Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The CA MUST follow the processing rules outlined below to perform key attestation based on a trusted public key.
The CA MUST create a SHA2 hash of the trust module public key as a hexadecimal string with spaces removed.
For each folder location contained by the Config_Hardware_Key_List_Directories ADM element, the CA MUST search for a file with a name matching the SHA2 hash of the public key created in step 1.
Note This search SHOULD be case-insensitive.
If a file is found with the SHA2 hash of the public key as a hexadecimal string with no spaces in step 2, the CA MUST set the CR_FLG_TRUSTEKKEY flag in the Request_Request_Flags column of the Request table ([MS-CSRA] section 3.1.1.1.2) to indicate that key attestation succeeded on a trusted key.