Authenticate will read from the passed channel, expecting a challenge from the attestation server, will compute a challenge response via the TPM using the passed Attestation Key (AK) and will send it back to the attestation server.

DecodeEK decodes EK pem bytes to attest.EK.

DecodePubHash returns the public key from an attestation EK.

GenerateChallenge generates a challenge from attestation data and a public endorsed key.

Get retrieves a message from a remote ws server after a successfully process of the TPM challenge.

GetAttestationData returns attestation data from a TPM bearer token.

GetAuthToken generates an authentication token from the host TPM.

GetPubHash returns the EK's pub hash.

ResolveToken is just syntax sugar around GetPubHash.

ValidateChallenge validates a challange against a secret.

WithAdditionalHeader adds a key to the request.

WithCAs sets the root CAs for the request.

WithCommandChannel overrides the TPM command channel.

WithHeader sets a specific header for the request.

WithSeed sets a permanent seed.

AppendCustomCAToSystemCA uses the system CA pool as a fallback, appending the custom CA to it.

Emulated sets an emulated device in place of a real native TPM device.

EmulatedHostSeed generates a seed based on the hostname.

AttestationData is used to generate challanges from EKs.

Challenge represent the struct returned from the ws server, used to resolve the TPM challenge.

ChallengeResponse represent the struct returned to the ws server as a challenge response.

Option is a generic option for TPM configuration.