Ken Goldman

> The vendor is definitely capable of doing this with a firmware upgrade. > > But I think it's quite likely they wouldn't, because it'd be a more compilcated update....

Yes but: 1. It could be a big TPM vendor expense, because these are done on a secure production line and it's a new secure process. 2. The TPM vendor...

I don't even know if the manufacturer has been notified. Join a TCG call and bring it up. However, even if they changed something to be compatible with python in...

> Here are the relevant X.509 structures from RFC 5280: > > ``` > Name ::= CHOICE { -- only one possibility for now -- > rdnSequence RDNSequence } >...

I'm certainly not an X.509 expert, but I don't see anything about certificate issuer there, nor can I see a path from X509 to X690. Regardless, there are millions of...

Events 7 and 8 are a bit peculiar. Do you have any specifications on this so I can improve my parser. Here's the best I can do: Variable GUID: 605dab50-e046-4300-abb6-3dd810dd8b23...

Small comment: It would be nice to explain 'why' this is needed in the pull request. I can add that to the documentation. Question 1: ifdef for Windows and Posix...

This patch did not apply either to the current head or on top of your previous patch. I think you have to 'rebase' to head, but I'm not a git...

I think you misread my suggestion. I was suggesting the openssl commands for the **regression** test, **not** for the implementation. Openssl cannot be used for the implementation because the TSS...

server.c has sample code for RSA and ECC but not SM2. It may be similar. The overall flow is processEnrollRequest(). Adapt it for SM2. validateEkCertificate() uses X509_get_pubkey() to extract the...