3.2.4.1 Application Requests Attestation

The client performs TPM, AD, or Host Key attestation based on the configuration supported on the client and starts any of the attestation modes on the server.

If configuration on the client supports TPM, the client updates its AttemptedOperationMode to TPM and constructs a new TpmRequestIntial with the following:

  • A unique SessionId that it generates.

  • RtpmPublicEndorsementKey.

The client MUST perform the steps as specified in section 3.2.5.1 to perform the TPM-based attestation procedures.

If configuration on the client supports AD, the client updates its AttemptedOperationMode to AD and constructs a new ADRequest with the following parameters:

  • A unique SessionID that it generates.

  • Vsmidk of the client.

The client MUST perform the steps as specified in section 3.2.5.2 to perform the AD-based attestation procedures.

If the configuration on the client supports Host Key, the client MUST initiate a request to server as specified in section 3.2.5.3 to perform Host Key-based attestation procedures.