[svsm-devel] vTPM service attestation format update

[Dionna Amalie Glaze]

> However, the last sentence about make/activate credential makes me
> think you're being too traditional about this.

If instead we use TPM2_CreatePrimary with a public key template that
has its bit 18 set in objectAttributes and use the EK handle for
TPM2_Quote, then there's a great deal to change in user space.
tpm2_createek doesn't give this as an option for example. Is adding a
--non-anonymous-ak (or some such) to the TSS for EK creation part of
your plan?



--
-Dionna Glaze, PhD, CISSP, CCSP (she/her)