220.127.116.11.18.104.22.168.2 Processing Rules for Key Attestation Based on a Key
The CA MUST create a SHA2 hash of the trust module public key as a hexadecimal string with spaces removed.
For each folder location contained by the Config_Hardware_Key_List_Directories ADM element, the CA MUST search for a file with a name matching the SHA2 hash of the public key created in step 1.
Note This search SHOULD be case-insensitive.
If a file is found with the SHA2 hash of the public key as a hexadecimal string with no spaces in step 2, the CA MUST set the CR_FLG_TRUSTEKKEY flag in the Request_Request_Flags column of the Request table ([MS-CSRA] section 22.214.171.124.2) to indicate that key attestation succeeded on a trusted key.