EndorsementKeys APIs
The EndorsementKeys interface provides operations to get the Trusted Platform Module (TPM) Endorsement Key (EK) on a host.
Operations
GET
Get Host Tpm Key Hardware Endorsement Keys
Get the TPM endorsement key details on a host. The information returned is derived from executing the TPM2_ReadPublic command on the endorsement key object handle. Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.4 TPM2_ReadPublic if you do not have all of the privileges described as follows: - The resource HostSystem referenced by the parameter host requires Host.Tpm.Read.
GET
List Host Tpm Hardware Host Endorsement Keys
Return a list of configured endorsement keys on a host. if you do not have all of the privileges described as follows: - The resource HostSystem referenced by the parameter host requires Host.Tpm.Read.
POST
Unseal Host Tpm Key
Unseal a secret that is bound to an endorsement key. Provided with duplicate key data, load the key as a child of the specified endorsement key using the TPM2_Import command and then unseal the secret data using the TPM2_Unseal command. The duplicate key must include only outer wrapping; inner wrapping is not supported. The duplicate key cannot have a complex authorization policy (e.g. including command selection, locality, etc). Only PCR policy authorization is supported at this time. Trusted Platform Module Library Part 1: Architecture, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 23.3 Duplication Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.7 TPM2_Unseal if you do not have all of the privileges described as follows: - The resource HostSystem referenced by the parameter host requires Host.Tpm.Unseal.