This document defines YANG RPCs and a small number of configuration
nodes required to retrieve attestation evidence about integrity
measurements from a device, following the operational context defined
in TPM-based Network Device Remote Integrity Verification.
Complementary measurement logs are also provided by the YANG RPCs,
originating from one or more roots of trust for measurement (RTMs).
The module defined requires at least one TPM 1.2 or TPM 2.0 as well
as a corresponding TPM Software Stack (TSS), included in the device
components of the composite device the YANG server is running on.
Working Group Summary
This document with it's companion (draft-ietf-rats-tpm-based-network-device-attest) was one of the first adopted in the WG, with salient discussions to mature both specifications. Particular care was made to co-evolve them together.
In addition to normal WG review, the YANG module definitions have gone through both early and WGLC Yang doctor review to ensure it was following appropriate norms and conventions. All comments received have been addressed. Final Yang changes were made based on IETF LC feedback.
Nancy Cam-Winget is the Document Shepherd
Roman Danyliw is the responsible Area Director