Support using AK from NV 

GCE VM's encodes a signing key directly at index

```golang
const GceAKTemplateNVIndexRSA uint32 = 0x01c10001 // 29425665
const GceAKCertNVIndexRSA uint32 = 0x01c10000 // 29425664
```

which a customer can recall the final key itself through [get-shielded-identity](https://cloud.google.com/compute/shielded-vm/docs/retrieving-endorsement-key)

go-attestation should support loading and using this key directly if the nvindex is specified in AK key acqusition or initialization

eg load and use a key from template here

```golang
data, err := tpm2.NVReadEx(t.rwc, tpmutil.Handle(client.GceAKTemplateNVIndexRSA), tpm2.HandleOwner, "", 0)
template, err := tpm2.DecodePublic(data)

// use template to acquire AK and use that
```

ref [handles](https://github.com/google/go-tpm-tools/blob/master/client/handles.go#L36-L43) used on gcp


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Support using AK from NV #334

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Support using AK from NV #334

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions