate_EKIndex(nvIndex, &publicTemplate);
if (rc != 0) {
printf("Failed to read public for NV Index 0x%08x\n", nvIndex);
printf("EK Index 0x%08x not valid\n", nvIndex);
continue;
}
/* Read data */
XMEMSET(&nv, 0, sizeof(nv)); /* Must reset the NV for each read */
XMEMSET(certBuf, 0, sizeof(certBuf));
certSz = (uint32_t)sizeof(certBuf);
if (certSz > nvPublic.dataSize) {
certSz = nvPublic.dataSize;
/* Read Public portion of NV to get actual size */
rc = wolfTPM2_NVReadPublic(&dev, nvIndex, &nvPublic);
if (rc != 0) {
printf("Failed to read public for NV Index 0x%08x\n", nvIndex);
}
rc = wolfTPM2_NVReadAuth(&dev, &nv, nvIndex, certBuf, &certSz, 0);
/* Read data */
if (rc == 0) {
#ifdef DEBUG_WOLFTPM
printf("EK Data: %d\n", certSz);
TPM2_PrintBin(certBuf, certSz);
#endif
certSz = (uint32_t)sizeof(certBuf);
if (certSz > nvPublic.dataSize) {
certSz = nvPublic.dataSize;
}
rc = wolfTPM2_NVReadAuth(&dev, &nv, nvIndex, certBuf, &certSz, 0);
if (rc == 0) {
#ifdef DEBUG_WOLFTPM
printf("EK Data: %d\n", certSz);
TPM2_PrintBin(certBuf, certSz);
#endif
}
}
/* Create Endorsement Key */
if (rc == 0) {
/* Get Endorsement Public Key template using NV index */
rc = wolfTPM2_GetKeyTemplate_EKIndex(nvIndex, &publicTemplate);
if (rc != 0) {
printf("EK Index 0x%08x not valid\n", nvIndex);
rc = BAD_FUNC_ARG;
}
}
if (rc == 0) {
/* Create Endorsement Key using EK auth policy */
printf("Creating Endorsement Key\n");
@ -324,12 +325,14 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
}
}
else {
printf("Error importing certificates public key! %d\n", rc);
printf("Error importing certificates public key! %s (%d)\n",
TPM2_GetRCString(rc), rc);
rc = 0; /* ignore error */
}
}
else {
printf("Error parsing certificate 0x%x: %s\n",
rc, TPM2_GetRCString(rc));
printf("Error parsing certificate! %s (%d)\n",
TPM2_GetRCString(rc), rc);
}
wc_FreeDecodedCert(&cert);
@ -345,8 +348,8 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
#ifdef WOLFSSL_DER_TO_PEM
/* Convert certificate to PEM and display */
rc = wc_DerToPemEx(certBuf, certSz, NULL, 0, NULL, CERT_TYPE);
if (rc > 0) {
rc = wc_DerToPem(certBuf, certSz, NULL, 0, CERT_TYPE);
if (rc > 0) { /* returns actual PEM size */
pemSz = (word32)rc;
rc = 0;
@ -359,7 +362,8 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
if (rc == 0) {
XMEMSET(pem, 0, pemSz);
rc = wc_DerToPem(certBuf, certSz, (byte*)pem, pemSz, CERT_TYPE);
if (rc > 0) {
if (rc > 0) { /* returns actual PEM size */
pemSz = (word32)rc;
rc = 0;
}
}

281
examples/endorsement/trusted_certs.h
View File

@ -65,6 +65,76 @@ static const char* trusted_certs[] = {
"OyD3mUxh8uFPhavNYLdFtrwguXqTVyZcZB+D\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) ECC Root CA
* Algorithms: ECDSA SECP384R1, SHA2-384
* Validity: Jul 25 23:59:59 2043 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIICWzCCAeKgAwIBAgIBBDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEhMB8G\n"
"A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo\n"
"VE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUNDIFJv\n"
"b3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYDVQQG\n"
"EwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQL\n"
"DBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShU\n"
"TSkgRUNDIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQm1HxLVgvAu1q2\n"
"GM+ymTz12zdTEu0JBVG9CdsVEJv/pE7pSWOlsG3YwU792YAvjSy7zL+WtDK40KGe\n"
"Om8bSWt46QJ00MQUkYxz6YqXbb14BBr06hWD6u6IMBupNkPd9pKjQjBAMB0GA1Ud\n"
"DgQWBBS0GIXISkrFEnryQDnexPWLHn5K0TAOBgNVHQ8BAf8EBAMCAAYwDwYDVR0T\n"
"AQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjA6QZcV8DjjbPuKjKDZQmTRywZk\n"
"MAn8wE6kuW3EouVvBt+/2O+szxMe4vxj8R6TDCYCMG7c9ov86ll/jDlJb/q0L4G+\n"
"+O3Bdel9P5+cOgzIGANkOPEzBQM3VfJegfnriT/kaA==\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) ECC Manufacturing CA 004
* Issuer: CN=Infineon OPTIGA(TM) ECC Root CA
* Algorithms: ECDSA SECP256R1, SHA2-256
* Validity: Nov 24 15:50:15 2034 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIDRzCCAs2gAwIBAgIEfqIJfTAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh\n"
"MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ\n"
"R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND\n"
"IFJvb3QgQ0EwHhcNMTQxMTI0MTU1MDE1WhcNMzQxMTI0MTU1MDE1WjCBgzELMAkG\n"
"A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG\n"
"A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH\n"
"QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDA0MFkwEwYHKoZIzj0CAQYIKoZI\n"
"zj0DAQcDQgAEU4vVtCu+sc2VldUl0QToWhbfRiAhumb2S3Seqm1P56agXPJsXw2h\n"
"ssA8ic0Jw7h1bGpM6+EzNBesTpGksBYuLqOCATgwggE0MFcGCCsGAQUFBwEBBEsw\n"
"STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj\n"
"Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFL1sacB1nqqV3W0V\n"
"bqZBcMS5s2x4MA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG\n"
"A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj\n"
"Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB\n"
"FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF\n"
"Z4EFCAEwCgYIKoZIzj0EAwMDaAAwZQIwTJ3astNZ2hyRMPG3RO1BeKieoANrv0jr\n"
"n5GONNPGZ11mVZYgFVSiheBZ9xqOFMvZAjEA9Qk+Dwmei1FuY/ztnGeRLw7bJ7lo\n"
"u+rdhyvlzIO6aI8x5wgJsbcX6ST5QEncz99t\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) TPM 2.0 ECC CA 042
* Issuer: CN=Infineon OPTIGA(TM) ECC Root CA
* Algorithms: ECDSA SECP256R1, SHA2-384
* Validity: Feb 8 15:39:27 2043 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIDOjCCAr+gAwIBAgIEGVn1IzAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh\n"
"MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ\n"
"R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND\n"
"IFJvb3QgQ0EwHhcNMjMwMjA4MTUzOTI3WhcNNDMwMjA4MTUzOTI3WjB2MQswCQYD\n"
"VQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRMwEQYD\n"
"VQQLDApPUFRJR0EoVE0pMS8wLQYDVQQDDCZJbmZpbmVvbiBPUFRJR0EoVE0pIFRQ\n"
"TSAyLjAgRUNDIENBIDA0MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHy6yq3F\n"
"3TCvBXY63AGJzHxRf45Gipj7C+W9mnAyz3LAEMTIVBtS4XcvHR6oQBt7RRvrpwLe\n"
"TJjg1Ngg0F4zHPGjggE4MIIBNDBXBggrBgEFBQcBAQRLMEkwRwYIKwYBBQUHMAKG\n"
"O2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVjY1Jvb3RDQS9PcHRpZ2FF\n"
"Y2NSb290Q0EuY3J0MB0GA1UdDgQWBBSxHzPMpgZWuiWcLpBaO1Q/UkSXkTAOBgNV\n"
"HQ8BAf8EBAMCAAYwEgYDVR0TAQH/BAgwBgEB/wIBADBMBgNVHR8ERTBDMEGgP6A9\n"
"hjtodHRwOi8vcGtpLmluZmluZW9uLmNvbS9PcHRpZ2FFY2NSb290Q0EvT3B0aWdh\n"
"RWNjUm9vdENBLmNybDAVBgNVHSAEDjAMMAoGCCqCFABEARQBMB8GA1UdIwQYMBaA\n"
"FLQYhchKSsUSevJAOd7E9YsefkrRMBAGA1UdJQQJMAcGBWeBBQgBMAoGCCqGSM49\n"
"BAMDA2kAMGYCMQCyjrqHq1qqHCQQ14dvBtqUT90XuvfSOwE6Hda3GlIa9FdYC4Ue\n"
"AVJ/CuRKHi/VQSkCMQDc+HAcnipcopZBsa/jPV6Y6YdgnVCcDY0tdwtaeQgGNBRz\n"
"GRt1rxF2x8QNOKB9f28=\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) RSA Root CA 2
* Algorithms: RSA 4096-bit, SHA2-256
* Validity: Nov 22 23:59:59 2054 GMT */
@ -145,6 +215,119 @@ static const char* trusted_certs[] = {
"Q6kr1MlRyGqkQFTEeOHGI0PngcLQJzKYfjHDDEZ+GA==\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) RSA Root CA
* Algorithms: RSA 4096-bit, SHA2-256
* Validity: Jul 25 23:59:59 2043 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIFqzCCA5OgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJERTEh\n"
"MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ\n"
"R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgUlNB\n"
"IFJvb3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYD\n"
"VQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYD\n"
"VQQLDBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElH\n"
"QShUTSkgUlNBIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\n"
"AQC7E+gc0B5T7awzux66zMMZMTtCkPqGv6a3NVx73ICg2DSwnipFwBiUl9soEodn\n"
"25SVVN7pqmvKA2gMTR5QexuYS9PPerfRZrBY00xyFx84V+mIRPg4YqUMLtZBcAwr\n"
"R3GO6cffHp20SBH5ITpuqKciwb0v5ueLdtZHYRPq1+jgy58IFY/vACyF/ccWZxUS\n"
"JRNSe4ruwBgI7NMWicxiiWQmz1fE3e0mUGQ1tu4M6MpZPxTZxWzN0mMz9noj1oIT\n"
"ZUnq/drN54LHzX45l+2b14f5FkvtcXxJ7OCkI7lmWIt8s5fE4HhixEgsR2RX5hzl\n"
"8XiHiS7uD3pQhBYSBN5IBbVWREex1IUat5eAOb9AXjnZ7ivxJKiY/BkOmrNgN8k2\n"
"7vOS4P81ix1GnXsjyHJ6mOtWRC9UHfvJcvM3U9tuU+3dRfib03NGxSPnKteL4SP1\n"
"bdHfiGjV3LIxzFHOfdjM2cvFJ6jXg5hwXCFSdsQm5e2BfT3dWDBSfR4h3Prpkl6d\n"
"cAyb3nNtMK3HR5yl6QBuJybw8afHT3KRbwvOHOCR0ZVJTszclEPcM3NQdwFlhqLS\n"
"ghIflaKSPv9yHTKeg2AB5q9JSG2nwSTrjDKRab225+zJ0yylH5NwxIBLaVHDyAEu\n"
"81af+wnm99oqgvJuDKSQGyLf6sCeuy81wQYO46yNa+xJwQIDAQABo0IwQDAdBgNV\n"
"HQ4EFgQU3LtWq/EY/KaadREQZYQSntVBkrkwDgYDVR0PAQH/BAQDAgAGMA8GA1Ud\n"
"EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGHTBUx3ETIXYJsaAgb2pyyN\n"
"UltVL2bKzGMVSsnTCrXUU8hKrDQh3jNIMrS0d6dU/fGaGJvehxmmJfjaN/IFWA4M\n"
"BdZEnpAe2fJEP8vbLa/QHVfsAVuotLD6QWAqeaC2txpxkerveoV2JAwj1jrprT4y\n"
"rkS8SxZuKS05rYdlG30GjOKTq81amQtGf2NlNiM0lBB/SKTt0Uv5TK0jIWbz2WoZ\n"
"gGut7mF0md1rHRauWRcoHQdxWSQTCTtgoQzeBj4IS6N3QxQBKV9LL9UWm+CMIT7Y\n"
"np8bSJ8oW4UdpSuYWe1ZwSjZyzDiSzpuc4gTS6aHfMmEfoVwC8HN03/HD6B1Lwo2\n"
"DvEaqAxkya9IYWrDqkMrEErJO6cqx/vfIcfY/8JYmUJGTmvVlaODJTwYwov/2rjr\n"
"la5gR+xrTM7dq8bZimSQTO8h6cdL6u+3c8mGriCQkNZIZEac/Gdn+KwydaOZIcnf\n"
"Rdp3SalxsSp6cWwJGE4wpYKB2ClM2QF3yNQoTGNwMlpsxnU72ihDi/RxyaRTz9OR\n"
"pubNq8Wuq7jQUs5U00ryrMCZog1cxLzyfZwwCYh6O2CmbvMoydHNy5CU3ygxaLWv\n"
"JpgZVHN103npVMR3mLNa3QE+5MFlBlP3Mmystu8iVAKJas39VO5y5jad4dRLkwtM\n"
"6sJa8iBpdRjZrBp5sJBI\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) RSA Manufacturing CA 004
* Issuer: CN=Infineon OPTIGA(TM) RSA Root CA
* Algorithms: RSA 2048-bit, SHA2-256
* Validity: Nov 24 15:39:16 2034 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIFszCCA5ugAwIBAgIEIe/JKTANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE\n"
"RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP\n"
"UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg\n"
"UlNBIFJvb3QgQ0EwHhcNMTQxMTI0MTUzOTE2WhcNMzQxMTI0MTUzOTE2WjCBgzEL\n"
"MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa\n"
"MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q\n"
"VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDA0MIIBIjANBgkqhkiG9w0B\n"
"AQEFAAOCAQ8AMIIBCgKCAQEAhFAEamE+AGtKlpCDU1ILU3NUVjkrU2MiD+RcYM44\n"
"/+t6Ho90lVLIarwpjUC9E6skZDwSfjDFv1yR+xJ6nnfK05PX6CcW4I6xIYsPLESQ\n"
"Pe988Ug9FoTvqgQ/yy+5Ru16xFNWWCCF1KgMwyxgaX2hnkUU7aOIVPD1pHS/17TN\n"
"6F2zl46OL8qX9z9yHi+DRtjWZrQhQQ6lvi+hU+fgtFKGUUdZL/jyZXALVMvTt9hO\n"
"o7HPJDbzAIfCY5TZQByTbUwN+61twPw3m8QzNI79GlDDewD2nVzomDJUvV02Dbrb\n"
"e+NiLnZ/jZcHzWmF0ERqXM/sNnsWxSx7ECQV9mb4LPscCwIDAQABo4IBODCCATQw\n"
"VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u\n"
"LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E\n"
"FgQUJjt0TYVBK65uE+lKU8I1GFuk7uwwDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB\n"
"/wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv\n"
"bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g\n"
"BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS\n"
"uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEANY49i1/+6S9J\n"
"VS/yaHfxn49uVFMwJNeM7Ez6sANMxZ6UlSW5tz1xcwBo9ysViyt9W45MmKbXz0jz\n"
"HQBTuq3jq+aDjYJAtpvlQoqARSa0P6hXPMYXXLas7z/DwUeWomV+iYczG067Swsh\n"
"jQ4WKtg3o4f82Zmd39oJpYgIbJJPC7KyaNuDionRw5fiVfgEPRmUsB1jQGWz/d/r\n"
"YWjFU6zr6kqrVoostGls6PXxfyYcw9iiMsHWgsekyW3q+4mDRSaLJMyixw1Vwfy0\n"
"TmYjrwg6hi9+JrIJpnFCb8aCjZvZ0JZj+tWgjGnmw0acej2SEFItMBz0UHQNXn0j\n"
"BLVYfu9RwulqFWd52pumJVHECoDEQn93MdzippYAqEE9kaEl5wt8cd+9uRCcBuy2\n"
"OPleKXWvuYEEjqH7SbBxHiZuqdHZvFkfRdSNc1dW7sKE6N4UZ+b8+UoCha2pUzE2\n"
"yYeE3dkv/E1K+6uq38Fe42Iz22hlZrEeA3aGrHopOFvUY2MOM8ksdDBwQZ5YzBQ4\n"
"HcD5RHrvsYUbkcPnnVVkN+M8IKJ+6LVowx3EG+ytzVixHrSVJ91ooG9ocD2vxZAU\n"
"bY8gLugWaRbOZkgYaHTj4Rjq3ZxuEPXEDKrSm7nUgMMlq5BDYhVzBWXrJtyYIv37\n"
"QHaD0AfWGx+CiPbtXWmvkhC+QLzYnWI=\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=Infineon OPTIGA(TM) TPM 2.0 RSA CA 042
* Issuer: CN=Infineon OPTIGA(TM) RSA Root CA
* Algorithms: RSA 2048-bit, SHA2-256
* Validity: Feb 8 15:28:15 2043 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIFpTCCA42gAwIBAgIEX/V0ezANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE\n"
"RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP\n"
"UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg\n"
"UlNBIFJvb3QgQ0EwHhcNMjMwMjA4MTUyODE1WhcNNDMwMjA4MTUyODE1WjB2MQsw\n"
"CQYDVQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRMw\n"
"EQYDVQQLDApPUFRJR0EoVE0pMS8wLQYDVQQDDCZJbmZpbmVvbiBPUFRJR0EoVE0p\n"
"IFRQTSAyLjAgUlNBIENBIDA0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\n"
"ggEBAIVUeKYRnVu2bZCwKKd5zH3oOYz73J3ZPoMviq90y51mccnCiydAwR5k+uSr\n"
"NBjIUUVpQc11K005HbU42lA02XHBlchHVAd1rHPUp55Qvscsh/OU0MTV7Cb7LLnS\n"
"Mm9hD7K5bwdNjnSxD6gayoBwAOa5p23FBuqCiUPNzUD+1rtrkYyFD3t8WmnDbfxe\n"
"UWh5wWzIV0PGV7sKPOov+IXEfXFF+fWAwsGXTPi5+cibRLwoy88Rk/+vRLVxg0eZ\n"
"OnxH8B+qcpEIPmXfxbdGqUoY82icT1Nj1EjCjkyMTAxH5Q+8PVDHDjyRLNg+6aYt\n"
"MXYTX0D6MxhobOVjYLgZAnQPlkcCAwEAAaOCATgwggE0MFcGCCsGAQUFBwEBBEsw\n"
"STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhUnNh\n"
"Um9vdENBL09wdGlnYVJzYVJvb3RDQS5jcnQwHQYDVR0OBBYEFF0IFZUfX2Bjimnn\n"
"JS8+xL7NdVSyMA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG\n"
"A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYVJz\n"
"YVJvb3RDQS9PcHRpZ2FSc2FSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB\n"
"FAEwHwYDVR0jBBgwFoAU3LtWq/EY/KaadREQZYQSntVBkrkwEAYDVR0lBAkwBwYF\n"
"Z4EFCAEwDQYJKoZIhvcNAQELBQADggIBAHvzvbu2R2CTigvQNVNIBD+10puObvI7\n"
"p4n2u7ckS+RJaaFYysnC939IexEzqMHgZOSGJD2Fzq9Yqa2gMHzgsnzdj1V4ssfz\n"
"GEboIVJ3nhItIqgVj0HXfQrb1JXU7noI+db87MGA0gfLG52wqTI26gqZtb9GH6JB\n"
"y6OIL8NvmrRUpgOb6r0ltAhmIDnQz73M7qW0j1Y/OKa3M8T8QVSdbDeNydH2eSck\n"
"NzvbkeZED63YPcztxMGqZ3kL1NfzGHqtPvjlS53kQ4k+uvU42X4uzldBsXaByXMK\n"
"gjQKaEgG64lCLafQWB3KjgF6U37oHQ3GvCOeR6HZx/MOZXr9+T6ZzdVQJPZcIPu2\n"
"9dhftbLYYKlnkSab8JwPX1cpXJL+xMqd6Bjpr044iOTrD/Hjqck+QvhCt2pSpB4e\n"
"72z21KboAFb6xLUYf8KIvnhY9XFeBGpLabKn1Gq79x4BLsXJQuuQ8bmwWDa+e+F5\n"
"rb16CgnTvwMJE8+B0hOdk+/40whTwVwc7OlAwkRHiVKfPw7JOP4pyOV0QIlyWLcH\n"
"2yg7raQFCjdtnvIX0Eq3RDwFk6b9hK3+89uIuA8/uW3bY5HuJEQd0bWZoeD2WBHf\n"
"V9iAx0TwwBsEPrHwQxB6uktXjqCKk1PJAtaiAB6hFQpe26gAopXnxA6ezpgMKGVt\n"
"e1NOreRnWJCu\n"
"-----END CERTIFICATE-----\n",
/* ---------------------------------------------------------------*/
/* STMicroelectronics NV */
@ -218,6 +401,48 @@ static const char* trusted_certs[] = {
"3QJ/mdWzkS8U0LlHNOV2Lb9PF4B10A==\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STM TPM ECC Root CA 01
* Algorithms: ECDSA SECP384R1, SHA2-384
* Validity: Jan 19 03:14:07 2038 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIICyDCCAk+gAwIBAgIORyzLp/OdsAvb9r+66LowCgYIKoZIzj0EAwMwgYsxOzA5\n"
"BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg\n"
"QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTcwNQYDVQQDEy5HbG9iYWxT\n"
"aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIEVDQyBSb290IENBMB4XDTE1MTAy\n"
"ODAwMDAwMFoXDTM4MDExOTAzMTQwN1owTjELMAkGA1UEBhMCQ0gxHjAcBgNVBAoT\n"
"FVNUTWljcm9lbGVjdHJvbmljcyBOVjEfMB0GA1UEAxMWU1RNIFRQTSBFQ0MgUm9v\n"
"dCBDQSAwMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABG7/OLXMiprQQHwNnkpT6aqG\n"
"zOGLcbbAgUtyjlXOZtuv0GB0ttJ6fwMwgFtt8RKlko8Bwn89/BoZOUcI4ne8ddRS\n"
"oqE6StnU3I13qqjalToq3Rnz61Omn6NErK1pxUe3j6OBtTCBsjAOBgNVHQ8BAf8E\n"
"BAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUIJJWPAtDqAVyUwMp\n"
"BxwH4OvsAwQwHwYDVR0jBBgwFoAUYT78EZkKf7CpW5CgJl4pYUe3MAMwTAYDVR0g\n"
"BEUwQzBBBgkrBgEEAaAyAVowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xv\n"
"YmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCgYIKoZIzj0EAwMDZwAwZAIwWnuUAzwy\n"
"vHUhHehymKTZ2QcPUwHX0LdcVTac4ohyEL3zcuv/dM0BN62kFxHgBOhWAjAIxt9i\n"
"50yAxy0Z/MeV2NTXqKpLwdhWNuzOSFZnzRKsh9MxY3zj8nebDNlHTDGSMR0=\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STM TPM ECC Intermediate CA 02
* Issuer: CN=STM TPM ECC Root CA 01
* Algorithms: ECDSA SECP256R1, SHA2-384
* Validity: Nov 22 00:00:00 2038 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIICZTCCAeygAwIBAgIEQAAAAjAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJDSDEe\n"
"MBwGA1UECgwVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMR8wHQYDVQQDDBZTVE0gVFBN\n"
"IEVDQyBSb290IENBIDAxMB4XDTE4MTEyMjAwMDAwMFoXDTM4MTEyMjAwMDAwMFow\n"
"VjELMAkGA1UEBhMCQ0gxHjAcBgNVBAoMFVNUTWljcm9lbGVjdHJvbmljcyBOVjEn\n"
"MCUGA1UEAwweU1RNIFRQTSBFQ0MgSW50ZXJtZWRpYXRlIENBIDAyMFkwEwYHKoZI\n"
"zj0CAQYIKoZIzj0DAQcDQgAE08t33aGM5M5aeBmzcn5H3HS31CGBJ2bbJ6fvJJ0i\n"
"VCfZrN9sesL0D+NGfwtEklk7mgT/2vfW2dO9OqsyukSw2aOBrzCBrDAdBgNVHQ4E\n"
"FgQUZi2PHOzf8UeotvDqKWr38kyt+c8wHwYDVR0jBBgwFoAUIJJWPAtDqAVyUwMp\n"
"BxwH4OvsAwQwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYBBQUHAgEWIWh0\n"
"dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAPBgNVHQ8BAf8EBQMDAQQC\n"
"MBIGA1UdEwEB/wQIMAYBAf8CAQAwCgYIKoZIzj0EAwMDZwAwZAIwJl4q6QuGhqQD\n"
"pvP1gBBu8OhbQAXL8Rwhg1FWs8BvC4VYt6Tqe9xLqjbtbgR8UOyvAjAhzSbC+r8A\n"
"2Wx1aOwAIqs1tmBXpofqcOXYeCSXKajOv5Jlzk6sDnEH2omN+ydt924=\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STSAFE RSA Root CA 02
* Algorithms: RSA 4096-bit, SHA2-384
* Validity: Dec 31 00:00:00 9999 GMT */
@ -295,6 +520,62 @@ static const char* trusted_certs[] = {
"uKErQfPEhjYLdzF8/OYW7w==\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STM TPM EK Root CA
* Algorithms: RSA 2048-bit, SHA2-256
* Validity: Dec 31 23:59:59 2039 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIEDDCCAvSgAwIBAgILBAAAAAABIsFs834wDQYJKoZIhvcNAQELBQAwgYcxOzA5\n"
"BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg\n"
"QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTMwMQYDVQQDEypHbG9iYWxT\n"
"aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIFJvb3QgQ0EwHhcNMDkwNzI4MTIw\n"
"MDAwWhcNMzkxMjMxMjM1OTU5WjBKMQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RN\n"
"aWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0gVFBNIEVLIFJvb3QgQ0Ew\n"
"ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxBLG5wcB9J0MsiJMreoWQ\n"
"l21bBN12SSGZPJ3HoPjzcrzAz6SPy+TrFmZ6eUVspsFL/23wdPprqTUtDHi+C2pw\n"
"k/3dF3/Rb2t/yHgiPlbCshYpi5f/rJ7nzbQ1ca2LzX3saBe53VfNQQV0zd5uM0DT\n"
"SrmAKU1RIAj2WlZFWXoN4NWTyRtqT5suPHa2y8FlCWMZKlS0FiY4pfM20b5YQ+EL\n"
"4zqb9zN53u/TdYZegrfSlc30Nl9G13Mgi+8rtPFKwsxx05EBbhVroH7aKVI1djsf\n"
"E1MVrUzw62PHik3xlzznXML8OjY//xKeiCWcsApuGCaIAf7TsTRi2l8DNB3rCr1X\n"
"AgMBAAGjgbQwgbEwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQEw\n"
"HQYDVR0OBBYEFG/mxWwHt2yLCoGSg1zLQR72jtEnMEsGA1UdIAREMEIwQAYJKwYB\n"
"BAGgMgFaMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2xvYmFsc2lnbi5uZXQv\n"
"cmVwb3NpdG9yeS8wHwYDVR0jBBgwFoAUHiNj8IW19iVO7RrAUL5lfMfUFXowDQYJ\n"
"KoZIhvcNAQELBQADggEBAFrKpwFmRh7BGdpPZWc1Y6wIbdTAF6T+q1KwDJcyAjgJ\n"
"qThFp3xTAt3tvyVrCRf7T/YARYE24DNa0iFaXsIXeQASDYHJjAZ6LQTslYBeRYLb\n"
"C9v8ZE2ocKSCiC8ALYlJWk39Wob0H1Lk6l2zcUo3oKczGiAcRrlmwV496wvGyted\n"
"2RBcLZro7yhOOGr9KMabV14fNl0lG+31J1nWI2hgTqh53GXg1QH2YpggD3b7UbVm\n"
"c6GZaX37N3z15XfQafuAfHt10kYCNdePzC9tOwirHIsO8lrxoNlzOSxX8SqQGbBI\n"
"+kWoe5+SY3gdOGGDQKIdw3W1poMN8bQ5x7XFcgVMwVU=\n"
"-----END CERTIFICATE-----\n",
/* Subject: CN=STM TPM EK Intermediate CA 06
* Issuer: CN=STM TPM EK Root CA
* Algorithms: RSA 2048-bit, SHA2-256
* Validity: Jan 1 00:00:00 2038 GMT */
"-----BEGIN CERTIFICATE-----\n"
"MIIDzDCCArSgAwIBAgIEQAAABzANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD\n"
"SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g\n"
"VFBNIEVLIFJvb3QgQ0EwHhcNMTgxMDMxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjBV\n"
"MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw\n"
"JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwNjCCASIwDQYJKoZI\n"
"hvcNAQEBBQADggEPADCCAQoCggEBAOvIjXBLbVBfIC7SFjcz4hm6R0IyuRJpJ45n\n"
"pYytlAHmoVosoT3isl52T4UB4T1r1b8y7Y+vW3Ed0sZO+m/pHtUc5h9050ynGedt\n"
"0uvuNZ1cVnX2h/XTcdKIawqEBVXRZQ5OJMp/aDlUwsUeBT+SlhAagNhmyNw2tC2a\n"
"b5d7qr8FU03Ds6io892aSD23z51yLAix121uUHIPmHByaZRnaKctTbu7ulwINlrd\n"
"cB953Z0WVQhil5yjZs14yd4yAnA3Z1ZW+mrOkr8ehVsUbvrUxyfhMInMrETIxR4R\n"
"9X5cTIVia2SVTtfqrb6XMC1/T7K1PH90QXtlt3WILMMNJhLDy+kCAwEAAaOBrjCB\n"
"qzAdBgNVHQ4EFgQU+xfXDXNIcOkZxOjmA5deZk4OQ94wHwYDVR0jBBgwFoAUb+bF\n"
"bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB\n"
"BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B\n"
"Af8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA\n"
"OiwipeVJ4yK/hBF6KgfcCUltlqmoPoHyffzfpPjNBeYqmdaRqxJdbY9FaSrcbJBA\n"
"hKRHfWYPCB03TnWstmfadgzbC/8mITx56Cb2EXpvYhrAu8G7a54h0sIhEloK/FAx\n"
"Zdgg3Y2tnPhihQ80xdqtaZRoXqjiqKq1p7IHwtQZiFCCCD1jny8qfZLCOYx50/mJ\n"
"QXk8WvzPl0xsAOhp5Id6OAeq/6dmwjUBpZBzhwmbnt5kX7OKnuoVr3H+8X1Zycz8\n"
"lq3znYqMaPWDTIQm6gnm//ahb9bBN0GL57fT6RuNy6jH7SRZYZ4zZRtAHyPogA/b\n"
"gbBsXr0NrHh671Y1j4cOYA==\n"
"-----END CERTIFICATE-----\n",
};
#endif /* WOLFTPM_TRUSTED_CERTS_H */