Quick question about the quote method in the Attestor class of the jsr321.
I though PCR values could be signed only by an AIK, but I see that also using a normal SigningKey is possible.
Doesn't this give the opportunity to feed false external PCR values to the TPM and make it sign with the Signing key? I though that was the reason why only AIKs could be used, since they can only sign data generated inside the TPM. Or is there a way to force a SigningKey to not sign external data. Or did I misunderstand something?
Thanks for any clarification!
Get latest updates about Open Source Projects, Conferences and News.