3.2.5.1.1.2 Response Body
Response (DHA-Service->MDM-Server): DHA-Service reviews the data, creates a report (DHA-Report), and forwards the report to MDM-Server.
The response body from the DHA-Service to the MDM-Server is an encrypted BLOB. It resembles the following.
-
<?xml version="1.0" encoding="utf-8"?> <HealthCertificateValidationResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ErrorCode="0" ErrorMessage="DHA validation report was generated successfully." ProtocolVersion="4" xmlns="http://schemas.microsoft.com/windows/security/healthcertificate/validation/response/v4"> <HealthCertificateProperties> <Issued>2017-07-11T22:11:44.6953646Z</Issued> <AIKPresent>true</AIKPresent> <AttestationMethod>EK Certificate</AttestationMethod> <BitlockerEnabledAtBoot>false</BitlockerEnabledAtBoot> <BitlockerProtector> <UnlockType>None</UnlockType> </BitlockerProtector> <BootAppSVN>1</BootAppSVN> <BootDebuggingDisabled>true</BootDebuggingDisabled> <BootManagerSVN>1</BootManagerSVN> <BootRevListInfo>005D447A7CC6D101200000000B00CBB56E8B19267E24A2986C4A616CCB58B4D53F6020AC8FD5FC205C20F2AB00BC</BootRevListInfo> <CodeIntegrityEnabled>true</CodeIntegrityEnabled> <CodeIntegrityPolicy>00000000000001002C000B0020000000550070006400610074006500520076006B005300690050006F006C006900630079002E007000370062000000B3A95AD6A26B2AA407C92BCD3B84E112D141589D3E0E3981D51594FEBD72DFDC</CodeIntegrityPolicy> <CrashDumpEncryptionEnabled>false</CrashDumpEncryptionEnabled> <CredentialGuardEnabled>false</CredentialGuardEnabled> <DataExecutionPreventionPolicy>0</DataExecutionPreventionPolicy> <ELAMDriverHash>B4CA876CD2DCAB929A5B54016C703D026CB22EAA54E8B8C99DA61A1D53F244BF</ELAMDriverHash> <ELAMDriverLoaded>true</ELAMDriverLoaded> <ELAMDriverName>\WINDOWS\system32\drivers\WdBoot.sys</ELAMDriverName> <ELAMSignerName>Microsoft Windows Early Launch Anti-malware Publisher</ELAMSignerName> <FlightSigningNotEnabled>false</FlightSigningNotEnabled> <MemoryScrubbingProtectionEnabled>false</MemoryScrubbingProtectionEnabled> <NoSecureBootCustomPolicy>true</NoSecureBootCustomPolicy> <NotBootedIntoSafeMode>true</NotBootedIntoSafeMode> <NotBootedIntoWinPE>true</NotBootedIntoWinPE> <OSKernelDebuggingDisabled>true</OSKernelDebuggingDisabled> <OSRevListInfo>8073EEA7F8FAD001200000000B00A8285B04DE618ACF4174C59F07AECC002D11DD7D97FA5D464F190C9D9E3479BA</OSRevListInfo> <PageFileEncryptionEnabled>false</PageFileEncryptionEnabled> <PCRS hashAlgorithm="SHA1"> <PCR n="0">7714E74524EBFBF671A485D3813A1926A34AB768</PCR> <PCR n="1">C7070A78B978C8B6E5E35DCBB1C98B87F7444EBE</PCR> <PCR n="2">B2A83B0EBF2F8374299A5B2BDFC31EA955AD7236</PCR> <PCR n="3">B2A83B0EBF2F8374299A5B2BDFC31EA955AD7236</PCR> <PCR n="4">DF5A11CF11030E2D9FA4E9BAB4BB7AF608B96EA3</PCR> <PCR n="5">7699BEA5781384130D674525E2B223D832922A01</PCR> <PCR n="6">B2A83B0EBF2F8374299A5B2BDFC31EA955AD7236</PCR> <PCR n="7">DF1F73DC71C6E4B054CCBB2A9BE0768978A7E1E3</PCR> <PCR n="8">0000000000000000000000000000000000000000</PCR> <PCR n="9">0000000000000000000000000000000000000000</PCR> <PCR n="10">0000000000000000000000000000000000000000</PCR> <PCR n="11">EBB98DF76613280F20DC38221143A9E727399486</PCR> <PCR n="12">FA38CE6A9101EF44002A5A89AFC3D094963976AC</PCR> <PCR n="13">24FED52A0787AFE466CF4008B2815A6E3822C511</PCR> <PCR n="14">D2366C862C4CB94577FA277F024C14AE149A3512</PCR> <PCR n="15">0000000000000000000000000000000000000000</PCR> <PCR n="16">0000000000000000000000000000000000000000</PCR> <PCR n="17">FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</PCR> <PCR n="18">FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</PCR> <PCR n="19">FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</PCR> <PCR n="20">FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</PCR> <PCR n="21">FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</PCR> <PCR n="22">FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</PCR> <PCR n="23">0000000000000000000000000000000000000000</PCR> </PCRS> <ProductionSignedBootManager>false</ProductionSignedBootManager> <PublicAIK> <Modulus>C6A0F391172685AA295410DE040E117B59611BC01B099914137097C02D11F30606E4375C2826260749D0845074DB902250E5BD3CB7080AE52615FEAEF6C146EFBE35B807EFC2CE767DA2BFE2043B70C3B4297C2B7C116A527BAB3A446B2F7C462DEA6C2F9CC4959F88DF465F94BE224066460CC6CA09CC7D9470195287BC11C8A9AD4007BD3C191D87C7A52C99749D31FBB36A400E1BF7508FB11B3F82944E13644CF1E5539C47A8C8A8D72A4D6F11CD98C58CEE03A951B6407F7CDC088959B2DAA14C1655D7D8827B2EC45535D1764D3BBFDAAFA32435ECCADDBCA2975C4DDBD1B2E40EF196EC0F551A79089F33392AC803915B0E05E181AAFBBC80F973CD9F</Modulus> <Exponent>010001</Exponent> </PublicAIK> <PublicEK> <Modulus>F1000C75A4B88005728CF2CFD1846612333AA1B437843AA6DCE542B5507998F2EED883F2DCC2F2E106592B77E12FA57EE5EE60D1F51164425480C4E565355F63B1420B7BE6B8D8FBD3EFFDB47AAE4C3ACA1FF077DBC3418F4C60E1A4C39836D799EA13E3F1EB67853D707E23FBC195C3F688210E697F5F02D5D3C8BD6D4FD7AA51F3380477026F0AE14AA8B7C576997F5BC72B2A106972A4B732FA8CC6DEB7EBDFF2C067237B66FC4AAE9CC42B636034B3B696CE1AB029950764CD0FFBDF421CE36D55697F28F3D3D1944888B3C0E71BCF79C4EF598DD7217D5783B8552B833E4997187B03FC09516C274CBE6830EBB400E8B43FF6934C175286EE0EB5A7277D</Modulus> <Exponent>010001</Exponent> </PublicEK> <ResetCount>3815208462</ResetCount> <RestartCount>426123972</RestartCount> <SecureBootCustomPolicyHash /> <SecureBootEnabled>false</SecureBootEnabled> <TestSigningDisabled>true</TestSigningDisabled> <TpmVersion>2.0</TpmVersion> <UefiSignersUsedDuringBoot hashAlgorithm="SHA256" /> <VBSDecryptionPublicKey> <Modulus>B2D860A22DAB2F8EF9D3725B6621193FC86D0E1AF13D45DB74DE080A344F91B9241B69E445CFCEB7CDE37BD42325D981E006517253C7EB71618145D281C3220E44D1FC7203FA25E9FE8839FB9B5380FA01B863911EF7B4E50D8E30593B3D34A4980887946F7084C3D55930540F6B1EAAADD8BEA14ED14745203F05CA902712B8AF6F0B15A2F89AC1DBD204B46335E8B35BD36CBB97725F1DDF9DEF87A0A6E447CA73DA1C8176ED87DBCCC51BF1B338E537EB6A7B2ECA64C46A62605BC067289DD696819AD7E37B8F43DC36EAD3244B24737B0E3E3FD83EBD78DDEE6CB3A85E7B072D48257433915CD7B313793E56A24E6AC9A256BE1BCCEDBE1A64437EAD3AC3</Modulus> <Exponent>010001</Exponent> </VBSDecryptionPublicKey> <VBSIOMMUEnabled>false</VBSIOMMUEnabled> <VBSMemoryScrubbingProtectionEnabled>false</VBSMemoryScrubbingProtectionEnabled> <VBSSigningPublicKey> <Modulus>F37D9E557BD9BD566E0B9F8AF40C08E7C425D531823876406F3063BDA0EC5C69DF85ED207B7E07DA47456E85D4588B865A7EDD75A9D6C5A765B0600001D8C3AE928453FFFE8D6E7B0614617BF5D3047156CF9CACE9457BA4A5CCAADC999FF86D991B77C32AF24032AB7BEBE23B08BD6EBDF351DCC9365BCD919A8A97DC5610B1B596969196D1838772DF882E557DDEA7A72ED5F0CD1F8A3D0D5FEA124C1CDAD90337C324382E7AFBE62B5E361D852E1AD04D0F93C0FCB5918C39C08586C5883075AA2F7AA6EF62E4197C5073D86A50E605586CAC3F7CC823CEF23C6F58E6BEE6C144F817A7F3A5B0989175F0FA10452C4644B2DBC7DE63648048FFC655B4D771</Modulus> <Exponent>010001</Exponent> </VBSSigningPublicKey> <VirtualizationBasedSecurityEnabled>true</VirtualizationBasedSecurityEnabled> <WindowsBootManagerHash>1C44308B27F5184D8BF42944FC4E10588B7EFBD4D188A01A2F03ECCEDCC02429</WindowsBootManagerHash> <WindowsOSLoaderHash>6F9F505E5B913A32DC9BA6053F5C64EC1003E84C63D6E3A26A252674BBF9BCF7</WindowsOSLoaderHash> <SystemProperties> <SystemProperty name="IntelAMTNotProvisioned">true</SystemProperty> <SystemProperty name="IntelMEFirmwareVersion">9.1.41.3024</SystemProperty> <SystemProperty name="IntelSA00075Unaffected">true</SystemProperty> </SystemProperties> </HealthCertificateProperties> </HealthCertificateValidationResponse> >