步骤 | 执行模块 | 命令 |
1a. | LICT→TCM: | TCM_TakeOwnership |
1b. | LICT→TCM: | TCM_MakeIdentity |
1c. | TCM | Generate (PIKpriv, PIKpub) |
1d. | TCM | PR = PIKpub, EC, PC, CC |
1d. | TCM | SM2_Sign (PR|PIKpriv) = Sig |
2. | LICT→CA: | PR, Sig |
3a. | CA | Verify Credentials |
3b. | CA | Verify SM2_Verify(Sig|EKpub) = PR |
3c. | CA | Generate PIC |
3d. | CA | Generate K |
3e. | CA | SM2_Enc(K|EKpub) |
3f. | CA | Sym_Enc(PIC|K) |
4. | CA→LICT: | SM2(K|EKpub), Enc(PIC|K) |
5a. | LICT→TCM: | TCM_ActivateIdentity |
5b. | TCM | Decrypt K |
5c. | TCM | Decrypt PIC |
6a. | LICT→TCM: | TCM_Quote(hPIK, passPIK, locM, SPCR) |
6b. | TCM | SM2_Sign(locM, SPCR|PIKpriv) = SigL |
6c. | LICT→CA: | locM, PCR[SPCR], SML, SigL |
7a. | CA | Verify SigL |
7b. | CA | Verify platform integrity |
7c. | CA | Verify locM |
7d. | CA | Mark locM of M as verified |