From a483c9f5b550bd8b1c330749d18eb84b3857d5c4 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 21 Aug 2024 10:16:55 -0700 Subject: [PATCH] Clarify the create_primary "root" vs. "primary". Fix attestation doc images. --- examples/attestation/README.md | 4 ++-- examples/keygen/create_primary.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/attestation/README.md b/examples/attestation/README.md index 4eab73d6..7c53196e 100644 --- a/examples/attestation/README.md +++ b/examples/attestation/README.md @@ -106,9 +106,9 @@ The certify example shows how to use the `TPM2_Certify` API to sign the attestat The create_primary example support creating RSA or ECC initial device identity (IDevID) and attestation identity (IAK) keys. These are created under the endorsement hierarchy and follow the "TPM 2.0 Keys for Device Identity and Attestation" TCG specification for setting up the primary key policies. Figures 10 and 11 fom this specification shows the IAK/IDevID policy. -![Figure 10: Example IDevID Key Delegation Policy](examples/attestation/tpm_idevid_policy.png) +![Figure 10: Example IDevID Key Delegation Policy](tpm_idevid_policy.png) -![Figure 11: Example IAK Key Delegation Policy](examples/attestation/tpm_iak_policy.png) +![Figure 11: Example IAK Key Delegation Policy](tpm_iak_policy.png) The IDevID key can be used for external non-restrictive signing. The IAK is used for internal attestation. diff --git a/examples/keygen/create_primary.c b/examples/keygen/create_primary.c index 89a9eaba..01a39497 100644 --- a/examples/keygen/create_primary.c +++ b/examples/keygen/create_primary.c @@ -83,8 +83,8 @@ int TPM2_CreatePrimaryKey_Example(void* userCtx, int argc, char *argv[]) { int rc; WOLFTPM2_DEV dev; - WOLFTPM2_PKEY root; - WOLFTPM2_KEY* primary = (WOLFTPM2_KEY*)&root; + WOLFTPM2_PKEY root; /* primary key with ticket */ + WOLFTPM2_KEY* primary = (WOLFTPM2_KEY*)&root; /* cast to public key only */ TPMT_PUBLIC publicTemplate; TPMI_ALG_PUBLIC alg = TPM_ALG_RSA; TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;