Re: [Rats] TPM1.2 Quote1 vs Quote2

Guy Fedorkow <gfedorkow@juniper.net> Wed, 09 December 2020 17:03 UTC

Return-Path: <gfedorkow@juniper.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF3383A0FD5 for <rats@ietfa.amsl.com>; Wed, 9 Dec 2020 09:03:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=Tsf+rIp9; dkim=pass (1024-bit key) header.d=juniper.net header.b=ZtdMawa/
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmUkENuYB-uL for <rats@ietfa.amsl.com>; Wed, 9 Dec 2020 09:03:39 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36EC63A0FD2 for <rats@ietf.org>; Wed, 9 Dec 2020 09:03:39 -0800 (PST)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0B9GskDd031487; Wed, 9 Dec 2020 09:03:34 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=gIcVV/jtzSr0De4jU6FIKa3GEyvSIkaIpdTA8iHHjkA=; b=Tsf+rIp9ZMedLBwMIDdP+GyikRYOs4O4QKHn38IrlJIHj/0C3anStjBJuAHLAq4YPMNc GO/oq0Z1LAzWJIka4BSrI5xomW/1dnxPVGPAZkOO1CinZC+cUK99P3ngaCUDbwPRIA/T Do8jxtJuiydAjVFGlP/CRuC09pK8nGgDFx2Zxi0qy5hj0BFA29a2esrUPWIa/rEsZVoh OJKippoSwZgwcxeVqwzyjY03Atffuc46YbykmPVOqhP+8zKHkuDrqdHYFLWEfUbxtV6H GMOibKPTingiLVK/icjNwWnOC3q7lA5pvu2ev+uLyKJsOvijmotZd1O7xGLc9lR1bIz+ bA==
Received: from nam02-bl2-obe.outbound.protection.outlook.com (mail-bl2nam02lp2057.outbound.protection.outlook.com [104.47.38.57]) by mx0a-00273201.pphosted.com with ESMTP id 3586supyp2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 09 Dec 2020 09:03:34 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dqvN9dhbtjgaH4hks9BEMZLM0YkZlkZHq6eVT+PFoM7I7vGuW/7I/9XwiwS4akxUduv1H1GRzygc/4x2zDfTPlVq1iunl11LPBsf0/xXf4IYgD/0x5kxjZLfCJ3jU1HlGXTIWDykNDaLl5bEUE9IYDV4VYMCXgACg9cWwpzJss9iO4TelNwqPD6L1LJ12/sIqTrl9ZHLwFFYhtfabis750okuRHXwqv5lb2/y5NK7Rd9m3lpe+2XOV4AQOu1Ok3y3OWZ9W7BgVN0XAaLrU4vtPen6v5IK5biI/oCvp7M6Ak+bxeUcXFYr69HKHcwN0isFoSj3YwggTEA1rgIHNjD2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gIcVV/jtzSr0De4jU6FIKa3GEyvSIkaIpdTA8iHHjkA=; b=lwQXq3czxpmlsepW1MhqGX+drGKtdcF7NLzVHPJZ+T5YEHYJfhKRutjeK69n2s5JQ8ZUErxUnZfu5gW4Pbm9c+7oiJh7AM3+Cd/Bsvj1uSNRuJiiJXt+WRij4ite+iLiva6OSLOXa56qYO+pGST1mgK5MmJSO/2ecCuyRLs63IjZCMPNf4FCtPcofrHQ9V1dz1YgeSFWH4UEt8NOeTjcOic9lTfiDKCtTY2CqQ+9/DTCifJFM32T+vW22qVaLCPGlmGV/pquKVev21CFD7UzD5hp2HhgIXykmwVPomgRm8eir6SpCBK5sl+hEMhe0/37ut6uc2aAZ1hnLfg1i+Sdtg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gIcVV/jtzSr0De4jU6FIKa3GEyvSIkaIpdTA8iHHjkA=; b=ZtdMawa/i5d6e5y3wYYIKQbU/D8cXZffMCgJ0WLtT3+SjUjnb/GsOKYsqRZK8NHS3pU1d43cmYZEheAhpFBNIFx1Qg9Tz96JpfKUFzWi/fnWrfGiWMx7AtZUz9xHCLJr1aClLUalsc5U3KoPHGaZho0Dy6+/OtcNetReO7G+88I=
Received: from BLAPR05MB7378.namprd05.prod.outlook.com (2603:10b6:208:298::10) by BL0PR05MB5668.namprd05.prod.outlook.com (2603:10b6:208:6e::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.11; Wed, 9 Dec 2020 17:03:30 +0000
Received: from BLAPR05MB7378.namprd05.prod.outlook.com ([fe80::ed9a:1675:208f:4600]) by BLAPR05MB7378.namprd05.prod.outlook.com ([fe80::ed9a:1675:208f:4600%3]) with mapi id 15.20.3654.010; Wed, 9 Dec 2020 17:03:30 +0000
From: Guy Fedorkow <gfedorkow@juniper.net>
To: "Eric Voit (evoit)" <evoit@cisco.com>
CC: "jmfitz2@cyber.nsa.gov" <jmfitz2@cyber.nsa.gov>, "rats@ietf.org" <rats@ietf.org>, "Laffey, Tom (HPE Aruba)" <tom.laffey@hpe.com>
Thread-Topic: TPM1.2 Quote1 vs Quote2
Thread-Index: AdbCm2jOLs88dJVfQYikXUfBF5dwowADZmcAAADW9HAAAGp3gAAAEu9AAAA3zFACkRAywABVHtCQ
Date: Wed, 9 Dec 2020 17:03:29 +0000
Message-ID: <BLAPR05MB7378E1316CC45C50CD9EED52BACC0@BLAPR05MB7378.namprd05.prod.outlook.com>
References: <BLAPR05MB7378554A5B808955C2A1C815BAFB0@BLAPR05MB7378.namprd05.prod.outlook.com> <OF535A2E6C.4768CCCD-ON0025862A.0075D1CA-8525862A.00762289@notes.na.collabserv.com> <BLAPR05MB73780336AEC73A40A56046C5BAFB0@BLAPR05MB7378.namprd05.prod.outlook.com> <OF7614AD72.3F8756A0-ON0025862A.00793099-8525862A.00796D1B@notes.na.collabserv.com> <AT5PR8401MB1041726445ECA408E3EA0C9881FB0@AT5PR8401MB1041.NAMPRD84.PROD.OUTLOOK.COM> <BL0PR11MB3122685ED4B1E57A3ADC9121A1FB0@BL0PR11MB3122.namprd11.prod.outlook.com> <BL0PR11MB312208224D954A2155A0432BA1CD0@BL0PR11MB3122.namprd11.prod.outlook.com>
In-Reply-To: <BL0PR11MB312208224D954A2155A0432BA1CD0@BL0PR11MB3122.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.5.0.60
dlp-reaction: no-action
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-12-09T17:03:27Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=1f0a8dd9-63e3-4417-ab8f-b2e06101c3e7; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [24.61.11.4]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 50a0ffd8-19d7-4beb-9522-08d89c645a65
x-ms-traffictypediagnostic: BL0PR05MB5668:
x-microsoft-antispam-prvs: <BL0PR05MB5668FF6367AB29AC6C1B1F24BACC0@BL0PR05MB5668.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: z9FxaNOtD16IT8kTcjHkJNrN4fMl3nhNFjoL/WtrWvNRTHAh3GOqenRWGQ6w4HEc8/KpsOAePvY4MawmTvaXxmDRiLO7zYrs8LuK6FEZo7z83vDxx070X57atEuo0yprBiY2r7xUS23yKpugyJtDsN8ltZ0TLEXeBTuXkRDqjBVwWRJDJVKHbKXCunI1vPqotDx2APnV9JiHzNn4tGztzGJwXNX+U/ievUf6RnIU80KtPIDY/K+pqlZJYzberw5VONMc7di3vsNx60+hSNcndO6uOlWSrHiw0qh2ufcx8B1igkD+lKvft/ZKbE7SHCul4/55o6JQeZ4eVmYW2RJEiQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BLAPR05MB7378.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(366004)(376002)(136003)(86362001)(66556008)(4326008)(66446008)(52536014)(186003)(66574015)(508600001)(54906003)(83380400001)(66946007)(76116006)(55016002)(33656002)(9686003)(53546011)(8936002)(9326002)(71200400001)(8676002)(5660300002)(6506007)(6916009)(66476007)(2906002)(7696005)(64756008)(99936003)(26005)(66616009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?Kchh09bjNV97zmBv4downTIJE48Fh3d4AqSHT5Ucm4zsziu70r+oSKbNstRF?= =?us-ascii?Q?D+aQhWh3MTSubbZRwNiDytXyNP83ltubGltO4++Pmkk9NJSnGyD0Cabb/C2N?= =?us-ascii?Q?6Hst6rS8w4hNb0rLXfsRjs8p+xdLksHQ0Fh7r0+mKCLS9LHqwHOl9vaT6R9D?= =?us-ascii?Q?NSQcdDM4XX5+gm26JYglIUxkZObJ4i+MCb9uQ8gUuEJc7og0IbcU+Mtx+Zqw?= =?us-ascii?Q?gdqwl/ueCsCNEOKIlME9feTwIXXovmbNpuQATkiZjZJ3mKnjAzbkq536CGmt?= =?us-ascii?Q?mj+KcAIE3qge7ejOSSqss9ygsNWhy5idIE1+MoFCGKWjVhE2lJ9EWb+G8QEX?= =?us-ascii?Q?ggSQkBF+ItmxagidFVgxbrn0TisFKqR7HUxt/Wh+2SRNTzwbcGwkjh2zvxiw?= =?us-ascii?Q?EB57f9HBCtO09fcz3vxNwamcjLCASwmLcNUjcGKm4r5cf6tnujbQZXvmF1+S?= =?us-ascii?Q?/CdQdmcl3pztmQ0pfZQxLqOIPbocERfHenrhn6JAZh1I2eE/exHdoa9rlH1P?= =?us-ascii?Q?AroPRdd1owLh0ViB1rfnhvWK45NaF/Icli2SVg5w12Qtt7gmNHK+/iB8q+mt?= =?us-ascii?Q?PeFOwvGrhntC1AUW6jrsRfBG2RG/DYhvKQY12H7gl3jn3wSuVgkHltVH8YC/?= =?us-ascii?Q?HzutRiCArMFw1nmkeRCmeY2v+wFRfoEDqrlLxveY/m2zTPk5saWSGxZFWsEd?= =?us-ascii?Q?FFMKkZ6oflaq5sgcaTQCuAwxa3BF/Ee1dyWUqzw791X9obV98khhSnMJy3xN?= =?us-ascii?Q?dTn5FE+YbL680S8EALx+Jr6iYosUy/+5zoetxy1Vu8pySp3XP+kSttHcFsol?= =?us-ascii?Q?X76Im4Hphvk/X5psJPfbOs0JD4D7DaFiFnEsm0o380oKs1xYxs6PT324ZAzF?= =?us-ascii?Q?YScrNd4Y26I7tEwD9M6xIKNHiEeGedXePhyGP9u+jTnt+yfnUURv9Z6j7F6W?= =?us-ascii?Q?RPzj/h8tb9tzSs1JGAHYzvzXlQiwa9zH70WvQzlFPM4=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/related; boundary="_004_BLAPR05MB7378E1316CC45C50CD9EED52BACC0BLAPR05MB7378namp_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BLAPR05MB7378.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 50a0ffd8-19d7-4beb-9522-08d89c645a65
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Dec 2020 17:03:29.9188 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: g8OVPBqbjBd5CKNaBmzJTQ4Ndi3ii2OD+Ljh9ej5De3tRQwqikNm5XedRqOg8wHG4cR7jnFF61RTp36Se10dVA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB5668
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-09_14:2020-12-09, 2020-12-09 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxlogscore=999 clxscore=1015 malwarescore=0 priorityscore=1501 adultscore=0 impostorscore=0 suspectscore=0 phishscore=0 lowpriorityscore=0 mlxscore=0 spamscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012090119
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/K1a8SUNcvpYQTDLvnvnfOWlS87s>
Subject: Re: [Rats] TPM1.2 Quote1 vs Quote2
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2020 17:03:42 -0000

Hi Eric,
  I'm in favor of removing support for Quote1, although I think keeping Quote2 for TPM1.2 in the model is still important.
  Thanks
/guy




Juniper Business Use Only
From: Eric Voit (evoit) <evoit@cisco.com>
Sent: Monday, December 7, 2020 7:09 PM
To: Laffey, Tom (HPE Aruba) <tom.laffey@hpe.com>om>; Kenneth Goldman <kgoldman@us.ibm.com>om>; Guy Fedorkow <gfedorkow@juniper.net>
Cc: Bill Sulzen (bsulzen) <bsulzen@cisco.com>om>; Graeme Proudler <graeme@gproudler.plus.com>om>; jmfitz2@cyber.nsa.gov
Subject: RE: TPM1.2 Quote1 vs Quote2

I have removed all the structures needed to support just TPM1.2 Quote1 from the YANG model.   There was a significant reduction in YANG model size, which is goodness.

Does anyone have an issue if I post a new version of Charra which only supports Quote2?   The proposed model is attached.  And the tree is below.

Eric

module: ietf-tpm-remote-attestation
  +--rw rats-support-structures
     +--rw compute-nodes!
     |  +--ro compute-node* [node-id]
     |     +--ro node-id                string
     |     +--ro node-physical-index?   int32 {ietfhw:entity-mib}?
     |     +--ro node-name?             string
     |     +--ro node-location?         string
     +--rw tpms
     |  +--rw tpm* [tpm-name]
     |     +--rw tpm-name                string
    |     +--ro hardware-based?         boolean
     |     +--ro tpm-physical-index?     int32 {ietfhw:entity-mib}?
     |     +--ro tpm-path?               string
     |     +--ro compute-node            compute-node-ref
     |     +--ro tpm-manufacturer?       string
     |     +--rw tpm-firmware-version    identityref
     |     +--rw TPM12-hash-algo?        identityref
     |     +--rw TPM12-pcrs*             pcr
     |     +--rw tpm20-pcr-bank* [TPM20-hash-algo]
     |     |  +--rw TPM20-hash-algo    identityref
     |     |  +--rw pcr-index*         tpm:pcr
     |     +--ro tpm-status              enumeration
     |     +--rw certificates
     |        +--rw certificate* [certificate-name]
     |           +--rw certificate-name            string
     |           +--rw certificate-keystore-ref?   leafref
     |           +--rw certificate-type?           enumeration
     +--rw attester-supported-algos
        +--rw tpm12-asymmetric-signing*   identityref {taa:TPM12}?
        +--rw tpm12-hash*                 identityref {taa:TPM12}?
        +--rw tpm20-asymmetric-signing*   identityref {taa:TPM20}?
        +--rw tpm20-hash*                 identityref {taa:TPM20}?

  rpcs:
    +---x tpm12-challenge-response-attestation {taa:TPM12}?
    |  +---w input
    |  |  +---w tpm12-attestation-challenge
    |  |     +---w pcr-index*          pcr
    |  |     +---w nonce-value         binary
    |  |     +---w certificate-name*   certificate-name-ref
    |  +--ro output
    |     +--ro tpm12-attestation-response* []
    |        +--ro certificate-name?      certificate-name-ref
    |        +--ro up-time?               uint32
    |        +--ro node-id?               string
    |        +--ro node-physical-index?   int32 {ietfhw:entity-mib}?
    |        +--ro locality-at-release?   uint8
    |        +--ro TPM_PCR_COMPOSITE* []
    |        |  +--ro pcr-index*         pcr
    |        |  +--ro value-size?        uint32
    |        |  +--ro tpm12-pcr-value*   binary
    |        +--ro signature-size?        uint32
    |        +--ro signature?             binary
    +---x tpm20-challenge-response-attestation {taa:TPM20}?
    |  +---w input
    |  |  +---w tpm20-attestation-challenge
    |  |     +---w nonce-value            binary
   |  |     +---w tpm20-pcr-selection* []
    |  |     |  +---w TPM20-hash-algo?   identityref
    |  |     |  +---w pcr-index*         tpm:pcr
    |  |     +---w certificate-name*      certificate-name-ref
    |  +--ro output
    |     +--ro tpm20-attestation-response* []
    |        +--ro certificate-name?      certificate-name-ref
    |        +--ro TPMS_QUOTE_INFO        binary
    |        +--ro quote-signature?       binary
    |        +--ro up-time?               uint32
    |        +--ro node-id?               string
    |        +--ro node-physical-index?   int32 {ietfhw:entity-mib}?
    |        +--ro unsigned-pcr-values* []
    |           +--ro TPM20-hash-algo?   identityref
    |           +--ro pcr-values* [pcr-index]
    |              +--ro pcr-index    pcr
    |              +--ro pcr-value?   binary
    +---x log-retrieval
       +---w input
       |  +---w log-selector* []
       |  |  +---w tpm-name*                  string
       |  |  +---w (index-type)?
       |  |  |  +--:(last-entry)
       |  |  |  |  +---w last-entry-value?    binary
       |  |  |  +--:(index)
       |  |  |  |  +---w last-index-number?   uint64
       |  |  |  +--:(timestamp)
       |  |  |     +---w timestamp?           yang:date-and-time
       |  |  +---w log-entry-quantity?        uint16
       |  +---w log-type        identityref
       +--ro output
          +--ro system-event-logs
             +--ro node-data* []
                +--ro tpm-name?     string
                +--ro up-time?      uint32
                +--ro log-result
                   +--ro (attested_event_log_type)
                      +--:(bios)
                      |  +--ro bios-event-logs
                      |     +--ro bios-event-entry* [event-number]
                      |        +--ro event-number    uint32
                      |        +--ro event-type?     uint32
                      |        +--ro pcr-index?      pcr
                      |        +--ro digest-list* []
                      |        |  +--ro hash-algo?   identityref
                      |        |  +--ro digest*      binary
                      |        +--ro event-size?     uint32
                      |        +--ro event-data*     uint8
                      +--:(ima)
                      |  +--ro ima-event-logs
                      |     +--ro ima-event-entry* [event-number]
                      |        +--ro event-number               uint64
                      |        +--ro ima-template?              string
                      |        +--ro filename-hint?             string
                      |        +--ro filedata-hash?             binary
                      |        +--ro filedata-hash-algorithm?   string
                      |        +--ro template-hash-algorithm?   string
                      |        +--ro template-hash?             binary
                      |        +--ro pcr-index?                 pcr
                      |        +--ro signature?                 binary
                      +--:(netequip_boot)
                         +--ro boot-event-logs
                            +--ro boot-event-entry* [event-number]
                               +--ro event-number               uint64
                               +--ro filename-hint?             string
                               +--ro filedata-hash?             binary
                               +--ro filedata-hash-algorithm?   string
                               +--ro file-version?              string
                               +--ro file-type?                 string
                               +--ro pcr-index?                 pcr

From: Eric Voit (evoit)
Sent: Tuesday, November 24, 2020 5:17 PM
To: Laffey, Tom (HPE Aruba) <tom.laffey@hpe.com<mailto:tom.laffey@hpe.com>>; Kenneth Goldman <kgoldman@us.ibm.com<mailto:kgoldman@us.ibm.com>>; Guy Fedorkow <gfedorkow@juniper.net<mailto:gfedorkow@juniper.net>>
Cc: Bill Sulzen (bsulzen) <bsulzen@cisco.com<mailto:bsulzen@cisco.com>>; Graeme Proudler <graeme@gproudler.plus.com<mailto:graeme@gproudler.plus.com>>; jmfitz2@cyber.nsa.gov<mailto:jmfitz2@cyber.nsa.gov>
Subject: RE: TPM1.2 Quote1 vs Quote2

Agree we cannot abandon TPM1.2.   We will have router equipment which does this in place for many years.   Also my understanding is that Cisco is good with just supporting Quote2.

Eric

From: Laffey, Tom (HPE Aruba) <tom.laffey@hpe.com<mailto:tom.laffey@hpe.com>>
Sent: Tuesday, November 24, 2020 5:14 PM
To: Kenneth Goldman <kgoldman@us.ibm.com<mailto:kgoldman@us.ibm.com>>; Guy Fedorkow <gfedorkow@juniper.net<mailto:gfedorkow@juniper.net>>
Cc: Bill Sulzen (bsulzen) <bsulzen@cisco.com<mailto:bsulzen@cisco.com>>; Eric Voit (evoit) <evoit@cisco.com<mailto:evoit@cisco.com>>; Graeme Proudler <graeme@gproudler.plus.com<mailto:graeme@gproudler.plus.com>>; jmfitz2@cyber.nsa.gov<mailto:jmfitz2@cyber.nsa.gov>
Subject: RE: TPM1.2 Quote1 vs Quote2

I don't think we can abandon TPM 1.2 just yet. Products in production with TPM 1.2 today will have to be supported for some more years to come. But yes, "not recommended for new designs" as they say.

Tom

From: Kenneth Goldman <kgoldman@us.ibm.com<mailto:kgoldman@us.ibm.com>>
Sent: Tuesday, November 24, 2020 2:06 PM
To: Guy Fedorkow <gfedorkow@juniper.net<mailto:gfedorkow@juniper.net>>
Cc: Bill Sulzen (bsulzen) <bsulzen@cisco.com<mailto:bsulzen@cisco.com>>; Eric Voit (evoit) <evoit@cisco.com<mailto:evoit@cisco.com>>; Graeme Proudler <graeme@gproudler.plus.com<mailto:graeme@gproudler.plus.com>>; jmfitz2@cyber.nsa.gov<mailto:jmfitz2@cyber.nsa.gov>; Laffey, Tom (HPE Aruba) <tom.laffey@hpe.com<mailto:tom.laffey@hpe.com>>
Subject: RE: TPM1.2 Quote1 vs Quote2



--
Ken Goldman kgoldman@us.ibm.com<mailto:kgoldman@us.ibm.com>
914-945-2415 (862-2415)


[Inactive hide details for Guy Fedorkow ---11/24/2020 04:57:28 PM---Ken, which volume has the informative section?  I could not]Guy Fedorkow ---11/24/2020 04:57:28 PM---Ken, which volume has the informative section? I could not miss reading it! As Tom asked, it's soun

From: Guy Fedorkow <gfedorkow@juniper.net<mailto:gfedorkow@juniper.net>>
To: Kenneth Goldman <kgoldman@us.ibm.com<mailto:kgoldman@us.ibm.com>>
Cc: "Bill Sulzen (bsulzen)" <bsulzen@cisco.com<mailto:bsulzen@cisco.com>>, "Eric Voit (evoit)" <evoit@cisco.com<mailto:evoit@cisco.com>>, Graeme Proudler <graeme@gproudler.plus.com<mailto:graeme@gproudler.plus.com>>, "jmfitz2@cyber.nsa.gov<mailto:jmfitz2@cyber.nsa.gov>" <jmfitz2@cyber.nsa.gov<mailto:jmfitz2@cyber.nsa.gov>>, "Laffey, Tom (HPE Aruba)" <tom.laffey@hpe.com<mailto:tom.laffey@hpe.com>>
Date: 11/24/2020 04:57 PM
Subject: [EXTERNAL] RE: TPM1.2 Quote1 vs Quote2

________________________________

Ken, which volume has the informative section? I could not miss reading it!

Part 3 under the quote2 command.

As Tom asked, it's sounding like quote1 is there for compatibility, and Quote2 is what someone should use going forward.

Going forward, use TPM 2.0. TPM 1.2 is really end of life. I with I could drop it from the IBM TSS, since it's just adds test time.