Clarify the create_primary "root" vs. "primary". Fix attestation doc …

…images.
wolfSSL · Aug 21, 2024 · a483c9f · a483c9f
1 parent 1c60aba
commit a483c9f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/examples/attestation/README.md b/examples/attestation/README.md
@@ -106,9 +106,9 @@ The certify example shows how to use the `TPM2_Certify` API to sign the attestat
 
 The create_primary example support creating RSA or ECC initial device identity (IDevID) and attestation identity (IAK) keys. These are created under the endorsement hierarchy and follow the "TPM 2.0 Keys for Device Identity and Attestation" TCG specification for setting up the primary key policies. Figures 10 and 11 fom this specification shows the IAK/IDevID policy.
 
-![Figure 10: Example IDevID Key Delegation Policy](examples/attestation/tpm_idevid_policy.png)
+![Figure 10: Example IDevID Key Delegation Policy](tpm_idevid_policy.png)
 
-![Figure 11: Example IAK Key Delegation Policy](examples/attestation/tpm_iak_policy.png)
+![Figure 11: Example IAK Key Delegation Policy](tpm_iak_policy.png)
 
 The IDevID key can be used for external non-restrictive signing.
 The IAK is used for internal attestation.

diff --git a/examples/keygen/create_primary.c b/examples/keygen/create_primary.c
@@ -83,8 +83,8 @@ int TPM2_CreatePrimaryKey_Example(void* userCtx, int argc, char *argv[])
 {
     int rc;
     WOLFTPM2_DEV dev;
-    WOLFTPM2_PKEY root;
-    WOLFTPM2_KEY* primary = (WOLFTPM2_KEY*)&root;
+    WOLFTPM2_PKEY root; /* primary key with ticket */
+    WOLFTPM2_KEY* primary = (WOLFTPM2_KEY*)&root; /* cast to public key only */
     TPMT_PUBLIC publicTemplate;
     TPMI_ALG_PUBLIC alg = TPM_ALG_RSA;
     TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;